Skip to content

ci: stop Dependabot bumping boto3/botocore past aioboto3's cap#35

Merged
ServerSideHannes merged 1 commit into
mainfrom
chore/dependabot-ignore-boto
May 29, 2026
Merged

ci: stop Dependabot bumping boto3/botocore past aioboto3's cap#35
ServerSideHannes merged 1 commit into
mainfrom
chore/dependabot-ignore-boto

Conversation

@ServerSideHannes
Copy link
Copy Markdown
Owner

@ServerSideHannes ServerSideHannes commented May 29, 2026

Root cause of the "Dependabot can't resolve your Python dependency files" error

The Dependabot resolver log:

× No solution found ...
  Because aiobotocore==2.25.1 depends on botocore>=1.40.46,<1.40.62 and
  aioboto3==15.5.0 depends on aiobotocore[boto3]==2.25.1 ...
  And because your project depends on botocore==1.43.17 ...
  we can conclude that your project's requirements are unsatisfiable.
  • aioboto3 15.5.0 is the latest release and hard-pins aiobotocore==2.25.1, which caps botocore <1.40.62.
  • Even the newest aiobotocore (3.7.0) only allows botocore <1.43.1, so botocore 1.43.17 is too new for the entire aioboto3 stack.
  • The lockfile holds botocore at 1.40.61 today, which works — but Dependabot's group kept trying to push boto3/botocore to latest, which can't resolve.

Fix

ignore boto3 and botocore so Dependabot doesn't bump them independently — aioboto3 governs their versions (uv still resolves a compatible botocore in the lockfile). Everything else continues to update normally.

Remove the ignore once a newer aioboto3 ships that supports current botocore.

@ServerSideHannes
ci: stop Dependabot bumping boto3/botocore past aioboto3's cap
f9de627 
aioboto3 15.5.0 (latest) pins aiobotocore==2.25.1, which requires
botocore<1.40.62. Dependabot's group tried to bump botocore to 1.43.17,
making resolution unsatisfiable ("can't resolve your Python dependency
files"). Ignore boto3/botocore so aioboto3 governs them; remove the
ignore once a newer aioboto3 supports current botocore.
@ServerSideHannes ServerSideHannes merged commit 2fa8c1b into main May 29, 2026
4 checks passed
@ServerSideHannes ServerSideHannes deleted the chore/dependabot-ignore-boto branch May 29, 2026 11:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ServerSideHannes