Remove pip and setuptools from lektor-requirements.txt (!99) · Merge requests · The Tor Project / Web / lego

Silvio Rhatto requested to merge rhatto/lego:fix/remove-unsafe-reqs into main Dec 03, 2024

These dependencies are in the package management level, therefore it does not make much sense to list as dependencies that should be processed by themselves.

This can lead to scenarios where pip and setuptools are downgraded to a previous version, which may break the building process.

As an example, this pipeline job on GitLab.com fails because pip is downgraded:

Pip 24.3.1 is installed by this line of code.
Later on, Pip is downgraded to 22.2.2 when processing lektor-requirements.txt.
Finally, the build fails due to an AttributeError related to an outdated pip.

Note that this is not reproduced by the default build procedure (example), maybe because the base images are different (despite the same name).

Remove pip and setuptools from lektor-requirements.txt

Merge request reports