From cf45c5956e99c7aadb542026483f6b83c0d00764 Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Wed, 8 Nov 2023 10:30:30 +0000 Subject: [PATCH] Drop support for Python 3.7 Since: - It has been end of life upstream since 2023-06-27, so is no longer receiving security updates. - The buildpack has been warning about its end of life in the build log output since 2023-02-08 (see #1404, #1460). - The `setuptools` and `pipenv` packaging toos have already dropped support for Python 3.7, which means we're blocked on upgrading to newer versions of them in the buildpack. - The upgrade from Python 3.7 to Python 3.8+ in most cases requires no changes to an application at all, or else some small dependency updates (compared to say the upgrade from Python 2 to 3). - Python 3.7 is not compatible with OpenSSL 3, and so only works on the Heroku-20 stack which itself will be deprecated in 2024. - Any apps that must stay on Python 3.7 short term, can pin to the previous buildpack version (`v238`) as a stop-gap. Closes heroku/roadmap#198. GUS-W-12345803. --- CHANGELOG.md | 1 + bin/default_pythons | 2 +- bin/steps/python | 12 +----- .../python_3.7_outdated/requirements.txt | 0 spec/fixtures/python_3.7_outdated/runtime.txt | 1 - spec/hatchet/pipenv_spec.rb | 29 +++++---------- spec/hatchet/python_update_warning_spec.rb | 37 ------------------- spec/hatchet/python_version_spec.rb | 26 ++++--------- spec/spec_helper.rb | 1 - 9 files changed, 21 insertions(+), 88 deletions(-) delete mode 100644 spec/fixtures/python_3.7_outdated/requirements.txt delete mode 100644 spec/fixtures/python_3.7_outdated/runtime.txt diff --git a/CHANGELOG.md b/CHANGELOG.md index f5c0f3237..9c33935b9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## [Unreleased] +- Drop support for Python 3.7. ([#1508](https://github.com/heroku/heroku-buildpack-python/pull/1508)) ## [v238] - 2023-11-06 diff --git a/bin/default_pythons b/bin/default_pythons index 2a044bb52..6c7cfeacb 100755 --- a/bin/default_pythons +++ b/bin/default_pythons @@ -10,8 +10,8 @@ LATEST_311="python-3.11.6" LATEST_310="python-3.10.13" LATEST_39="python-3.9.18" LATEST_38="python-3.8.18" -LATEST_37="python-3.7.17" # TODO: Remove these EOL versions once pipenv-python-version is refactored. +LATEST_37="python-3.7.17" LATEST_36="python-3.6.15" LATEST_35="python-3.5.10" LATEST_34="python-3.4.10" diff --git a/bin/steps/python b/bin/steps/python index 4804c245b..875792686 100755 --- a/bin/steps/python +++ b/bin/steps/python @@ -61,17 +61,7 @@ case "${PYTHON_VERSION}" in warn_if_patch_update_available "${PYTHON_VERSION}" "${LATEST_38}" ;; python-3.7.*) - puts-warn - puts-warn "Python 3.7 reached its upstream end-of-life on June 27th, 2023, so no longer" - puts-warn "receives any security updates:" - puts-warn "https://devguide.python.org/versions/#supported-versions" - puts-warn - puts-warn "Support for Python 3.7 will be removed from this buildpack in October 2023." - puts-warn - puts-warn "Upgrade to a newer Python version as soon as possible to keep your app secure." - puts-warn "See: https://devcenter.heroku.com/articles/python-runtimes" - puts-warn - warn_if_patch_update_available "${PYTHON_VERSION}" "${LATEST_37}" + eol_python_version_error "3.7" "June 27th, 2023" ;; python-3.6.*) eol_python_version_error "3.6" "December 23rd, 2021" diff --git a/spec/fixtures/python_3.7_outdated/requirements.txt b/spec/fixtures/python_3.7_outdated/requirements.txt deleted file mode 100644 index e69de29bb..000000000 diff --git a/spec/fixtures/python_3.7_outdated/runtime.txt b/spec/fixtures/python_3.7_outdated/runtime.txt deleted file mode 100644 index d9c98d799..000000000 --- a/spec/fixtures/python_3.7_outdated/runtime.txt +++ /dev/null @@ -1 +0,0 @@ -python-3.7.12 diff --git a/spec/hatchet/pipenv_spec.rb b/spec/hatchet/pipenv_spec.rb index 6774bba74..39beb550c 100644 --- a/spec/hatchet/pipenv_spec.rb +++ b/spec/hatchet/pipenv_spec.rb @@ -103,40 +103,31 @@ end context 'with a Pipfile.lock containing python_version 3.7' do - let(:allow_failure) { false } - let(:app) { Hatchet::Runner.new('spec/fixtures/pipenv_python_3.7', allow_failure:) } + let(:app) { Hatchet::Runner.new('spec/fixtures/pipenv_python_3.7', allow_failure: true) } context 'when using Heroku-20', stacks: %w[heroku-20] do - it 'builds with the latest Python 3.7 but shows a deprecation warning' do + it 'aborts the build with an EOL message' do app.deploy do |app| - expect(clean_output(app.output)).to match(Regexp.new(<<~REGEX)) + expect(clean_output(app.output)).to match(Regexp.new(<<~OUTPUT)) remote: -----> Python app detected remote: -----> Using Python version specified in Pipfile.lock remote: ! - remote: ! Python 3.7 reached its upstream end-of-life on June 27th, 2023, so no longer - remote: ! receives any security updates: + remote: ! Python 3.7 reached upstream end-of-life on June 27th, 2023, and is + remote: ! therefore no longer receiving security updates: remote: ! https://devguide.python.org/versions/#supported-versions remote: ! - remote: ! Support for Python 3.7 will be removed from this buildpack in October 2023. + remote: ! As such, it is no longer supported by the latest version of this buildpack. remote: ! - remote: ! Upgrade to a newer Python version as soon as possible to keep your app secure. - remote: ! See: https://devcenter.heroku.com/articles/python-runtimes + remote: ! Please upgrade to a newer Python version. See: + remote: ! https://devcenter.heroku.com/articles/python-runtimes remote: ! - remote: -----> Installing python-#{LATEST_PYTHON_3_7} - remote: -----> Installing pip #{PIP_VERSION}, setuptools #{SETUPTOOLS_VERSION} and wheel #{WHEEL_VERSION} - remote: -----> Installing dependencies with Pipenv #{PIPENV_VERSION} - remote: Installing dependencies from Pipfile.lock \\(.+\\)... - remote: -----> Installing SQLite3 - REGEX + OUTPUT end end end context 'when using Heroku-22', stacks: %w[heroku-22] do - let(:allow_failure) { true } - - # Python 3.7 is in the security fix only stage of its lifecycle, so has not been built for newer stacks. - include_examples 'aborts the build with a runtime not available message (Pipenv)', LATEST_PYTHON_3_7 + include_examples 'aborts the build with a runtime not available message (Pipenv)', '3.7.17' end end diff --git a/spec/hatchet/python_update_warning_spec.rb b/spec/hatchet/python_update_warning_spec.rb index 3bf7b0dc7..22a055b50 100644 --- a/spec/hatchet/python_update_warning_spec.rb +++ b/spec/hatchet/python_update_warning_spec.rb @@ -56,43 +56,6 @@ end RSpec.describe 'Python update warnings' do - context 'with a runtime.txt containing python-3.7.12' do - let(:allow_failure) { false } - let(:app) { Hatchet::Runner.new('spec/fixtures/python_3.7_outdated', allow_failure:) } - - context 'when using Heroku-20', stacks: %w[heroku-20] do - it 'warns about both the deprecated major version and the patch update' do - app.deploy do |app| - expect(clean_output(app.output)).to match(Regexp.new(<<~REGEX)) - remote: -----> Python app detected - remote: -----> Using Python version specified in runtime.txt - remote: ! - remote: ! Python 3.7 reached its upstream end-of-life on June 27th, 2023, so no longer - remote: ! receives any security updates: - remote: ! https://devguide.python.org/versions/#supported-versions - remote: ! - remote: ! Support for Python 3.7 will be removed from this buildpack in October 2023. - remote: ! - remote: ! Upgrade to a newer Python version as soon as possible to keep your app secure. - remote: ! See: https://devcenter.heroku.com/articles/python-runtimes - remote: ! - remote: ! - remote: ! A Python security update is available! Upgrade as soon as possible to: python-#{LATEST_PYTHON_3_7} - remote: ! See: https://devcenter.heroku.com/articles/python-runtimes - remote: ! - remote: -----> Installing python-3.7.12 - REGEX - end - end - end - - context 'when using Heroku-22', stacks: %w[heroku-22] do - let(:allow_failure) { true } - - include_examples 'aborts the build without showing an update warning', '3.7.12' - end - end - context 'with a runtime.txt containing python-3.8.12' do let(:allow_failure) { false } let(:app) { Hatchet::Runner.new('spec/fixtures/python_3.8_outdated', allow_failure:) } diff --git a/spec/hatchet/python_version_spec.rb b/spec/hatchet/python_version_spec.rb index 6f8cde80e..1f15f3457 100644 --- a/spec/hatchet/python_version_spec.rb +++ b/spec/hatchet/python_version_spec.rb @@ -109,41 +109,31 @@ end context 'when runtime.txt contains python-3.7.17' do - let(:allow_failure) { false } - let(:app) { Hatchet::Runner.new('spec/fixtures/python_3.7', allow_failure:) } + let(:app) { Hatchet::Runner.new('spec/fixtures/python_3.7', allow_failure: true) } context 'when using Heroku-20', stacks: %w[heroku-20] do - it 'builds with Python 3.7.17 but shows a deprecation warning' do + it 'aborts the build with an EOL message' do app.deploy do |app| expect(clean_output(app.output)).to include(<<~OUTPUT) remote: -----> Python app detected remote: -----> Using Python version specified in runtime.txt remote: ! - remote: ! Python 3.7 reached its upstream end-of-life on June 27th, 2023, so no longer - remote: ! receives any security updates: + remote: ! Python 3.7 reached upstream end-of-life on June 27th, 2023, and is + remote: ! therefore no longer receiving security updates: remote: ! https://devguide.python.org/versions/#supported-versions remote: ! - remote: ! Support for Python 3.7 will be removed from this buildpack in October 2023. + remote: ! As such, it is no longer supported by the latest version of this buildpack. remote: ! - remote: ! Upgrade to a newer Python version as soon as possible to keep your app secure. - remote: ! See: https://devcenter.heroku.com/articles/python-runtimes + remote: ! Please upgrade to a newer Python version. See: + remote: ! https://devcenter.heroku.com/articles/python-runtimes remote: ! - remote: -----> Installing python-#{LATEST_PYTHON_3_7} - remote: -----> Installing pip #{PIP_VERSION}, setuptools #{SETUPTOOLS_VERSION} and wheel #{WHEEL_VERSION} - remote: -----> Installing SQLite3 - remote: -----> Installing requirements with pip - remote: Collecting urllib3 (from -r requirements.txt (line 1)) OUTPUT - expect(app.run('python -V')).to include("Python #{LATEST_PYTHON_3_7}") end end end context 'when using Heroku-22', stacks: %w[heroku-22] do - let(:allow_failure) { true } - - # Python 3.7 is in the security fix only stage of its lifecycle, so has not been built for newer stacks. - include_examples 'aborts the build with a runtime not available message', "python-#{LATEST_PYTHON_3_7}" + include_examples 'aborts the build with a runtime not available message', 'python-3.7.17' end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 1bbcaaff3..d019d3abc 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -6,7 +6,6 @@ require 'rspec/core' require 'hatchet' -LATEST_PYTHON_3_7 = '3.7.17' LATEST_PYTHON_3_8 = '3.8.18' LATEST_PYTHON_3_9 = '3.9.18' LATEST_PYTHON_3_10 = '3.10.13'