Skip to content

MAINT: Bump conda-lock from 2.5.7 to 3.0.3#39

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/conda-lock-3.0.3
Closed

MAINT: Bump conda-lock from 2.5.7 to 3.0.3#39
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/conda-lock-3.0.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Jun 16, 2025

Bumps conda-lock from 2.5.7 to 3.0.3.

Release notes

Sourced from conda-lock's releases.

v3.0.3

What's Changed

Highlights:

  • Reduce noisy warnings about PyPI packages missing from the lookup
  • Fix --check-input-hash to interoperate between conda-lock v2.5.8 and v3.0.3 (avoids relocking when inputs are unchanged)
  • Add a mechanism to inspect the internal representation of the environment specification

Bugfix

New debug feature

You can now view conda-lock's internal representation of the dependency specification by running

conda-lock render-lock-spec --kind=raw --stdout -f ...

This is useful for troubleshooting how the input files are being parsed. This interface is experimental/unsupported and is meant purely for debugging. Implemented in #808.

Full Changelog: conda/conda-lock@v3.0.2...v3.0.3

v3.0.2

What's Changed

Fix a v3 regression where a pip dependency version specification using ~= fails to parse (conda/conda-lock#801)

Bugfix

Full Changelog: conda/conda-lock@v3.0.1...v3.0.2

v3.0.1

What's Changed

This release fixes two longstanding issues with the stripping of authentication credentials:

  • --strip-auth used to disable --check-input-hash for no good reason
  • ✅ private PyPI repositories running on a non-standard port would have the port stripped from the URL along with credentials

There is only one known regression in v3, and it only affects --check-input-hash. The fix is still in progress in #797.

  • ❌ clean lockfiles created by v2 are mistaken as dirty in v3 with --check-input-hash.

Bugfixes

... (truncated)

Commits
  • 38e425f Merge pull request #797 from maresb/v2-v3-lockfile-consistency
  • 97ae574 Add a test for cuda_version
  • 22925f2 Add large test cases for content hash
  • f266559 Improve code readability
  • 4d19e52 Refactor filtered categories
  • b14cb86 Remove nulls from new fields in the package spec
  • 107ebec Update test readme
  • 9f9795f Update test files and corresponding documentation
  • 3b8bef7 Maintain Python 3.9 compatibility
  • f669d4d Test against both the v2 hashes and the regressed v3.0 hashes
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
MAINT: Bump conda-lock from 2.5.7 to 3.0.3
a1289db 
Bumps [conda-lock](https://github.com/conda/conda-lock) from 2.5.7 to 3.0.3.
- [Release notes](https://github.com/conda/conda-lock/releases)
- [Commits](conda/conda-lock@v2.5.7...v3.0.3)

---
updated-dependencies:
- dependency-name: conda-lock
  dependency-version: 3.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Jun 16, 2025

Reviewers

The following teams could not be added as reviewers: core-devs. Either the team does not exist or it does not have the correct permissions to be added as a reviewer.

Labels

The following labels could not be found: 03 - Maintenance, Build / CI, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Jun 16, 2025

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.

@dependabot dependabot bot mentioned this pull request Jun 16, 2025
Closed
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Jul 7, 2025

Superseded by #45.

@dependabot dependabot bot closed this Jul 7, 2025
@dependabot dependabot bot deleted the dependabot/pip/conda-lock-3.0.3 branch July 7, 2025 18:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants