From d5d613e01481d06289f88735aff5c02bbffbae5d Mon Sep 17 00:00:00 2001 From: Bently Date: Wed, 4 Jun 2025 16:37:21 +0100 Subject: [PATCH] chore(backend): Downgrade poetry to 2.1.1 for dependabot (#10079) Co-authored-by: Reinier van der Leer --- .github/workflows/platform-backend-ci.yml | 6 +- .../get_package_version_from_lockfile.py | 60 +++++++++++++++++++ autogpt_platform/backend/poetry.lock | 27 ++++----- autogpt_platform/backend/pyproject.toml | 2 +- 4 files changed, 77 insertions(+), 18 deletions(-) create mode 100644 .github/workflows/scripts/get_package_version_from_lockfile.py diff --git a/.github/workflows/platform-backend-ci.yml b/.github/workflows/platform-backend-ci.yml index 6cc9e157e2..330646168e 100644 --- a/.github/workflows/platform-backend-ci.yml +++ b/.github/workflows/platform-backend-ci.yml @@ -32,7 +32,7 @@ jobs: strategy: fail-fast: false matrix: - python-version: ["3.10"] + python-version: ["3.11"] runs-on: ubuntu-latest services: @@ -81,12 +81,12 @@ jobs: - name: Install Poetry (Unix) run: | # Extract Poetry version from backend/poetry.lock - HEAD_POETRY_VERSION=$(head -n 1 poetry.lock | grep -oP '(?<=Poetry )[0-9]+\.[0-9]+\.[0-9]+') + HEAD_POETRY_VERSION=$(python ../../.github/workflows/scripts/get_package_version_from_lockfile.py poetry) echo "Found Poetry version ${HEAD_POETRY_VERSION} in backend/poetry.lock" if [ -n "$BASE_REF" ]; then BASE_BRANCH=${BASE_REF/refs\/heads\//} - BASE_POETRY_VERSION=$((git show "origin/$BASE_BRANCH":./poetry.lock; true) | head -n 1 | grep -oP '(?<=Poetry )[0-9]+\.[0-9]+\.[0-9]+') + BASE_POETRY_VERSION=$((git show "origin/$BASE_BRANCH":./poetry.lock; true) | python ../../.github/workflows/scripts/get_package_version_from_lockfile.py poetry -) echo "Found Poetry version ${BASE_POETRY_VERSION} in backend/poetry.lock on ${BASE_REF}" POETRY_VERSION=$(printf '%s\n' "$HEAD_POETRY_VERSION" "$BASE_POETRY_VERSION" | sort -V | tail -n1) else diff --git a/.github/workflows/scripts/get_package_version_from_lockfile.py b/.github/workflows/scripts/get_package_version_from_lockfile.py new file mode 100644 index 0000000000..3ee99d6696 --- /dev/null +++ b/.github/workflows/scripts/get_package_version_from_lockfile.py @@ -0,0 +1,60 @@ +#!/usr/bin/env python3 +import sys + +if sys.version_info < (3, 11): + print("Python version 3.11 or higher required") + sys.exit(1) + +import tomllib + + +def get_package_version(package_name: str, lockfile_path: str) -> str | None: + """Extract package version from poetry.lock file.""" + try: + if lockfile_path == "-": + data = tomllib.load(sys.stdin.buffer) + else: + with open(lockfile_path, "rb") as f: + data = tomllib.load(f) + except FileNotFoundError: + print(f"Error: File '{lockfile_path}' not found", file=sys.stderr) + sys.exit(1) + except tomllib.TOMLDecodeError as e: + print(f"Error parsing TOML file: {e}", file=sys.stderr) + sys.exit(1) + except Exception as e: + print(f"Error reading file: {e}", file=sys.stderr) + sys.exit(1) + + # Look for the package in the packages list + packages = data.get("package", []) + for package in packages: + if package.get("name", "").lower() == package_name.lower(): + return package.get("version") + + return None + + +def main(): + if len(sys.argv) not in (2, 3): + print( + "Usages: python get_package_version_from_lockfile.py [poetry.lock path]\n" + " cat poetry.lock | python get_package_version_from_lockfile.py -", + file=sys.stderr, + ) + sys.exit(1) + + package_name = sys.argv[1] + lockfile_path = sys.argv[2] if len(sys.argv) == 3 else "poetry.lock" + + version = get_package_version(package_name, lockfile_path) + + if version: + print(version) + else: + print(f"Package '{package_name}' not found in {lockfile_path}", file=sys.stderr) + sys.exit(1) + + +if __name__ == "__main__": + main() diff --git a/autogpt_platform/backend/poetry.lock b/autogpt_platform/backend/poetry.lock index 8438e60219..ab9a6d3c81 100644 --- a/autogpt_platform/backend/poetry.lock +++ b/autogpt_platform/backend/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 2.1.2 and should not be changed by hand. +# This file is automatically @generated by Poetry 2.1.1 and should not be changed by hand. [[package]] name = "aio-pika" @@ -329,7 +329,7 @@ description = "Backport of CPython tarfile module" optional = false python-versions = ">=3.8" groups = ["main"] -markers = "python_version < \"3.12\"" +markers = "python_version <= \"3.11\"" files = [ {file = "backports.tarfile-1.2.0-py3-none-any.whl", hash = "sha256:77e284d754527b01fb1e6fa8a1afe577858ebe4e9dad8919e34c862cb399bc34"}, {file = "backports_tarfile-1.2.0.tar.gz", hash = "sha256:d75e02c268746e1b8144c278978b6e98e85de6ad16f8e4b0844a154557eca991"}, @@ -1021,7 +1021,7 @@ files = [ {file = "exceptiongroup-1.2.2-py3-none-any.whl", hash = "sha256:3111b9d131c238bec2f8f516e123e14ba243563fb135d3fe885990585aa7795b"}, {file = "exceptiongroup-1.2.2.tar.gz", hash = "sha256:47c2edf7c6738fafb49fd34290706d1a1a2f4d1c6df275526b62cbb4aa5393cc"}, ] -markers = {dev = "python_version == \"3.10\""} +markers = {dev = "python_version < \"3.11\""} [package.extras] test = ["pytest (>=6)"] @@ -3293,14 +3293,14 @@ poetry-plugin = ["poetry (>=1.2.0,<3.0.0) ; python_version < \"4.0\""] [[package]] name = "poetry" -version = "2.1.3" +version = "2.1.1" description = "Python dependency management and packaging made easy." optional = false python-versions = "<4.0,>=3.9" groups = ["main"] files = [ - {file = "poetry-2.1.3-py3-none-any.whl", hash = "sha256:7054d3f97ccce7f31961ead16250407c4577bfe57e2037a190ae2913fc40a20c"}, - {file = "poetry-2.1.3.tar.gz", hash = "sha256:f2c9bd6790b19475976d88ea4553bcc3533c0dc73f740edc4fffe9e2add50594"}, + {file = "poetry-2.1.1-py3-none-any.whl", hash = "sha256:1d433880bd5b401327ddee789ccfe9ff197bf3b0cd240f0bc7cc99c84d14b16c"}, + {file = "poetry-2.1.1.tar.gz", hash = "sha256:d82673865bf13d6cd0dacf28c69a89670456d8df2f9e5da82bfb5f833ba00efc"}, ] [package.dependencies] @@ -3316,7 +3316,7 @@ packaging = ">=24.0" pbs-installer = {version = ">=2025.1.6,<2026.0.0", extras = ["download", "install"]} pkginfo = ">=1.12,<2.0" platformdirs = ">=3.0.0,<5" -poetry-core = "2.1.3" +poetry-core = "2.1.1" pyproject-hooks = ">=1.0.0,<2.0.0" requests = ">=2.26,<3.0" requests-toolbelt = ">=1.0.0,<2.0.0" @@ -3329,14 +3329,14 @@ xattr = {version = ">=1.0.0,<2.0.0", markers = "sys_platform == \"darwin\""} [[package]] name = "poetry-core" -version = "2.1.3" +version = "2.1.1" description = "Poetry PEP 517 Build Backend" optional = false python-versions = "<4.0,>=3.9" groups = ["main"] files = [ - {file = "poetry_core-2.1.3-py3-none-any.whl", hash = "sha256:2c704f05016698a54ca1d327f46ce2426d72eaca6ff614132c8477c292266771"}, - {file = "poetry_core-2.1.3.tar.gz", hash = "sha256:0522a015477ed622c89aad56a477a57813cace0c8e7ff2a2906b7ef4a2e296a4"}, + {file = "poetry_core-2.1.1-py3-none-any.whl", hash = "sha256:bc3b0382ab4d00d5d780277fd0aad1580eb4403613b37fc60fec407b5bee1fe6"}, + {file = "poetry_core-2.1.1.tar.gz", hash = "sha256:c1a1f6f00e4254742f40988a8caf665549101cf9991122cd5de1198897768b1a"}, ] [[package]] @@ -3729,7 +3729,6 @@ files = [ {file = "psycopg2_binary-2.9.10-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:bb89f0a835bcfc1d42ccd5f41f04870c1b936d8507c6df12b7737febc40f0909"}, {file = "psycopg2_binary-2.9.10-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:f0c2d907a1e102526dd2986df638343388b94c33860ff3bbe1384130828714b1"}, {file = "psycopg2_binary-2.9.10-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:f8157bed2f51db683f31306aa497311b560f2265998122abe1dce6428bd86567"}, - {file = "psycopg2_binary-2.9.10-cp313-cp313-win_amd64.whl", hash = "sha256:27422aa5f11fbcd9b18da48373eb67081243662f9b46e6fd07c3eb46e4535142"}, {file = "psycopg2_binary-2.9.10-cp38-cp38-macosx_12_0_x86_64.whl", hash = "sha256:eb09aa7f9cecb45027683bb55aebaaf45a0df8bf6de68801a6afdc7947bb09d4"}, {file = "psycopg2_binary-2.9.10-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b73d6d7f0ccdad7bc43e6d34273f70d587ef62f824d7261c4ae9b8b1b6af90e8"}, {file = "psycopg2_binary-2.9.10-cp38-cp38-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ce5ab4bf46a211a8e924d307c1b1fcda82368586a19d0a24f8ae166f5c784864"}, @@ -5274,7 +5273,7 @@ description = "A lil' TOML parser" optional = false python-versions = ">=3.8" groups = ["main", "dev"] -markers = "python_version == \"3.10\"" +markers = "python_version < \"3.11\"" files = [ {file = "tomli-2.2.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:678e4fa69e4575eb77d103de3df8a895e1591b48e740211bd1067378c69e8249"}, {file = "tomli-2.2.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:023aa114dd824ade0100497eb2318602af309e5a55595f76b626d6d9f3b7b0a6"}, @@ -5522,7 +5521,7 @@ description = "Fast implementation of asyncio event loop on top of libuv" optional = false python-versions = ">=3.8.0" groups = ["main"] -markers = "platform_python_implementation != \"PyPy\" and sys_platform != \"win32\" and sys_platform != \"cygwin\"" +markers = "sys_platform != \"win32\" and sys_platform != \"cygwin\" and platform_python_implementation != \"PyPy\"" files = [ {file = "uvloop-0.21.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:ec7e6b09a6fdded42403182ab6b832b71f4edaf7f37a9a0e371a01db5f0cb45f"}, {file = "uvloop-0.21.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:196274f2adb9689a289ad7d65700d37df0c0930fd8e4e743fa4834e850d7719d"}, @@ -6264,4 +6263,4 @@ cffi = ["cffi (>=1.11)"] [metadata] lock-version = "2.1" python-versions = ">=3.10,<3.13" -content-hash = "f0d0aae83b885e97413e0effe5f61dd24d50b6ff77f243d855053e7588877f35" +content-hash = "8968eaab1359ef97beccfc7796d69557e0eeb9286c69cfdc7441c483b91ae58a" diff --git a/autogpt_platform/backend/pyproject.toml b/autogpt_platform/backend/pyproject.toml index de4f41c347..065e55e03d 100644 --- a/autogpt_platform/backend/pyproject.toml +++ b/autogpt_platform/backend/pyproject.toml @@ -37,7 +37,7 @@ ollama = "^0.4.8" openai = "^1.78.1" pika = "^1.3.2" pinecone = "^5.3.1" -poetry = "^2.1.3" +poetry = "2.1.1" # CHECK DEPENDABOT SUPPORT BEFORE UPGRADING postmarker = "^1.0" praw = "~7.8.1" prisma = "^0.15.0"