Skip to content

tempfix: pin setuptools #3795

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

tempfix: pin setuptools #3795

wants to merge 2 commits into from
+7 −1

Conversation

@jvanasco
Copy link
Contributor

@jvanasco jvanasco commented Oct 3, 2025

We are under 60 days from the planned removal of pkg_resources. I worry about the impact of this on CI and Automatic Deployments.

I suggest releasing a tempfix to pin setuptools, which will ensure anyone who has not independently pinned setuptools within their projects is not affected by this, as work continues on #3731 .

@luhn
Copy link
Contributor

luhn commented Oct 3, 2025

I submitted #3787 and #3788 a couple months ago but haven't heard anything—Although I neglected to update the changelog so your PR is better.

@jvanasco
Copy link
Contributor Author

jvanasco commented Oct 3, 2025

I'm sorry for not seeing that.

I thought about offering a backport , but figured I'd address this first. Why don't you pull my changelog onto both of your PRs (or at least the backport) ? We can leave this open so it's at the top of the list so it keeps visibility until yours are merged (or another solution happens?)

@luhn
Copy link
Contributor

luhn commented Oct 3, 2025

No worries, I'll just close my PR and we can keep the better+fresher one.

I'll add a changelog to my backport and keep it open though, it'd be nice to keep Pyramid 1 working OotB as long as possible. I still have a couple projects using it.

@luhn luhn mentioned this pull request Oct 3, 2025
Closed
@jvanasco
Copy link
Contributor Author

jvanasco commented Oct 3, 2025

I still have some legacy stuff running on pyramid1 too, but I think it's mostly unported py27 so unaffected by all this.

@aquatix
Copy link

aquatix commented Nov 4, 2025

Hey all! Thanks for looking into this. As stated, we're just shy of a month away from this deprecation, and I was wondering if a release with this change will be available before then. Otherwise we will have to pin some libraries ourselves, which is also not a big deal, but having Pyramid handle this itself would be nice.
Is it much work to eliminate the need for pkg_resources in general by the way?

@mmerickel
Copy link
Member

mmerickel commented Nov 5, 2025

You should pin your dependencies.... With respect to removing pkg_resources you can catch up on #3731.

@jvanasco
Copy link
Contributor Author

jvanasco commented Nov 5, 2025

You should pin your dependencies....

That is standard practice. Pinning a dependency's dependencies (i.e. pyramid's dependencies) is not.

We're about 3 weeks out from this potentially breaking CI and installs.

@luhn My contingency plan right now is to switch to our forks (my v2, your v1). I did a test, and I can entirely automate the switchover for all our affected code - and revert it as well. Introducing a setuptools requirement is too messy, as the package might already require it for something else.

@sbrunner
Copy link

sbrunner commented Nov 12, 2025

This should really resolve the issue: #3783

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jvanasco @luhn @aquatix @mmerickel @sbrunner