feat(package-managers/python)!: Support Python 3.11

Add "3.11" to the list of python versions which ORT allows to pass to `python-inspector` via the `-p` option. Doing so leads to a successful analysis of python projects which require python version 3.11. This also work for any analysis triggered from `Poetry.kt` via the approch to generate the `requirements` file from `pyproject.toml`. In particular, this works without upgrading the installed python verison to `3.11` The change is breaking, because also the default Python version is changed to 3.11. For analyzing Python projects targeting 3.10 the Python version as of now must be explicitly specified. Note: The reason why binary URL of `MarkupSafe` became empty seems to be, because there is just no release artifact for Python version 3.11, see [1]. The reason why the package did not disappear at all is not entirely understood. However, `pyproject.toml` only defines `^3.6` as contraint for the Python version. So, this explains why `MarkupSafe` is contained in the requirements file generated by `poetry export` [2]. Python inspector probably should not report `MarkupSafe` 2.0.1 as dependency, because it has not been released for that python version. [1] https://pypi.org/project/MarkupSafe/2.0.1/#files [2] `markupsafe==2.0.1 ; python_version>="3.6" and python_version<"4.0"` Signed-off-by: Frank Viernau <[email protected]>
oss-review-toolkit · Sep 28, 2023 · b87f3d1 · b87f3d1
1 parent 7e3de27
commit b87f3d1
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/.../package-managers/python/src/funTest/assets/projects/synthetic/poetry-expected-output.yml b/.../package-managers/python/src/funTest/assets/projects/synthetic/poetry-expected-output.yml
@@ -103,10 +103,10 @@ packages:
   description: "Safely add untrusted strings to HTML/XML markup."
   homepage_url: "https://palletsprojects.com/p/markupsafe/"
   binary_artifact:
-    url: "https://files.pythonhosted.org/packages/53/e8/601efa63c4058311a8bda7984a2fe554b9da574044967d7aee253661ee46/MarkupSafe-2.0.1-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl"
+    url: ""
     hash:
-      value: "168cd0a3642de83558a5153c8bd34f175a9a6e7f6dc6384b9655d2697312a646"
-      algorithm: "SHA-256"
+      value: ""
+      algorithm: ""
   source_artifact:
     url: "https://files.pythonhosted.org/packages/bf/10/ff66fea6d1788c458663a84d88787bae15d45daa16f6b3ef33322a51fc7e/MarkupSafe-2.0.1.tar.gz"
     hash:

diff --git a/plugins/package-managers/python/src/main/kotlin/Pip.kt b/plugins/package-managers/python/src/main/kotlin/Pip.kt
@@ -39,8 +39,8 @@ import org.ossreviewtoolkit.utils.ort.showStackTrace
 private const val OPTION_OPERATING_SYSTEM_DEFAULT = "linux"
 private val OPERATING_SYSTEMS = listOf(OPTION_OPERATING_SYSTEM_DEFAULT, "macos", "windows")
 
-private const val OPTION_PYTHON_VERSION_DEFAULT = "3.10"
-private val PYTHON_VERSIONS = listOf("2.7", "3.6", "3.7", "3.8", "3.9", OPTION_PYTHON_VERSION_DEFAULT)
+private const val OPTION_PYTHON_VERSION_DEFAULT = "3.11"
+private val PYTHON_VERSIONS = listOf("2.7", "3.6", "3.7", "3.8", "3.9", "3.10", OPTION_PYTHON_VERSION_DEFAULT)
 
 /**
  * The [PIP](https://pip.pypa.io/) package manager for Python. Also see