Expected behavior
TL;DR: PyPy CI jobs (pypy-3.9, pypy-3.10) are broken because cryptography >= 47.0.0 no longer ships wheels for PyPy < 3.11. Both PyPy versions are EOL. Fix: replace them with pypy-3.11 in the CI matrix.
All CI matrix entries should pass, including PyPy builds.
Actual behavior
The build (pypy-3.9) and build (pypy-3.10) CI jobs fail during pip install with:
error: the configured PyPy interpreter version (3.10) is lower than PyO3's minimum supported version (3.11)
cryptography is not a direct dependency — it's pulled in transitively via keyring → SecretStorage → cryptography>=2.0. Since cryptography >= 47.0.0 only ships pp311 wheels, pip falls back to building from source, which fails because PyO3 0.28.3 requires PyPy >= 3.11.
This affects every PR and master push — it is not specific to any code change.
Steps To Reproduce
- Open any PR against
trinodb/trino-python-client
- CI triggers the
build (pypy-3.9, latest, ~=1.4.0) and build (pypy-3.10, latest, ~=1.4.0) jobs
- Both fail at
pip install .[tests,gssapi] when building cryptography from source
Last passing master CI run: April 14, 2026 — used cryptography-46.0.7 which still shipped a pp39 wheel.
| Date |
Event |
| Apr 14 |
Last green master CI — cryptography==46.0.7 with pp39/pp310 wheels |
| Apr 24 |
cryptography 47.0.0 released — dropped pp310 wheels, only ships pp311 |
| May 4 |
cryptography 48.0.0 released — still only pp311 |
| May 25+ |
All CI runs on PyPy 3.9/3.10 fail |
Log output
From pypy-3.10 job:
error: the configured PyPy interpreter version (3.10) is lower than
PyO3's minimum supported version (3.11)
💥 maturin failed
Caused by: Failed to build a native library through cargo
ERROR: Failed building wheel for cryptography
Operating System
GitHub Actions ubuntu-latest
Trino Python client version
0.337.0 (current master)
Trino Server version
N/A (failure is at install time, not runtime)
Python version
PyPy 3.9.19, PyPy 3.10.16
Proposed fix
Replace pypy-3.9 and pypy-3.10 with pypy-3.11 in .github/workflows/ci.yml. Rationale:
- PyPy 3.9 and 3.10 are EOL — the PyPy project no longer releases updates for them
- PyPy 3.11 is the only actively maintained Python 3.x line (latest: 7.3.23, released May 26, 2026)
cryptography 47+ ships pp311 wheels — no source build neededactions/setup-python@v5 supports pypy-3.11- No PyPy-version-specific code paths exist in the codebase — upgrade is CI-only
- Existing constraints remain unchanged:
orjson excluded on PyPy (graceful fallback to stdlib json), krb5 pinned to 0.5.1 (pykrb5#49)
Alternative considered
Pin cryptography<47 to keep PyPy 3.9/3.10 alive. This is a short-term workaround — it props up EOL interpreters and will break again as other dependencies drop support. Not recommended.
Are you willing to submit PR?
Expected behavior
TL;DR: PyPy CI jobs (
pypy-3.9,pypy-3.10) are broken becausecryptography>= 47.0.0 no longer ships wheels for PyPy < 3.11. Both PyPy versions are EOL. Fix: replace them withpypy-3.11in the CI matrix.All CI matrix entries should pass, including PyPy builds.
Actual behavior
The
build (pypy-3.9)andbuild (pypy-3.10)CI jobs fail duringpip installwith:cryptographyis not a direct dependency — it's pulled in transitively viakeyring→SecretStorage→cryptography>=2.0. Sincecryptography>= 47.0.0 only shipspp311wheels, pip falls back to building from source, which fails because PyO3 0.28.3 requires PyPy >= 3.11.This affects every PR and master push — it is not specific to any code change.
Steps To Reproduce
trinodb/trino-python-clientbuild (pypy-3.9, latest, ~=1.4.0)andbuild (pypy-3.10, latest, ~=1.4.0)jobspip install .[tests,gssapi]when buildingcryptographyfrom sourceLast passing master CI run: April 14, 2026 — used
cryptography-46.0.7which still shipped app39wheel.cryptography==46.0.7withpp39/pp310wheelscryptography47.0.0 released — droppedpp310wheels, only shipspp311cryptography48.0.0 released — still onlypp311Log output
From pypy-3.10 job:
Operating System
GitHub Actions ubuntu-latest
Trino Python client version
0.337.0 (current master)
Trino Server version
N/A (failure is at install time, not runtime)
Python version
PyPy 3.9.19, PyPy 3.10.16
Proposed fix
Replace
pypy-3.9andpypy-3.10withpypy-3.11in.github/workflows/ci.yml. Rationale:cryptography47+ shipspp311wheels — no source build neededactions/setup-python@v5supportspypy-3.11orjsonexcluded on PyPy (graceful fallback to stdlibjson),krb5pinned to 0.5.1 (pykrb5#49)Alternative considered
Pin
cryptography<47to keep PyPy 3.9/3.10 alive. This is a short-term workaround — it props up EOL interpreters and will break again as other dependencies drop support. Not recommended.Are you willing to submit PR?