importlib_metadata: #339 / v4.8.0 broke stevedore which broke bandit, openstackclient, flake8 and others

Hello, #339 in v4.8.0 broke stevedore which broke bandit for at least myself (but probably others)

https://github.com/common-workflow-language/cwltool/pull/1482/checks?check_run_id=3454232416#step:9:50 https://github.com/PyCQA/bandit/issues/730

Reverting to importlib_metadata version 4.7.1 resolves the problem for me

_Originally posted by @mr-c in https://github.com/python/importlib_metadata/issues/339#issuecomment-907764540_

About this issue

Original URL
State: closed
Created 3 years ago
Reactions: 4
Comments: 16 (9 by maintainers)

Commits related to this issue

Pin importlib-metadata in CI The recent release of importlib-metadata has broken an interface that stevedore uses when looking for entrypoints (see https://github.com/python/importlib_metadata/issues... — committed to mtreinish/qiskit-core by mtreinish 3 years ago
Pin importlib-metadata in CI The recent release of importlib-metadata has broken an interface that stevedore uses when looking for entrypoints (see: https://github.com/python/importlib_metadata/issue... — committed to mtreinish/retworkx by mtreinish 3 years ago
Restore support for EntryPoint access by item. Fixes #348. — committed to python/importlib_metadata by jaraco 3 years ago
Restore support for EntryPoint access by item. Fixes #348. — committed to python/importlib_metadata by jaraco 3 years ago
Restore support for EntryPoint access by item. Fixes #348. — committed to python/importlib_metadata by jaraco 3 years ago
python3-importlib-metadata: upgrade 4.6.4 -> 4.8.1 v4.8.1 #348: Restored support for EntryPoint access by item, deprecating support in the process. Users are advised to use direct member ... — committed to openembedded/openembedded-core by moto-timo 3 years ago
python3-importlib-metadata: upgrade 4.6.4 -> 4.8.1 v4.8.1 #348: Restored support for EntryPoint access by item, deprecating support in the process. Users are advised to use direct member ... — committed to HalleyAssist/poky by moto-timo 3 years ago
python3-importlib-metadata: upgrade 4.6.4 -> 4.8.1 v4.8.1 #348: Restored support for EntryPoint access by item, deprecating support in the process. Users are advised to use direct member ... — committed to HalleyAssist/poky by moto-timo 3 years ago
python3-importlib-metadata: upgrade 4.6.4 -> 4.8.1 v4.8.1 #348: Restored support for EntryPoint access by item, deprecating support in the process. Users are advised to use direct member ... — committed to YoeDistro/poky-old by moto-timo 3 years ago
python3-importlib-metadata: upgrade 4.6.4 -> 4.8.1 v4.8.1 #348: Restored support for EntryPoint access by item, deprecating support in the process. Users are advised to use direct member ... — committed to lgirdk/poky by moto-timo 3 years ago
python3-importlib-metadata: upgrade 4.6.4 -> 4.8.1 v4.8.1 #348: Restored support for EntryPoint access by item, deprecating support in the process. Users are advised to use direct member ... — committed to HalleyAssist/poky by moto-timo 3 years ago
python3-importlib-metadata: upgrade 4.6.4 -> 4.8.1 v4.8.1 #348: Restored support for EntryPoint access by item, deprecating support in the process. Users are advised to use direct member ... — committed to HalleyAssist/poky by moto-timo 3 years ago
python3-importlib-metadata: upgrade 4.6.4 -> 4.8.1 v4.8.1 #348: Restored support for EntryPoint access by item, deprecating support in the process. Users are advised to use direct member ... — committed to HalleyAssist/poky by moto-timo 3 years ago
python3-importlib-metadata: upgrade 4.6.4 -> 4.8.1 v4.8.1 #348: Restored support for EntryPoint access by item, deprecating support in the process. Users are advised to use direct member ... — committed to openembedded/openembedded-core by moto-timo 3 years ago
python3-importlib-metadata: upgrade 4.6.4 -> 4.8.1 v4.8.1 #348: Restored support for EntryPoint access by item, deprecating support in the process. Users are advised to use direct member ... — committed to openembedded/openembedded-core by moto-timo 3 years ago
python3-importlib-metadata: upgrade 4.6.4 -> 4.8.1 v4.8.1 #348: Restored support for EntryPoint access by item, deprecating support in the process. Users are advised to use direct member ... — committed to seamapi/poky by moto-timo 3 years ago
Add minimum retention of DeprecatedTuple. Ref #409, Ref #348. — committed to python/importlib_metadata by jaraco 2 years ago

Most upvoted comments

Looks like this issue has been reintroduced in v5.0.0.

We are seeing all pipelines fail this morning with the same message when using bandit for security linting.

Traceback (most recent call last):
  File "/usr/local/miniconda/envs/.../lib/python3.7/site-packages/stevedore/_cache.py", line 159, in _get_data_for_path
    with open(filename, 'r') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/root/.cache/python-entrypoints/3a36feec8a00a8eb17dbba25d793c41a65191f1d2d9320a96f6605c8d32530be'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/miniconda/envs/.../bin/bandit", line 5, in <module>
    from bandit.cli.main import main
  File "/usr/local/miniconda/envs/.../lib/python3.7/site-packages/bandit/__init__.py", line 7, in <module>
    from bandit.core import config  # noqa
  File "/usr/local/miniconda/envs/.../lib/python3.7/site-packages/bandit/core/__init__.py", line 5, in <module>
    from bandit.core import config  # noqa
  File "/usr/local/miniconda/envs/.../lib/python3.7/site-packages/bandit/core/config.py", line 15, in <module>
    from bandit.core import extension_loader
  File "/usr/local/miniconda/envs/.../lib/python3.7/site-packages/bandit/core/extension_loader.py", line 109, in <module>
    MANAGER = Manager()
  File "/usr/local/miniconda/envs/.../lib/python3.7/site-packages/bandit/core/extension_loader.py", line 21, in __init__
    self.load_formatters(formatters_namespace)
  File "/usr/local/miniconda/envs/.../lib/python3.7/site-packages/bandit/core/extension_loader.py", line 29, in load_formatters
    verify_requirements=False,
  File "/usr/local/miniconda/envs/.../lib/python3.7/site-packages/stevedore/extension.py", line 136, in __init__
    verify_requirements)
  File "/usr/local/miniconda/envs/.../lib/python3.7/site-packages/stevedore/extension.py", line 218, in _load_plugins
    for ep in self.list_entry_points():
  File "/usr/local/miniconda/envs/.../lib/python3.7/site-packages/stevedore/extension.py", line 207, in list_entry_points
    eps = list(_cache.get_group_all(self.namespace))
  File "/usr/local/miniconda/envs/.../lib/python3.7/site-packages/stevedore/_cache.py", line 179, in get_group_all
    data = self._get_data_for_path(path)
  File "/usr/local/miniconda/envs/.../lib/python3.7/site-packages/stevedore/_cache.py", line 162, in _get_data_for_path
    data = _build_cacheable_data(path)
  File "/usr/local/miniconda/envs/.../lib/python3.7/site-packages/stevedore/_cache.py", line 110, in _build_cacheable_data
    for name, group_data in real_groups.items():
AttributeError: 'EntryPoints' object has no attribute 'items'

jacwalte on Oct 3, 2022

v4.8.1 is releasing now. I believe this addresses the issue. It’s possible there are other usages out there dependent on tuple behaviors. If so, please raise an issue, mention me, and I’ll address those promptly.

jaraco on Aug 29, 2021

@mtreinish: You may wish to refrain from pinning too many projects as I’ve yanked the offending version and expect to release the next version without the broken behavior.

jaraco on Aug 29, 2021

@devturner Your issue is in #409.

jaraco on Oct 4, 2022

Thanks. Yes, I can confirm with that traceback that it’s a different issue, the one reported in #409, and that this issue could still potentially affect stevedore too, if the deprecation isn’t addressed.

jaraco on Oct 3, 2022

@jaraco I updated my comment with the full content of the error provided by the ADO (Azure Dev Ops) task.

commands that ran the task.

source $CONDA/bin/activate
python -m pip install safety==2.1.1 bandit==1.7.4
safety check
bandit --recursive .

We were not specifying the version of importlib-metadata or that it be installed here. I updated the python -m pip command to include importlib-metadata==4.13.0 and now everything is passing as expected.

new command

source $CONDA/bin/activate
python -m pip install importlib-metadata==4.13.0 safety==2.1.1 bandit==1.7.4
safety check
bandit --recursive .

Please let me know if I can provide more details.

Thanks! Jack Walters

jacwalte on Oct 3, 2022

In #349, I’ve drafted a fix but marking the access by item as deprecated. I can add other missing but expected tuple behaviors there as well if needed. I welcome feedback.

jaraco on Aug 29, 2021

Sorry for the inconvenience. I’ve yanked 4.8.0 while working out a remedy.

jaraco on Aug 29, 2021