Skip to content

fix: revert presidio-analyzer Dockerfiles to Python 3.12 and configure dependabot to stay on Python 3.12#1928

Open
dependabot[bot] wants to merge 4 commits intomainfrom
dependabot/docker/presidio-analyzer/python-3.15.0a7-windowsservercore
Open

fix: revert presidio-analyzer Dockerfiles to Python 3.12 and configure dependabot to stay on Python 3.12#1928
dependabot[bot] wants to merge 4 commits intomainfrom
dependabot/docker/presidio-analyzer/python-3.15.0a7-windowsservercore

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026
edited by Copilot AI
Loading

Reverts all presidio-analyzer Dockerfiles back to python:3.12 (Linux slim and Windows servercore) and configures dependabot to prevent future Python version bumps beyond 3.12.

Changes Made

  • Reverted Dockerfiles: All five presidio-analyzer Dockerfiles (Dockerfile, Dockerfile.dev, Dockerfile.stanza, Dockerfile.transformers, Dockerfile.windows) restored to python:3.12-slim / python:3.12-windowsservercore with their original SHA hashes.
  • Reverted pyproject.toml: requires-python restored to ">=3.10,<3.14" to match the Python 3.12 base images.
  • Dependabot configuration: Added ignore rules to .github/dependabot.yml for all Docker ecosystems (/presidio-analyzer, /presidio-anonymizer, /presidio-image-redactor) to block Python version bumps to >= 3.13. Dependabot will still open PRs to update the SHA digest for python:3.12 (e.g., security patches) but will not propose upgrades to Python 3.13 or later.

@dependabot
build(deps): bump python in /presidio-analyzer
ad8b265 
Bumps python from 3.12-windowsservercore to 3.15.0a7-windowsservercore.

---
updated-dependencies:
- dependency-name: python
  dependency-version: 3.15.0a7-windowsservercore
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file docker labels Apr 1, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 1, 2026

Coverage report (presidio-anonymizer)

This PR does not seem to contain any modification to coverable code.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 1, 2026

Coverage report (presidio-structured)

This PR does not seem to contain any modification to coverable code.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 1, 2026

Coverage report (presidio-cli)

This PR does not seem to contain any modification to coverable code.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 1, 2026

Coverage report (presidio-image-redactor)

This PR does not seem to contain any modification to coverable code.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 1, 2026

Coverage report (presidio-analyzer)

Click to see where and how coverage changed

FileStatementsMissingCoverageCoverage
(new stmts)		Lines missing
  presidio-analyzer/presidio_analyzer/predefined_recognizers
  __init__.py
Project Total  

This report was generated by python-coverage-comment-action

@SharonHart
Copy link
Copy Markdown
Contributor

SharonHart commented Apr 2, 2026

@copilot Can you suggest solutions for the CI failure?

Copilot AI requested a review from a team as a code owner April 2, 2026 10:32
Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 2, 2026

@copilot Can you suggest solutions for the CI failure?

The CI failure was caused by the dependabot commit bumping all presidio-analyzer Dockerfiles to python:3.14-slim (Linux) and python:3.15.0a7-windowsservercore (Windows), while pyproject.toml still had requires-python = ">=3.10,<3.14". Poetry refused to install because Python 3.14 didn't match the constraint.

Fixed in commit 7fa3f38 by updating requires-python = ">=3.10,<3.16" to cover both Python 3.14 (Linux Docker images) and 3.15 (Windows Docker image). Also added Python 3.14 to the package classifiers.

Copilot AI requested a review from SharonHart April 2, 2026 10:33
@SharonHart
Copy link
Copy Markdown
Contributor

SharonHart commented Apr 2, 2026

@copilot Can I bump into a valid hash but still keep using pythno 3.12? can I instruct dependabot to do so?

@SharonHart
revert: restore Python 3.12 in Dockerfiles and configure dependabot t…
d100f03 
…o ignore Python 3.13+ upgrades

Agent-Logs-Url: https://github.com/microsoft/presidio/sessions/68f79647-01c0-46a8-b50e-e688b0d196b0

Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com>
Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 2, 2026

@copilot Can I bump into a valid hash but still keep using pythno 3.12? can I instruct dependabot to do so?

Yes, both approaches work. Done in commit d100f03:

  1. Reverted all analyzer Dockerfiles back to python:3.12 (Linux slim + Windows servercore) with the original SHA hashes, and restored pyproject.toml to requires-python = ">=3.10,<3.14".

  2. Configured dependabot (.github/dependabot.yml) to ignore Python version bumps to >= 3.13 for all Docker ecosystems. With this in place, dependabot will still open PRs to update the SHA digest for python:3.12 when the image is refreshed (security patches, etc.), but it won't try to bump the Python version to 3.13, 3.14, or 3.15 again.

Copilot AI changed the title build(deps): bump python from 3.12-windowsservercore to 3.15.0a7-windowsservercore in /presidio-analyzer fix: revert presidio-analyzer Dockerfiles to Python 3.12 and configure dependabot to stay on Python 3.12 Apr 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SharonHart SharonHart Awaiting requested review from SharonHart

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file docker external

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SharonHart