Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update certifi and replace complex certifi patch with a more targetted requests patch #11514

Merged
merged 3 commits into from Oct 15, 2022
Merged

Update certifi and replace complex certifi patch with a more targetted requests patch #11514

merged 3 commits into from Oct 15, 2022

Conversation

pradyunsg
Copy link
Member

Toward #11500

@pradyunsg
Replace complex certifi patch with a more targetted requests patch
2a0552a 
This should have the same final functionality, with a cleaner patch to
requests instead of an exception-based complex patch to certifi.
@pradyunsg
Upgrade certifi to 2022.9.24
1b7e5ef
@pradyunsg pradyunsg added the project: vendored dependency Related to a vendored dependency label Oct 14, 2022
@pradyunsg pradyunsg added this to the 22.3 milestone Oct 14, 2022
@pradyunsg pradyunsg changed the title Update certifi and repalce complex certifi patch with a more targetted requests patch Update certifi and replace complex certifi patch with a more targetted requests patch Oct 14, 2022
@pfmoore
Copy link
Member

pfmoore commented Oct 14, 2022

So if I'm understanding this, it splits the existing patch into two parts:

  1. A simple patch to certifi that does the vendoring
  2. A patch to requests that doesn't use certifi.where if _PIP_STANDALONE_CERT is set.

+1 on this simplification, although I'd mildly prefer it to be a separate PR from the one that vendors certifi. In the interests of not making extra work just before the release, I'm happy to ignore that, though.

There's a test fix needed, because something is "normalising" a version component from "09" to "9".

@pfmoore
Copy link
Member

pfmoore commented Oct 15, 2022

The 22.3 release is due today. @pradyunsg do you expect to try to get this into 22.3, or should we defer it to 23.0?

@pradyunsg
Copy link
Member Author

pradyunsg commented Oct 15, 2022
edited

I'd mildly prefer it to be a separate PR from the one that vendors certifi.

They’re separate commits, and there’s a dependency between the two (the exact shape of the certifi patch varies based on whether we use it or requests to implement the default certificate path).

——-

I’ve made the edit for fixing the version problem — assuming that the CI is happy, we can land this. I’d like to see this in 22.3, since there’s been a certificate change. :)

@pfmoore pfmoore merged commit 1fcc3ce into pypa:main Oct 15, 2022
@pradyunsg pradyunsg deleted the certifi-update branch October 15, 2022 10:53
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 31, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
project: vendored dependency Related to a vendored dependency
Projects
None yet
Milestone
22.3
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@pradyunsg @pfmoore