Drop Support for EOL Python 3.6, 3.7 and 3.8

[galuszkak]

As of today per Python Software Foundation policy here: https://devguide.python.org/versions/

• Python 3.6 has ended security support and it's end of life was - 2021-12-23. It's 3 years unsupported!
• Python 3.7 has ended security support and it's end of life was - 2023-06-27. It's 1.5 years unsupported!
• Python 3.8 has ended security support and it's end of life was - 2024-10-07. It's 3 months unsupported!

Does Slack SDK plans to remove support for those Python versions? Promoting unsupported version of Python has security concerns and it shouldn't be promoted.

I've realised this while working on #1633 as I wasn't expecting that Python 3.6 is in use and I was using features that were added in Python 3.8 so I lived under assumption that I can use everything from 3.9 and above.

Category

• [x] slack_sdk.web.WebClient (sync/async) (Web API client)
• [x] slack_sdk.webhook.WebhookClient (sync/async) (Incoming Webhook, response_url sender)
• [x] slack_sdk.models (UI component builders)
• [x] slack_sdk.oauth (OAuth Flow Utilities)
• [x] slack_sdk.socket_mode (Socket Mode client)
• [x] slack_sdk.audit_logs (Audit Logs API client)
• [x] slack_sdk.scim (SCIM API client)
• [x] slack_sdk.rtm (RTM client)
• [x] slack_sdk.signature (Request Signature Verifier)

Requirements

Please read the Contributing guidelines and Code of Conduct before creating this issue or pull request. By submitting, you are agreeing to those rules.

[WilliamBergamin]

Hi @galuszkak thanks for writing in!

This package is used by Bolt for python therefore our stance on this is similar to the one found in https://github.com/slackapi/bolt-python/issues/603. Dropping support for python versions here means we also need to drop support for them there.

Python 3.6 may be getting old, but users still use it with this project. Versions 3.7 and 3.8 also see their fair share of usage. We have not received any explicit security issues that involve this project running on older versions of python. We support these older versions as a convenience to our users.It falls onto individual developers to choose which version of python they should use.

Note that, we recommend using the latest version of python in combination with the latest version of this project!

[galuszkak]

Hi @WilliamBergamin ,

Thanks for prompt answer. My main reason for this was that while working on #1633 :

• I've used in my PR class class unittest.IsolatedAsyncioTestCase which has been added in 3.8 Python. I need to change unittest now to support my feature. Reason while I raised this issue was to see if this is actually as designed.
• SQLAlchemy 2.0 that has stable asyncio support is supporting as lowest python version 3.7.
• The point on security was that there are CVE reported also on unsupported versions on Python, to my knowledge if you aren't on some enterprise version of Linux like e.g. RHEL then you just don't receive those security patches for your Python version.

I will try to adjust my PR first - looks like I need to start testing this on lowest Python available.

Is it maybe possible to share some analytics/usage data what is actual usage of 3.6/3.7/3.8 versions? Is this more than 5-10% of the downloads or more?

[WilliamBergamin]

Thank you for your contribution 🙏 💯

Is it maybe possible to share some analytics/usage data what is actual usage of 3.6/3.7/3.8 versions? Is this more than 5-10% of the downloads or more?

We've developed internal dashboards that collect HTTP request information made to Slacks API by the various python versions, I unfortunately cannot share those. But I did put together this useful script that breaks down the pip downloads of the project. Downloads may not be as accurate as HTTP requests made to Slack, but provide some insight into these metrics in a public way.

slack_sdk
Display the last 180 days package download statistics
Source: https://pypistats.org/

Version      Downloads    Percentage   
3.6          1764484      1.05%        
3.7          9474831      5.64%        
3.8          19346104     11.52%       
3.9          19927347     11.86%       
3.10         48664136     28.97%       
3.11         59355900     35.33%       
3.12         8967379      5.34%        
3.13         496392       0.3%         
Total        167996573    n/a          

All though 1.05% may seem like a small number, due to the scale of total downloads this is still a significant number of users: 1 764 484. The sum of the usages for 3.6, 3.7 and 3.8 is ~18.21% this is ruffly 1/5 of all our downloads.

I've been open to drop support for some of these versions but so fare we have not encountered a significant reason to do this. Would like to get @seratch opinion on this as well

[seratch]

As @WilliamBergamin mentioned, we maintain support for older versions even though they've been EOLed for some time. Ideally, all real-world applications would quickly migrate to a newer runtime version, but that's not the reality in many cases. We will eventually drop those supports in the long run, but we won't in 2025.

Regarding your asyncio SQLAlchemy addition, please adjust your test logic to run the test suite only on compatible runtimes.

[WilliamBergamin]

Quick update on download statistics

Display the last 180 days package download statistics
Source: https://pypistats.org/

Version      Downloads    Percentage
3.6          1408825      0.77%
3.7          9504005      5.17%
3.8          14336318     7.79%
3.9          21507299     11.69%
3.10         51856996     28.18%
3.11         72020487     39.14%
3.12         11983618     6.51%
3.13         1376848      0.75%
Total        183994396    n/a

And also cross posting this comment for the deprecation of Python 3.6