potiuk commented on PR #130: URL: https://github.com/apache/airflow-steward/pull/130#issuecomment-4425502503
Closing this — urllib3 2.7.0 was released 2026-05-07 and the project's lockfile carries a 7-day cooldown (`exclude-newer-span = "P7D"` in `tools/gmail/oauth-draft/uv.lock`). The bump is eligible from 2026-05-14. Dependabot's solver appears to have ignored the cooldown and forced 2.7.0, which triggered a broken resolution cascade: `requests` downgraded to 2.15.1 (2017), and `urllib3` / `certifi` / `charset-normalizer` got dropped from the lock entirely. That's why both `prek` and `pytest (oauth-draft)` fail — the test venv ends up without `urllib3` / `requests` at all. Dependabot will reopen this once 2.7.0 ages past the cooldown window (or you can rebase the PR after 2026-05-14 and the resolver should produce a clean diff). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
