chore: enable python 3.14 #1038
Open
+644
−328
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updates the tox environment list to include 3.14 for testing in CI. Updates any dependencies that would not work with 3.14 until they will. Signed-off-by: Will Murphy <[email protected]>
Start passing --durations=10 to pytest (so that the 10 slowest tests are printed after each run). Then fix the worst offenders, which happened to be tests that were actually hitting unmocked sleeps. Signed-off-by: Will Murphy <[email protected]>
One test was instantiating the same schema validator ~180 times, resulting in a 10s unit test. Signed-off-by: Will Murphy <[email protected]>
Add a session-scoped pytest fixture that patches SQLAlchemy's create_engine to use NullPool for all SQLite connections during test runs. This ensures connections are closed immediately rather than being held in a pool, making connection leaks deterministic and visible. The warnings were caused by SQLAlchemy's default connection pooling holding sqlite3.Connection objects open until garbage collection, which triggered ResourceWarnings when pytest's unraisableexception plugin ran gc.collect() at the end of test sessions. Production code remains unchanged - the default connection pooling is preserved for the read/write-heavy workloads in vunnel's fix date databases. Only tests get NullPool behavior via the conftest.py fixture. Also: - Remove --cov-report html from default unit test target (CI doesn't use it, and it adds overhead) - Add unit-coverage target for when HTML reports are needed Signed-off-by: Will Murphy <[email protected]>
- Remove deprecated UP038 rule from ruff ignore list (rule no longer exists) - Convert Optional[X] to X | None syntax (Python 3.10+, safe since we require 3.13+) - Remove now-unnecessary noqa comments (UP007, S320, S603) - Add noqa comment explaining intentional lazy import in cli.py - Move imports to top-level where they were unnecessarily deferred (secureos/parser.py, grype_db_first_observed.py) - Prefix unused unpacked variables with underscore (amazon, oracle, ubuntu, rpm parsers) - Simplify workspace.py to use standard library importlib.metadata directly (no Python < 3.8 fallback needed) - Remove unused imports (Optional, types) Signed-off-by: Will Murphy <[email protected]>
Previously, it was possible to enable a python version in tox.ini and then believe it was supported without the tests running in CI. Signed-off-by: Will Murphy <[email protected]>
Signed-off-by: Will Murphy <[email protected]>
Signed-off-by: Will Murphy <[email protected]>
spiffcs
approved these changes
Feb 3, 2026
Contributor
spiffcs
left a comment
spiffcs
left a comment
There was a problem hiding this comment.
Green 🟢 - good to add the label and run the quality gate tests here. I have no suggested changed.
| request_timeout: int = 125 | ||
| request_retry_count: int = 10 | ||
| api_key: Optional[str] = "env:NVD_API_KEY" # noqa: UP007 | ||
| api_key: str | None = "env:NVD_API_KEY" |
| import_results_path: Optional[str] = None # noqa: UP007 - breaks mashumaro | ||
| import_results_enabled: Optional[bool] = None # noqa: UP007 - breaks mashumaro | ||
| user_agent: Optional[str] = None # noqa: UP007 - breaks mashumaro | ||
| import_results_host: str | None = None |
Contributor
There was a problem hiding this comment.
Wow - I said in a previous comment, but this is way more readable thanks for the cleanup work on these
willmurphyscode
added
the
run-pr-quality-gate
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updates the tox environment list to include 3.14 for testing in CI.
Updates any dependencies that would not work with 3.14 until they will.
A number of additional changes in here to make CI better:
This last probably merits some explanation. Starting in Python 3.13 or so, if a sqlite connection object is garbage collected before
.close()was called, it emits a warning. However, in SQLAlchemy, the underlying sqlite connection objects are pooled, andclose()just frees them to be closed asynchronously. This means that in unit tests, the garbage collector and the stale connection pool cleanup are racing, and if the garbage collector wins (loses?) we get a warning.I tried a number of lighter approaches to suppress these warnings, and settled on the current position as least bad, but I'm definitely open to feedback. Also, vunnel is a cron job, not a server, which makes me more tolerant of the risk that our unit tests miss an actual resource leak. I would love for someone to show me a better set of tradeoffs here.