chore(deps)(deps): bump tenacity from 8.3.0 to 9.1.4#13
Open
dependabot[bot] wants to merge 1 commit into
Open
Conversation
Bumps [tenacity](https://github.com/jd/tenacity) from 8.3.0 to 9.1.4. - [Release notes](https://github.com/jd/tenacity/releases) - [Commits](jd/tenacity@8.3.0...9.1.4) --- updated-dependencies: - dependency-name: tenacity dependency-version: 9.1.4 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
ZeroPointSix
left a comment
ZeroPointSix
left a comment
Owner
There was a problem hiding this comment.
总体结论:这个 PR 只改了 requirements.txt 中的 tenacity 版本,当前没有发现直接代码冲突,但这是 8.x -> 9.x 的主版本升级,合并前需要确认 Python 运行时版本和依赖是否仍然必要。
关键发现:
- 通过仓库代码搜索没有发现直接使用
tenacity的retry/stop/wait等 API。如果项目确实不再直接或间接依赖它,建议考虑移除该依赖,而不是继续升级一个未使用包;如果是由运行时路径动态使用,也建议在 PR 中补充说明。 - PR 描述中的上游 release notes 明确提到 tenacity 9.1.x 已经移除 Python 3.9 支持。当前仓库没有在本次 PR 中同步声明 Python 版本约束;如果部署、Docker 镜像或 CI 仍可能跑 Python 3.9,这个升级会带来安装或运行风险。
- 当前 PR 没有附带测试结果。虽然 diff 很小,但依赖主版本升级仍建议至少跑一遍后端依赖安装和现有测试,确认不会因为 Python 版本或依赖解析变化失败。
优先级建议:
- 高:确认项目实际运行和 CI 的 Python 版本是否为 3.10+;如果仍支持 Python 3.9,建议不要升级到 tenacity 9.x。
- 中:确认
tenacity是否仍被项目使用;未使用则优先移除依赖。 - 中:补充后端依赖安装和测试验证结果。
后续建议:
- 建议在仓库中明确 Python 版本边界,例如通过 CI matrix、Docker base image 或项目文档记录,后续 Dependabot 主版本升级才能更快判断是否安全。
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps tenacity from 8.3.0 to 9.1.4.
Release notes
Sourced from tenacity's releases.
... (truncated)
Commits
d4e868dFixretry()annotations with asyncsleep=function (#555)24415ebsupport async sleep for sync fn (#551)3bf33b4chore: drop Python 3.9 support (EOL) (#552)7027da3chore(deps): bump the github-actions group with 2 updates (#550)21ae7d0docs: fix syntax error in wait_chain docstring example (#548)ef12c9echore(deps): bump actions/checkout in the github-actions group (#547)c35a4b3chore(deps): bump the github-actions group with 2 updates (#545)e792bbaci: fix mypy (#546)0f55245ci: remove reno requirements (#542)815c34ffeat(wait): addwait_exceptionstrategy (#541)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)