Drop support for Python 3.6 #6299
Comments
jeffwidman
added
L: python:pip
|
Before we commit to a timeline on this, we'd like to measure how frequently users are running Dependabot against However, the new "pause for inactivity" feature is still gradually rolling out... and that will impact these metrics pretty drastically because abandoned repos that are still running Dependabot are the most likely to have never moved beyond We expect that rollout to finish in the next few weeks, after which our metrics will only include "active" users of Dependabot so we can gather accurate metrics and then work with some other internal stakeholders to decide on the actual date we'll drop support. |
|
Are there any updates on this? I think this is blocking support for Poetry 1.4.x |
|
This is a necessary change for #6758 AFAIK, or updating Poetry to 1.4.x |
|
Thanks for letting us know you want it, we've been a little hesitant to drop it because we know some users are probably still on What we're actually planning to do very soon is try to formalize some deprecation policies for our different ecosystems. That way we not only fix this immediate problem, but also have clear timelines for everyone to see of when we will be deprecating and/or completely dropping support for old versions so there's no surprises for anyone. This is a priority for us this quarter. Anyway, hope to have you unblocked soonish. |
|
While not dropping the python 3.6 is a nice intent, it's a bit problematic because it requires to pin some package managers versions (pip, pipenv, pip-tools, ...) in dependabot and the latest python versions are not well supported by dependabot (eg: on few of my projects, dependabot fails to upgrade a bunch of packages with extras requirements) Anyway, if it's unblocked soon, we can wait 👍 |
|
@jeffwidman where are we on those metrics? Poetry 1.5.1 is out and 1.5.0 has new options for different |
|
@jeffwidman , any news on this topic ? Can we help somehow ? |
|
You'll be happy to know I've got some time booked the next few weeks to work on this... we'll need to post a note on our blog with a deprecation date, so actually merging it may take a little longer. But expect to see PR's from me arriving in the next few weeks to make this happen. |
This is the result of my initial investigation spike to see how much work it'll be to drop `python` `3.6` which has been EOL'd for a while. So far it looks like dropping `3.6` will be technically straightforward. The time-consuming bits will be: 1. finish the metrics version collection 2. coordinate on the messaging front with a deprecation announcement on the GitHub changelog. 3. All the follow-on work that dropping `3.6` unlocks... ie, bumping to nwere versions of `pip-tools`, `pip`, `poetry` etc. However, those can all happen as follow-on projects. Python 3.7 is also EOL'd as of the end of June, and I noticed `pip-tools` has already released `v7` which requires `3.8+`. We are considerign aligning our python version support schedule with upstream python, in which case we'd also drop `3.7`, which would let us also jump all our package managers up to their latest versions. But again, all that is out of scope of this initial project of dropping `3.6`. So putting this up to see what CI thinks. Fix: #6299
This is the result of my initial investigation spike to see how much work it'll be to drop `python` `3.6` which has been EOL'd for a while. So far it looks like dropping `3.6` will be technically straightforward. The time-consuming bits will be: 1. finish the metrics version collection 2. coordinate on the messaging front with a deprecation announcement on the GitHub changelog. 3. All the follow-on work that dropping `3.6` unlocks... ie, bumping to nwere versions of `pip-tools`, `pip`, `poetry` etc. However, those can all happen as follow-on projects. Python 3.7 is also EOL'd as of the end of June, and I noticed `pip-tools` has already released `v7` which requires `3.8+`. We are considerign aligning our python version support schedule with upstream python, in which case we'd also drop `3.7`, which would let us also jump all our package managers up to their latest versions. But again, all that is out of scope of this initial project of dropping `3.6`. So putting this up to see what CI thinks. Fix: #6299
This is the result of my initial investigation spike to see how much work it'll be to drop `python` `3.6` which has been EOL'd for a while. So far it looks like dropping `3.6` will be technically straightforward. The time-consuming bits will be: 1. finish the metrics version collection 2. coordinate on the messaging front with a deprecation announcement on the GitHub changelog. 3. All the follow-on work that dropping `3.6` unlocks... ie, bumping to nwere versions of `pip-tools`, `pip`, `poetry` etc. However, those can all happen as follow-on projects. Python 3.7 is also EOL'd as of the end of June, and I noticed `pip-tools` has already released `v7` which requires `3.8+`. We are considerign aligning our python version support schedule with upstream python, in which case we'd also drop `3.7`, which would let us also jump all our package managers up to their latest versions. But again, all that is out of scope of this initial project of dropping `3.6`. So putting this up to see what CI thinks. Fix: #6299
This is the result of my initial investigation spike to see how much work it'll be to drop `python` `3.6` which has been EOL'd for a while. So far it looks like dropping `3.6` will be technically straightforward. The time-consuming bits will be: 1. finish the metrics version collection 2. coordinate on the messaging front with a deprecation announcement on the GitHub changelog. 3. All the follow-on work that dropping `3.6` unlocks... ie, bumping to nwere versions of `pip-tools`, `pip`, `poetry` etc. However, those can all happen as follow-on projects. Python 3.7 is also EOL'd as of the end of June, and I noticed `pip-tools` has already released `v7` which requires `3.8+`. We are considerign aligning our python version support schedule with upstream python, in which case we'd also drop `3.7`, which would let us also jump all our package managers up to their latest versions. But again, all that is out of scope of this initial project of dropping `3.6`. So putting this up to see what CI thinks. Fix: #6299
This is the result of my initial investigation spike to see how much work it'll be to drop `python` `3.6` which has been EOL'd for a while. So far it looks like dropping `3.6` will be technically straightforward. The time-consuming bits will be: 1. finish the metrics version collection 2. coordinate on the messaging front with a deprecation announcement on the GitHub changelog. 3. All the follow-on work that dropping `3.6` unlocks... ie, bumping to nwere versions of `pip-tools`, `pip`, `poetry` etc. However, those can all happen as follow-on projects. Python 3.7 is also EOL'd as of the end of June, and I noticed `pip-tools` has already released `v7` which requires `3.8+`. We are considerign aligning our python version support schedule with upstream python, in which case we'd also drop `3.7`, which would let us also jump all our package managers up to their latest versions. But again, all that is out of scope of this initial project of dropping `3.6`. So putting this up to see what CI thinks. Fix: #6299
|
We are currently planning to drop support for 3.6 later this month, we'll post an official announcement on the GitHub changelog when we do, but you'll also see it here because once that goes out I'll start merging PR's to remove support for it and then close this issue. We will also be dropping |
jeffwidman
added
Ecosystems
|
Deprecation date is August 17th: https://github.blog/changelog/2023-08-02-deprecation-notice-dependabot-to-drop-support-for-python-3-6-and-3-7/ |
|
Thank you! |
Python 3.6 was EOL'd in Dec 2021. However, we've continued to support it because the Ubuntu LTS
18.04release installed it by default and18.04isn't EOL until April 2023:dependabot-core/python/lib/dependabot/python/python_versions.rb
Lines 18 to 19 in cf448a9
But we're starting to run into various issues where
3.6is forcing us to include hacky workarounds:3.6, includingpoetry,pip,pipenvandpip-tools.22.04is blocked because3.6conflicts with itsopensslversionSo this is a placeholder ticket to track any discussions around timing, things that we'll need to update/remove, etc.
If you're a user of Dependabot who is still on Python 3.6 and you cannot upgrade for some reason, please chime in here explaining your use case.
The text was updated successfully, but these errors were encountered: