[hotfix] fix prometheus version for UT failure#3000
Conversation
Signed-off-by: ApostaC <yihua98@uchicago.edu>
There was a problem hiding this comment.
Code Review
This pull request updates the requirements/common.txt file to pin the prometheus_client version to a maximum of 0.24.1. The review feedback suggests adding an explanatory comment for this version constraint to maintain consistency with the existing documentation style in the file.
| opentelemetry-exporter-otlp >= 1.20.0 | ||
| opentelemetry-exporter-prometheus >= 0.50b0 | ||
| prometheus_client >= 0.18.0 | ||
| prometheus_client >= 0.18.0, <= 0.24.1 |
There was a problem hiding this comment.
The version pin for prometheus_client lacks an explanatory comment. Following the existing pattern in this file (e.g., lines 10-13, 30-40, 45), version constraints—especially those introduced to fix breaking changes—should be accompanied by a brief explanation to aid future maintenance and clarify why the upper bound is necessary.
# Pin prometheus_client to <= 0.24.1 to avoid breaking changes in newer versions
prometheus_client >= 0.18.0, <= 0.24.1
References
- Changes should be consistent with existing codebase patterns. The existing pattern in requirements/common.txt is to provide comments for version constraints. (link)
Signed-off-by: ApostaC <yihua98@uchicago.edu>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit def00c6. Configure here.
| numba | ||
| nvtx | ||
| opentelemetry-api >= 1.20.0 | ||
| opentelemetry-api >= 1.20.0, <= 1.40.0 |
There was a problem hiding this comment.
Inconsistent OpenTelemetry upper-bound pins risk resolution failures
Medium Severity
opentelemetry-api is capped at <= 1.40.0 and opentelemetry-exporter-prometheus at <= 0.61b0, but opentelemetry-sdk and opentelemetry-exporter-otlp have no upper bounds. These packages are released in lockstep and require matching versions. With opentelemetry-exporter-otlp 1.41.0 released on April 9, 2026, pip will first attempt to install it, discover it needs opentelemetry-sdk ~= 1.41.0 which needs opentelemetry-api == 1.41.0, hit the <= 1.40.0 cap, and have to backtrack — causing slower resolution or potential failures. Both opentelemetry-sdk and opentelemetry-exporter-otlp need matching upper bounds.
Additional Locations (2)
Reviewed by Cursor Bugbot for commit def00c6. Configure here.
* update prometheus version to fix ut Signed-off-by: ApostaC <yihua98@uchicago.edu> * fix otel sdk version Signed-off-by: ApostaC <yihua98@uchicago.edu> --------- Signed-off-by: ApostaC <yihua98@uchicago.edu>
* update prometheus version to fix ut Signed-off-by: ApostaC <yihua98@uchicago.edu> * fix otel sdk version Signed-off-by: ApostaC <yihua98@uchicago.edu> --------- Signed-off-by: ApostaC <yihua98@uchicago.edu>
What this PR does / why we need it:
Pin
prometheus_clientto<= 0.24.1to fix unit test failures caused bya breaking change in newer versions of the library.
Special notes for your reviewers:
One-line change in
requirements/common.txt.If applicable:
Note
Low Risk
Low risk dependency-only change; main impact is constraining versions for observability libraries, which could affect compatibility if newer versions are required elsewhere.
Overview
Pins observability dependencies in
requirements/common.txtby adding upper bounds toprometheus_client,opentelemetry-exporter-prometheus, andopentelemetry-apito avoid breakages from newer releases (notably unit test failures with newerprometheus_client).Reviewed by Cursor Bugbot for commit def00c6. Bugbot is set up for automated code reviews on this repo. Configure here.