From c163416f4802a1974ce9528a2b72af62efd9a617 Mon Sep 17 00:00:00 2001 From: Anthonios Partheniou Date: Fri, 6 Feb 2026 01:47:01 +0000 Subject: [PATCH] fix(python-multi): remove Python 3.9 --- python/googleapis/python-multi/Dockerfile | 14 +-- .../python-multi/requirements-3.9.txt | 114 ------------------ 2 files changed, 4 insertions(+), 124 deletions(-) delete mode 100644 python/googleapis/python-multi/requirements-3.9.txt diff --git a/python/googleapis/python-multi/Dockerfile b/python/googleapis/python-multi/Dockerfile index 60b2df13..d73413c8 100644 --- a/python/googleapis/python-multi/Dockerfile +++ b/python/googleapis/python-multi/Dockerfile @@ -116,7 +116,7 @@ RUN LATEST_VERSION="2.6.1" && \ dpkg -i cosign_${LATEST_VERSION}_amd64.deb && \ rm cosign_${LATEST_VERSION}_amd64.deb -ARG PYTHON_VERSIONS="3.9.24 3.10.19 3.11.14 3.12.12 3.13.11 3.14.0" +ARG PYTHON_VERSIONS="3.10.19 3.11.14 3.12.12 3.13.11 3.14.0" SHELL ["/bin/bash", "-c"] @@ -124,7 +124,6 @@ RUN set -eux; \ # Define the required associative arrays completely. declare -A PYTHON_IDENTITIES; \ PYTHON_IDENTITIES=(\ - [3.9]="lukasz@langa.pl" \ [3.10]="pablogsal@python.org" \ [3.11]="pablogsal@python.org" \ [3.12]="thomas@python.org" \ @@ -133,7 +132,6 @@ RUN set -eux; \ ); \ declare -A PYTHON_ISSUERS; \ PYTHON_ISSUERS=(\ - [3.9]="https://github.com/login/oauth" \ [3.10]="https://accounts.google.com" \ [3.11]="https://accounts.google.com" \ [3.12]="https://accounts.google.com" \ @@ -179,10 +177,9 @@ RUN set -eux; \ RUN rm -rf /usr/local/lib/python3.12/test/wheeldata/setuptools-67.6.1-py3-none-any.whl RUN rm -rf /usr/local/lib/python3.12/test/wheeldata/wheel-0.40.0-py3-none-any.whl -# TODO: Remove this code once support for Python3.9/Python3.10 is dropped +# TODO: Remove this code once support for Python3.10 is dropped # There is no patch for CVE-2023-5752. We need to manually remove the vulnerable pip-23.0.1 binary # See upstream bug https://github.com/python/cpython/issues/131860 -RUN rm -rf /usr/local/lib/python3.9/ensurepip/_bundled/pip-23.0.1-py3-none-any.whl RUN rm -rf /usr/local/lib/python3.10/ensurepip/_bundled/pip-23.0.1-py3-none-any.whl # Install pip on Python 3.10 only. @@ -200,7 +197,6 @@ RUN wget --no-check-certificate -O /tmp/get-pip.py 'https://bootstrap.pypa.io/ge && [ "$(pip list |tac|tac| awk -F '[ ()]+' '$1 == "pip" { print $2; exit }')" = "$PYTHON_PIP_VERSION" ] # Ensure Pip for all python3 versions -RUN python3.9 /tmp/get-pip.py RUN python3.11 /tmp/get-pip.py RUN python3.12 /tmp/get-pip.py RUN python3.13 /tmp/get-pip.py @@ -210,22 +206,20 @@ RUN rm /tmp/get-pip.py # Test Pip RUN python3 -m pip -RUN python3.9 -m pip RUN python3.10 -m pip RUN python3.11 -m pip RUN python3.12 -m pip RUN python3.13 -m pip RUN python3.14 -m pip -# Install nox and upgrade setuptools installations for Python 3.9, 3.10 and 3.11 +# Install nox and upgrade setuptools installations for Python 3.10 and 3.11 # for CVE-2025-47273/CVE-2025-47273. # See https://github.com/python/cpython/issues/135374#issuecomment-2963361124 -COPY requirements-3.9.txt /requirements-3.9.txt COPY requirements-3.10.txt /requirements-3.10.txt COPY requirements-3.11.txt /requirements-3.11.txt COPY requirements-3.12.txt /requirements-3.12.txt -RUN for PYTHON_VERSION in 3.9 3.10 3.11; do \ +RUN for PYTHON_VERSION in 3.10 3.11; do \ /usr/local/bin/python${PYTHON_VERSION} -m pip \ install \ --no-cache-dir \ diff --git a/python/googleapis/python-multi/requirements-3.9.txt b/python/googleapis/python-multi/requirements-3.9.txt deleted file mode 100644 index b68e0cf4..00000000 --- a/python/googleapis/python-multi/requirements-3.9.txt +++ /dev/null @@ -1,114 +0,0 @@ -# -# This file is autogenerated by pip-compile with Python 3.9 -# by the following command: -# -# pip-compile --allow-unsafe --generate-hashes requirements.in -# - -argcomplete==3.6.3 \ - --hash=sha256:62e8ed4fd6a45864acc8235409461b72c9a28ee785a2011cc5eb78318786c89c \ - --hash=sha256:f5007b3a600ccac5d25bbce33089211dfd49eab4a7718da3f10e3082525a92ce - # via nox -attrs==25.4.0 \ - --hash=sha256:16d5969b87f0859ef33a48b35d55ac1be6e42ae49d5e853b597db70c35c57e11 \ - --hash=sha256:adcf7e2a1fb3b36ac48d97835bb6d8ade15b8dcce26aba8bf1d14847b57a3373 - # via nox -colorlog==6.10.1 \ - --hash=sha256:2d7e8348291948af66122cff006c9f8da6255d224e7cf8e37d8de2df3bad8c9c \ - --hash=sha256:eb4ae5cb65fe7fec7773c2306061a8e63e02efc2c72eba9d27b0fa23c94f1321 - # via nox -dependency-groups==1.3.1 \ - --hash=sha256:51aeaa0dfad72430fcfb7bcdbefbd75f3792e5919563077f30bc0d73f4493030 \ - --hash=sha256:78078301090517fd938c19f64a53ce98c32834dfe0dee6b88004a569a6adfefd - # via nox -distlib==0.4.0 \ - --hash=sha256:9659f7d87e46584a30b5780e43ac7a2143098441670ff0a49d5f9034c54a6c16 \ - --hash=sha256:feec40075be03a04501a973d81f633735b4b69f98b05450592310c0f401a4e0d - # via virtualenv -filelock==3.19.1 \ - --hash=sha256:66eda1888b0171c998b35be2bcc0f6d75c388a7ce20c3f3f37aa8e96c2dddf58 \ - --hash=sha256:d38e30481def20772f5baf097c122c3babc4fcdb7e14e57049eb9d88c6dc017d - # via virtualenv -humanize==4.13.0 \ - --hash=sha256:78f79e68f76f0b04d711c4e55d32bebef5be387148862cb1ef83d2b58e7935a0 \ - --hash=sha256:b810820b31891813b1673e8fec7f1ed3312061eab2f26e3fa192c393d11ed25f - # via nox -nox==2025.11.12 \ - --hash=sha256:3d317f9e61f49d6bde39cf2f59695bb4e1722960457eee3ae19dacfe03c07259 \ - --hash=sha256:707171f9f63bc685da9d00edd8c2ceec8405b8e38b5fb4e46114a860070ef0ff - # via -r requirements.in -packaging==26.0 \ - --hash=sha256:00243ae351a257117b6a241061796684b084ed1c516a08c48a3f7e147a9d80b4 \ - --hash=sha256:b36f1fef9334a5588b4166f8bcd26a14e521f2b55e6b9de3aaa80d3ff7a37529 - # via - # dependency-groups - # nox -platformdirs==4.4.0 \ - --hash=sha256:abd01743f24e5287cd7a5db3752faf1a2d65353f38ec26d98e25a6db65958c85 \ - --hash=sha256:ca753cf4d81dc309bc67b0ea38fd15dc97bc30ce419a7f58d13eb3bf14c4febf - # via virtualenv -tomli==2.4.0 \ - --hash=sha256:0408e3de5ec77cc7f81960c362543cbbd91ef883e3138e81b729fc3eea5b9729 \ - --hash=sha256:0dc56fef0e2c1c470aeac5b6ca8cc7b640bb93e92d9803ddaf9ea03e198f5b0b \ - --hash=sha256:0e0fe8a0b8312acf3a88077a0802565cb09ee34107813bba1c7cd591fa6cfc8d \ - --hash=sha256:0f2e3955efea4d1cfbcb87bc321e00dc08d2bcb737fd1d5e398af111d86db5df \ - --hash=sha256:133e93646ec4300d651839d382d63edff11d8978be23da4cc106f5a18b7d0576 \ - --hash=sha256:1b168f2731796b045128c45982d3a4874057626da0e2ef1fdd722848b741361d \ - --hash=sha256:1c8a885b370751837c029ef9bc014f27d80840e48bac415f3412e6593bbc18c1 \ - --hash=sha256:1f776e7d669ebceb01dee46484485f43a4048746235e683bcdffacdf1fb4785a \ - --hash=sha256:1fb2945cbe303b1419e2706e711b7113da57b7db31ee378d08712d678a34e51e \ - --hash=sha256:20cedb4ee43278bc4f2fee6cb50daec836959aadaf948db5172e776dd3d993fc \ - --hash=sha256:20ffd184fb1df76a66e34bd1b36b4a4641bd2b82954befa32fe8163e79f1a702 \ - --hash=sha256:26ab906a1eb794cd4e103691daa23d95c6919cc2fa9160000ac02370cc9dd3f6 \ - --hash=sha256:2add28aacc7425117ff6364fe9e06a183bb0251b03f986df0e78e974047571fd \ - --hash=sha256:2b1e3b80e1d5e52e40e9b924ec43d81570f0e7d09d11081b797bc4692765a3d4 \ - --hash=sha256:31d556d079d72db7c584c0627ff3a24c5d3fb4f730221d3444f3efb1b2514776 \ - --hash=sha256:36b9d05b51e65b254ea6c2585b59d2c4cb91c8a3d91d0ed0f17591a29aaea54a \ - --hash=sha256:39b0b5d1b6dd03684b3fb276407ebed7090bbec989fa55838c98560c01113b66 \ - --hash=sha256:3cf226acb51d8f1c394c1b310e0e0e61fecdd7adcb78d01e294ac297dd2e7f87 \ - --hash=sha256:3d895d56bd3f82ddd6faaff993c275efc2ff38e52322ea264122d72729dca2b2 \ - --hash=sha256:413540dce94673591859c4c6f794dfeaa845e98bf35d72ed59636f869ef9f86f \ - --hash=sha256:43e685b9b2341681907759cf3a04e14d7104b3580f808cfde1dfdb60ada85475 \ - --hash=sha256:4cbcb367d44a1f0c2be408758b43e1ffb5308abe0ea222897d6bfc8e8281ef2f \ - --hash=sha256:551e321c6ba03b55676970b47cb1b73f14a0a4dce6a3e1a9458fd6d921d72e95 \ - --hash=sha256:5572e41282d5268eb09a697c89a7bee84fae66511f87533a6f88bd2f7b652da9 \ - --hash=sha256:5aa48d7c2356055feef06a43611fc401a07337d5b006be13a30f6c58f869e3c3 \ - --hash=sha256:5b5807f3999fb66776dbce568cc9a828544244a8eb84b84b9bafc080c99597b9 \ - --hash=sha256:5e3f639a7a8f10069d0e15408c0b96a2a828cfdec6fca05296ebcdcc28ca7c76 \ - --hash=sha256:685306e2cc7da35be4ee914fd34ab801a6acacb061b6a7abca922aaf9ad368da \ - --hash=sha256:75c2f8bbddf170e8effc98f5e9084a8751f8174ea6ccf4fca5398436e0320bc8 \ - --hash=sha256:7b438885858efd5be02a9a133caf5812b8776ee0c969fea02c45e8e3f296ba51 \ - --hash=sha256:7d49c66a7d5e56ac959cb6fc583aff0651094ec071ba9ad43df785abc2320d86 \ - --hash=sha256:7d6d9a4aee98fac3eab4952ad1d73aee87359452d1c086b5ceb43ed02ddb16b8 \ - --hash=sha256:84d081fbc252d1b6a982e1870660e7330fb8f90f676f6e78b052ad4e64714bf0 \ - --hash=sha256:8768715ffc41f0008abe25d808c20c3d990f42b6e2e58305d5da280ae7d1fa3b \ - --hash=sha256:920b1de295e72887bafa3ad9f7a792f811847d57ea6b1215154030cf131f16b1 \ - --hash=sha256:9a08144fa4cba33db5255f9b74f0b89888622109bd2776148f2597447f92a94e \ - --hash=sha256:a26d7ff68dfdb9f87a016ecfd1e1c2bacbe3108f4e0f8bcd2228ef9a766c787d \ - --hash=sha256:aa89c3f6c277dd275d8e243ad24f3b5e701491a860d5121f2cdd399fbb31fc9c \ - --hash=sha256:b5ef256a3fd497d4973c11bf142e9ed78b150d36f5773f1ca6088c230ffc5867 \ - --hash=sha256:b6c78bdf37764092d369722d9946cb65b8767bfa4110f902a1b2542d8d173c8a \ - --hash=sha256:bbb1b10aa643d973366dc2cb1ad94f99c1726a02343d43cbc011edbfac579e7c \ - --hash=sha256:c084ad935abe686bd9c898e62a02a19abfc9760b5a79bc29644463eaf2840cb0 \ - --hash=sha256:c73add4bb52a206fd0c0723432db123c0c75c280cbd67174dd9d2db228ebb1b4 \ - --hash=sha256:cae9c19ed12d4e8f3ebf46d1a75090e4c0dc16271c5bce1c833ac168f08fb614 \ - --hash=sha256:d20b797a5c1ad80c516e41bc1fb0443ddb5006e9aaa7bda2d71978346aeb9132 \ - --hash=sha256:d3d1654e11d724760cdb37a3d7691f0be9db5fbdaef59c9f532aabf87006dbaa \ - --hash=sha256:d878f2a6707cc9d53a1be1414bbb419e629c3d6e67f69230217bb663e76b5087 - # via - # dependency-groups - # nox -typing-extensions==4.15.0 \ - --hash=sha256:0cea48d173cc12fa28ecabc3b837ea3cf6f38c6d1136f85cbaaf598984861466 \ - --hash=sha256:f0fa19c6845758ab08074a0cfa8b7aecb71c999ca73d62883bc25cc018c4e548 - # via virtualenv -virtualenv==20.36.1 \ - --hash=sha256:575a8d6b124ef88f6f51d56d656132389f961062a9177016a50e4f507bbcc19f \ - --hash=sha256:8befb5c81842c641f8ee658481e42641c68b5eab3521d8e092d18320902466ba - # via nox - -# The following packages are considered to be unsafe in a requirements file: -setuptools==80.10.2 \ - --hash=sha256:8b0e9d10c784bf7d262c4e5ec5d4ec94127ce206e8738f29a437945fbc219b70 \ - --hash=sha256:95b30ddfb717250edb492926c92b5221f7ef3fbcc2b07579bcd4a27da21d0173 - # via -r requirements.in