Release 23.3 #12296
Comments
pradyunsg
added
the
type: maintenance
|
I can take it. I will probably do the release on the first or second weekend of October. |
|
@pradyunsg since #12300 is on a good track, let me know if you would plan to cut a |
|
I'm hoping to do so today, if I end up having some time after I finish my household chores. :) |
|
@sbidoul are there any specific PRs in the milestone that you'd like help with / want someone else to pick up over the coming days? I can make some time to work on pip this weekend, if there's anything I can do to help out with the release. :) |
|
@pradyunsg thanks. The main topic for now is #12300 (comment) (@uranusjr has already mentioned he might look into it). You may also want to review #11159. I'm usually not too keen to do vendoring upgrades late in the cycle 1. I can do it just after release though. Other than that I'm not aware of any urgent things to add to 23.3. If there are any, let me know. Footnotes
|
|
We may want to upgrade urllib3 just in case. See #12337. |
|
Does our vendoring action support upgrading to a specific version? Because we want to stay with |
|
You could probably update In fact, I just did this. You need to manually add the news fragment and commit, but it seems to work. #12343. |
|
This release has certifi 2023.7.22. |
|
I plan to release tomorrow evening, if life permits. |
|
Release 23.3 in progress
|
|
Does this release include distlib 0.3.7? Been waiting on this one for a while 🥲 Context: |
|
@FlavioAmurrioCS no one had done the distlib vendoring upgrade on time before the release so that will be for 24.0 in January. |
|
I plan to do a patch release this weekend. |
|
Release 23.3.1 in progress
|
|
There are a couple of possible regressions that would be good to fix in a 23.3.2 patch release: |
|
@sbidoul Do you plan on cutting more bugfix releases? |
|
I do. I'm waiting on the analysis about the extras issue to conclude. I don't have enough experience with that part of the code base to be of any help in the little time I have available, unfortunately. |
|
Is #12392 going to get a release for 23.3 or is 23.3 done? Funnily enough I just came across this at work today, happy to give it a test on my end and confirm on PR. |
|
@notatallshaw I was planning to look at a last 23.3 patch release over the weekend. If you can test and confirm the fix that would be helpful. |
|
@sbidoul Is there a reason there's no CPython PRs for the 23.3 releases? |
|
There is a last bugfix to do, so I was waiting for that. Then life and work got in the way. |
|
What's in that release? Any security fixes? CPython 3.11.7 is being released, and there's a debate as to whether to release with pip 23.2.1 (what's there right now), 23.3.1 (contributed by a 3rd party) or wait for 23.3.2. |
|
Looking at it, the Mercurial CVE fix had a bug in 23.3.1, which is fixed in 23.3.2. That's probably the key thing here. |
|
I need to cherry-pick
Sorry there is no way I can handle that before end of this week. So if urgent either someone else can do 23.3.2, or ship the latest 23.2 with CPython 3.11.7) |
|
The CPython RM has decided to release 3.11.7 with 23.2.1. So we can simply continue with the 23.3.2 release as normal, and create a CPython PR when it's done. |
|
Release 23.3.2 in progress
|
|
@sbidoul Do you plan to file a CPython PR? If not, I can create one tomorrow. |
|
@pradyunsg I plan to do it early in the week. Just waiting a little bit to be sure nothing surprising shows up. |
|
Python 3.13.0a3 is planned for Tuesday, would be nice to have it in there, but I don't think it's essential: https://peps.python.org/pep-0719/#schedule The next 3.11 and 3.12 releases are in February. |
|
The CPython PR is ready. |
|
And with this, I'm closing the 23.3 release cycle. |
and others
We're due to do 23.3 in October. Filing this issue to track that.
@pypa/pip-committers anyone up for being RM this time?
The text was updated successfully, but these errors were encountered: