Update setuptools requirement from <71,>=64 to >=64,<83#249
Update setuptools requirement from <71,>=64 to >=64,<83#249dependabot[bot] wants to merge 1 commit into
Conversation
Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v64.0.0...v82.0.1) --- updated-dependencies: - dependency-name: setuptools dependency-version: 82.0.1 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
rtibblesbot
left a comment
There was a problem hiding this comment.
Multi-major range expansion for a build dependency. The two breaking changes in the expanded range — pkg_resources removal in v82.0.0 and setup.py --dry-run removal in v81.0.0 — don't affect this project (no usage found). The constraint change itself is safe.
CI linting is failing — see blocking finding below.
Findings:
- blocking:
uv-lockhook failure —uv.locknot updated (see inline)
@rtibblesbot's comments are generated by an LLM, and should be evaluated accordingly
How was this generated?
Reviewed the pull request diff checking for:
- Correctness: bugs, edge cases, undocumented behavior, resource leaks, hardcoded values
- Design: unnecessary complexity, naming, readability, comment accuracy, redundant state
- Architecture: duplicated concerns, minimal interfaces, composition over inheritance
- Testing: behavior-based assertions, mocks only at hard boundaries, accurate coverage
- Completeness: missing dependencies, unupdated usages, i18n, accessibility, security
- Principles: DRY (same reason to change), SRP, Rule of Three (no premature abstraction)
- Checked CI status and linked issue acceptance criteria
- For UI changes: inspected screenshots for layout, visual completeness, and consistency
| "polib==1.2.0", | ||
| "setuptools-scm>=8", | ||
| "setuptools>=64,<71", | ||
| "setuptools>=64,<83", |
There was a problem hiding this comment.
blocking: CI linting fails because uv.lock is out of sync with this constraint change. The uv-lock pre-commit hook regenerated the lockfile during CI ("files were modified by this hook") but those changes weren't committed.
Dependabot only updates pyproject.toml, not uv.lock. A maintainer needs to check out this branch, run uv lock, and push the updated lockfile.
praise: The project's uv-lock pre-commit hook correctly caught this — good defensive tooling that prevents stale lockfiles from reaching main.
Updates the requirements on setuptools to permit the latest version.
Changelog
Sourced from setuptools's changelog.
... (truncated)
Commits
5a13876Bump version: 82.0.0 → 82.0.151ab8f1Avoid using (deprecated) 'json.version' in tests (#5194)f9c37b2Docs/CI: Fix intersphinx references (#5195)8173db2Docs: Fix intersphinx references09bafbcFix past tense on newsfragment461ea56Add news fragmentc4ffe53Avoid using (deprecated) 'json.version' in tests749258bCleanuppkg_resourcesdependencies and configuration (#5175)2019c16Parseext-module.define-macrosfrompyproject.tomlas list of tuples (#5169)b809c86Sync setuptools schema with validate-pyproject (#5157)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)