fix: Drop constraints for cryptography and pact-python#38465
Merged
Conversation
feanil
force-pushed
the
feanil/drop_constraints
branch
from
5088181 to
079645c
Compare
The latest version of snowflake-connector-python claims to fix the underlying issue that caused us to pin cryptography so unpin both of these and re-build dependencies to see if the issues are resolved.
pact-python 3.x (released after the 1.x series) ships a new Rust FFI-based
verifier that breaks backward compatibility with the old Ruby-based verifier.
The constructor and verification call both changed:
Old API (pact-python 1.x):
verifier = Verifier(provider='lms', provider_base_url=url)
output, _ = verifier.verify_pacts(pact_file, headers=[...], provider_states_setup_url=...)
assert output == 0
New API (pact-python 3.x):
Verifier(name='lms')
.add_transport(url=url)
.add_source(pact_file)
.add_custom_header('Pact-Authentication', 'Allow')
.state_handler(provider_states_setup_url, body=True)
.verify()
Key differences:
- `provider` → `name`, `provider_base_url` → `.add_transport(url=...)`
- `verify_pacts()` is gone; replaced by fluent `.add_source()` + `.verify()`
- Headers are set individually via `.add_custom_header(name, value)` rather
than as a list of `Key: Value` strings
- `provider_states_setup_url` becomes `.state_handler(url, body=True)`;
`body=True` is required for URL-based handlers and matches what the
provider state views already expect (they read from request.body)
- `verify()` raises RuntimeError on failure instead of returning a non-zero
exit code, so the `assert output == 0` is no longer needed
- The verifier is now created fresh inside the test method rather than in
setUpClass, because `add_source` and `add_custom_header` accumulate state
on the underlying FFI handle — sharing a verifier across multiple test
invocations would cause duplicate sources/headers on the second run
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
feanil
force-pushed
the
feanil/drop_constraints
branch
from
079645c to
38eed01
Compare
bmtcril
approved these changes
Apr 28, 2026
Contributor
bmtcril
left a comment
bmtcril
left a comment
There was a problem hiding this comment.
Yay! Looks good after a rebase
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The latest version of snowflake-connector-python claims to fix the
underlying issue that caused us to pin cryptography so unpin both of
these and re-build dependencies to see if the issues are resolved.
pact-python was also unpinned in the same pass. Upgrading from 1.x to
3.x introduced a breaking API change in the
Verifierclass: theconstructor no longer accepts
provider/provider_base_urlkwargs(now takes
name), andverify_pacts()was replaced by a fluentbuilder API (
.add_transport(),.add_source(),.state_handler(),.verify()). The threeverify_pact.pypact test files were updatedto use the new API. Failure mode was caught by pylint (
E1123/E1120)rather than at runtime since the pact tests are not run in standard CI.