feat(toolchains): backport 20260325/20260414 Python toolchains for 1.9.1 (#3708)#3776
Open
kevinpark1217 wants to merge 4 commits into
Open
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request updates the Python toolchains by adding several new versions from the 20260325 and 20260414 releases, updating the MINOR_MAPPING, and refining the release info logic for freethreaded builds. Feedback includes correcting a missing comma and pluralization in the CHANGELOG.md, as well as improving the consistency of platform key ordering within the sha256 maps in python/versions.bzl.
kevinpark1217
force-pushed
the
backport-toolchains-3708-release-1.9
branch
from
6f9c540 to
baf6bd6
Compare
kevinpark1217
added a commit
to kevinpark1217/rules_python
that referenced
this pull request
May 14, 2026
The toolchain bumps from bazel-contrib#3708 are being backported to release/2.0 and release/1.9 as 2.0.2 and 1.9.1 respectively (bazel-contrib#3775, bazel-contrib#3776), so move the bullets out of Unreleased and into dated patch sections to match what will ship from those branches. Refs bazel-contrib#3773.
…,4}, 3.15.0a8 (bazel-contrib#3708) This updates the Python version mappings to include the latest released versions. (cherry picked from commit 6dac0f6)
kevinpark1217
force-pushed
the
backport-toolchains-3708-release-1.9
branch
2 times, most recently
from
4324592 to
7adf838
Compare
…l-contrib#3678) Before this PR we would index all of the available binaries and it would fail in the case if the `sha256` file is not found. It seems that this is the case for the `powerpc64`. In order to work this around, we just drop support for that particular platform. Whilst at it, bump the uv version. Fixes bazel-contrib#3676. (cherry picked from commit 782ae91) Note: partial cherry-pick — only the .github/workflows/mypy.yaml hunk applies here. The uv and MODULE.bazel changes are not applicable to release/1.9.
…-contrib#3778) RBE has dropped support for older platform Fixing https://buildkite.com/bazel/rules-python-python/builds/15434#019e2c2c-c708-4c20-bc05-a9a5b1215d2f (cherry picked from commit 32527de)
Upcoming RC builds may have regressions, so instead of blocking our CI on their failures, mark them as soft-fail. This way we can be aware of upcoming problems, but not block regular development. (cherry picked from commit 6c05d2d)
kevinpark1217
force-pushed
the
backport-toolchains-3708-release-1.9
branch
from
ae3ecb6 to
6809295
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backports the Python toolchain bumps from #3708 to
release/1.9so the1.9.xseries can pick up the high-severity CVE fixes (CVE-2025-13836, CVE-2026-24049, CVE-2026-23949) described in #3773 without requiring a major-version migration. Companion to #3775. AddsMINOR_MAPPINGentries for3.10.20,3.11.15,3.12.13,3.13.{12,13},3.14.{3,4},3.15.0a8and a new1.9.1CHANGELOG.mdsection.Before:
release/1.9ships3.10.19 / 3.11.14 / 3.12.12 / 3.13.11 / 3.14.2(sameMINOR_MAPPINGasrelease/2.0), vulnerable to the same CVE set.After:
release/1.9ships the patched 20260325 / 20260414 archives. CHANGELOG gains a1.9.1section. Three pre-existing CI failures onrelease/1.9that were blocking every PR are also resolved.Commits (each a cherry-pick from
main):feat(toolchains): Add 3.10.20, 3.11.15, ... (#3708)— cherry-pick of6dac0f6d.CHANGELOG.mdconflict resolved by adding a new1.9.1section and discarding the inbound2.0.0block (doesn't belong onrelease/1.9).examples/wheel/hunk kept verbatim because the new interpreters dropsetuptools/pkg_resources.fix(uv): drop powerpc64 support to fix latest version downloads (#3678)— partial cherry-pick of782ae91b; only the.github/workflows/mypy.yamlhunk applies onrelease/1.9(uv/MODULE.bazel parts aren't applicable). Without this,jpetrucciani/mypy-check@master(now defaulting tomypy==2.1.0, Python ≥3.10) hard-fails thecicheck on every PR againstrelease/1.9.mainandrelease/2.0already run with this fix.ci: update RBE toolchain version from ubuntu2204 to ubuntu2404 (#3778)— cherry-pick of32527de8. RBE provider droppedubuntu2204.MODULE.bazelconflict resolved by taking only therules_cc 0.1.5 → 0.2.17bump (skipping the unrelatedpackage_metadatabazel_dep that's onmainbut not onrelease/1.9).ci: soft fail for upcoming bazel job (#3651)— cherry-pick of6c05d2d7.release/1.9's pinnedrules_go 0.41.0is incompatible with Bazellast_rc(missing theCcInfosymbol load fromrules_cc), so theDefault: Ubuntu, upcoming Bazeljob hard-fails every PR.mainandrelease/2.0already mark this job advisory.Fixes #3773.