Skip to content

fix: Bump semgrep to v1.137.0 to fix CI pkg_resources error#35

Open
mverteuil wants to merge 1 commit intomainfrom
fix/semgrep-version
Open

fix: Bump semgrep to v1.137.0 to fix CI pkg_resources error#35
mverteuil wants to merge 1 commit intomainfrom
fix/semgrep-version

Conversation

@mverteuil
Copy link
Copy Markdown
Owner

@mverteuil mverteuil commented Mar 27, 2026

Summary

  • Bumps semgrep from v1.136.0 to v1.137.0 to fix ModuleNotFoundError: No module named 'pkg_resources' in CI
  • Removes language_version: python3.11 pin so semgrep uses the available Python interpreter
  • Fix confirmed upstream: OpenTelemetry Package error semgrep/semgrep#11069

Context

CI lint job has been failing since setuptools removed pkg_resources in v82+. The semgrep opentelemetry dependency imported it, causing the crash. Fixed in semgrep v1.137.0.

@mverteuil
fix: Bump semgrep to v1.137.0 to fix pkg_resources error
81b21a2 
v1.136.0 fails on Python 3.11+ because its opentelemetry dependency
imports pkg_resources, which was removed from setuptools>=82. Fixed
upstream in semgrep v1.137.0 (semgrep/semgrep#11069).

Also removes the python3.11 pin so semgrep uses whatever Python is
available, avoiding failures when 3.11 is not installed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mverteuil