[PM-35795] Bump Python to 3.13 for Splunk app#200
Open
AlexRubik wants to merge 4 commits into
Open
Conversation
Splunk 10.2+ ships Python 3.13. Updating the Poetry constraint across all groups (main, dev, splunkslim, test) to match. Verified that every pinned dependency supports Python 3.13 at its current version; no dep version bumps required. The <3.14 upper bound is mandated by splunktaucclib, splunk-add-on-ucc-framework, and splunk-packaging-toolkit. [PM-35795]
Matches the new pyproject.toml constraint. Updates both the actions/setup-python version and the poetry env use line. [PM-35795]
…-test intent The primary `splunk` service in dev/docker-compose.yml pinned `splunk:10.0`, which ships Python 3.9. After the pyproject.toml bump in this PR, neither splunk:10.0 nor splunk:9.3 can install or run the rebuilt app, leaving anyone who pulls this branch without a working local dev rig. Changes: - Primary `splunk` service: bump image from `splunk/splunk:10.0` to `splunk/splunk:10.2`. 10.2 is the first Splunk release that ships the Python 3.13 interpreter the app now requires, matching the >=3.13, <3.14 constraint we set in pyproject.toml. - Add a header comment on `splunk` explaining the version pin and why it matters for local testing. - Retain `splunk93` (Splunk 9.3, Python 3.7) but add a comment making the intent explicit: it exists solely to manually verify the pre-10.2 install-time rejection path. The comment also notes the planned removal once PM-35800 (Splunkbase recertification) adds an explicit `requires_splunk_version` declaration to app.conf, at which point the rejection signal travels with the package metadata and the service is no longer needed. Rationale for keeping splunk93 instead of dropping it: The PR description acknowledges that pre-10.2 Splunk support is dropped, but app.conf currently has no `requires_splunk_version` field. Until that is added (tracked in PM-35800), splunk93 is the only way to locally observe the failure mode a side-loaded pre-10.2 install would hit, which is useful for support documentation and for writing the migration guide tracked by the epic. No functional change to the application; only the dev/* docker compose config and inline comments change. [PM-35795]
Banrion
approved these changes
May 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🎟️ Tracking
PM-35795 (child of epic PM-35261)
📔 Objective
Splunk 10.2+ ships Python 3.13 as the app runtime. This PR updates the Bitwarden Splunk app's Poetry constraint from
>=3.9, <3.11to>=3.13, <3.14and aligns the CI build to use Python 3.13.Verified
All four runtime dependencies (
requests2.32.5,splunk-sdk2.1.1,splunktaucclib8.1.0,python-dateutil2.9.0.post0) declare Python 3.13 compatibility on PyPI or have no upper bound. No version bumps required. PyPI metadata checked per package:requests 2.32.5requires_python: ">=3.9"+ explicitPython :: 3.13classifiersplunk-sdk 2.1.1requires_python: null(no upper bound, any Python accepted)splunktaucclib 8.1.0requires_python: "<3.14, >=3.7"(explicitly allows 3.13)python-dateutil 2.9.0.post0requires_python: "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7"(no upper bound)The
<3.14upper bound is mandated by three Splunk-owned packages (splunktaucclib,splunk-add-on-ucc-framework,splunk-packaging-toolkit).poetry.lockregenerated under Python 3.13; top-level pinned versions unchanged (verified for all 9 pins).Local checks pass under Python 3.13.12:
poetry install(clean resolution),pytest(24/24),ucc-gen build+ucc-gen package,slim validate(no errors). AppInspect was deferred to CI since it requireslibmagicwhich is not installed locally on macOS.Implicit compatibility break (intentional)
After this PR, installing this app on Splunk 9.x or 10.0/10.1 (pre-3.13 Python) will fail. The epic explicitly drops support below Splunk 10.2; pre-10.2 break is expected.
Dev rig alignment
Local
dev/docker-compose.ymlpreviously pinnedsplunk:10.0as the primary service, which ships Python 3.9 and could not run the rebuilt app. Bumped tosplunk:10.2in05ee9cbso pulling this branch produces a working local rig. Thesplunk93service is retained intentionally for manual verification of the pre-10.2 install rejection path, with an inline comment marking it for removal once PM-35800 adds an explicitrequires_splunk_versiondeclaration inapp.conf.