deps: bump flagsmith-common from 2.2.4 to 2.2.5 by matthewelwell · Pull Request #6256 · Flagsmith/flagsmith

matthewelwell · 2025-11-07T16:55:04Z

Changes

Update flagsmith-common from 2.2.4 to 2.2.6.

Contributes to #5990 and resolves this Sentry issue.

See the following PRs in flagsmith-common for more context.

Flagsmith/flagsmith-common#118
Flagsmith/flagsmith-common#120

How did you test this code?

Tested in flagsmith-common repo.

vercel · 2025-11-07T16:55:12Z

The latest updates on your projects. Learn more about Vercel for GitHub.

3 Skipped Deployments

Project	Deployment	Preview	Updated (UTC)
docs	Ignored	Preview	Nov 10, 2025 8:12pm
flagsmith-frontend-preview	Ignored	Preview	Nov 10, 2025 8:12pm
flagsmith-frontend-staging	Ignored	Preview	Nov 10, 2025 8:12pm

khvn26

just wanted to type /lgtm

github-actions · 2025-11-07T16:56:17Z

Docker builds report

Image	Build Status	Security report
`ghcr.io/flagsmith/flagsmith:pr-6256`	Finished ✅	Results ✅
`ghcr.io/flagsmith/flagsmith-private-cloud:pr-6256`	Finished ✅	Results ✅
`ghcr.io/flagsmith/flagsmith-e2e:pr-6256`	Finished ✅	Skipped
`ghcr.io/flagsmith/flagsmith-api-test:pr-6256`	Finished ✅	Skipped
`ghcr.io/flagsmith/flagsmith-api:pr-6256`	Finished ✅	Results ✅
`ghcr.io/flagsmith/flagsmith-frontend:pr-6256`	Finished ✅	Results ✅
`ghcr.io/flagsmith/flagsmith:pr-6256`	Finished ✅	Results ✅
`ghcr.io/flagsmith/flagsmith-private-cloud:pr-6256`	Finished ✅	Results ✅

codecov · 2025-11-07T17:01:16Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.01%. Comparing base (00b1e90) to head (7f8d0ad).
⚠️ Report is 11 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #6256   +/-   ##
=======================================
  Coverage   98.01%   98.01%           
=======================================
  Files        1278     1278           
  Lines       45183    45183           
=======================================
  Hits        44285    44285           
  Misses        898      898

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

matthewelwell · 2025-11-07T18:27:51Z

A snippet of the traceback from the CI failure here:

  flagsmith-api-1  | PermissionError: [Errno 13] Permission denied: '/tmp/flagsmith-prometheus/gauge_livemax_1.db'

This indicates to me that there's something wrong in the creation of the directory (as done here, by our own process now) which means that the prometheus process is unable to write to it.

Looking at this thread might give us some answers.

I'm going to continue investigating.

cursor

This PR is being reviewed by Cursor Bugbot

Details

Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

api/scripts/run-docker.sh

cursor · 2025-11-10T15:20:12Z

api/pyproject.toml

 djangorestframework-dataclasses = "^1.3.1"
 pyotp = "^2.9.0"
-flagsmith-common = "^2.2.4"
+flagsmith-common = { git = "https://github.com/flagsmith/flagsmith-common", branch = "fix/os-dir-permissions" }


Bug: Unstable Dependencies Break Build Reproducibility

The dependency points to a mutable git branch fix/os-dir-permissions instead of a version tag, despite the PR claiming to bump to version 2.2.5. This creates non-reproducible builds since the branch content can change without notice, and different installations could receive different code. The dependency should reference a specific version tag or commit hash for reproducibility.

…h-common

cursor · 2025-11-10T16:12:52Z

api/pyproject.toml

 djangorestframework-dataclasses = "^1.3.1"
 pyotp = "^2.9.0"
-flagsmith-common = "^2.2.4"
+flagsmith-common = { git = "https://github.com/flagsmith/flagsmith-common", branch = "fix/os-dir-permissions" }


Bug: Conflicting Dependency Sources Block Installation

The flagsmith-common dependency is declared twice with conflicting sources: once in main dependencies as a git branch (line 166) and once in dev dependencies with a version constraint and extras (line 250). Poetry cannot resolve conflicting dependency sources for the same package, which will cause installation failures or unpredictable behavior. The dev dependency declaration needs to either use the same git source with extras or be removed if the git source already provides the needed functionality.

emyller · 2025-11-10T20:26:45Z

api/pyproject.toml

 djangorestframework-dataclasses = "^1.3.1"
 pyotp = "^2.9.0"
-flagsmith-common = "^2.2.4"
+flagsmith-common = { git = "https://github.com/flagsmith/flagsmith-common", branch = "fix/os-dir-permissions" }


Reminder to use a tagged version.

matthewelwell · 2025-11-11T10:23:27Z

Superseded by #6267

Update flagsmith-common

0cf407f

matthewelwell requested a review from a team as a code owner November 7, 2025 16:55

matthewelwell requested review from Zaimwa9 and removed request for a team November 7, 2025 16:55

matthewelwell requested review from khvn26 and removed request for Zaimwa9 November 7, 2025 16:55

github-actions bot added the api Issue related to the REST API label Nov 7, 2025

khvn26 changed the title ~~deps: update flagsmith-common 2.2.5~~ deps: bump flagsmith-common from 2.2.4 to 2.2.5 Nov 7, 2025

khvn26 approved these changes Nov 7, 2025

View reviewed changes

khvn26 previously approved these changes Nov 7, 2025

View reviewed changes

github-actions bot added the dependencies Pull requests that update a dependency file label Nov 7, 2025

temp: use repo flagsmith-common

03ad2f5

matthewelwell dismissed khvn26’s stale review via 03ad2f5 November 7, 2025 18:34

github-actions bot added dependencies Pull requests that update a dependency file and removed dependencies Pull requests that update a dependency file labels Nov 7, 2025

matthewelwell mentioned this pull request Nov 7, 2025

fix: prometheus multproc dir permissions error Flagsmith/flagsmith-common#118

Closed

Update source reference

e63928f

github-actions bot added dependencies Pull requests that update a dependency file and removed dependencies Pull requests that update a dependency file labels Nov 7, 2025

Update flagsmith-common git sha

50c1abc

github-actions bot added dependencies Pull requests that update a dependency file and removed dependencies Pull requests that update a dependency file labels Nov 7, 2025

Update flagsmith-common git sha

e780dc6

github-actions bot added dependencies Pull requests that update a dependency file and removed dependencies Pull requests that update a dependency file labels Nov 7, 2025

Update flagsmith-common git sha

a167e76