Conversation
…re dependencies of other packages
nucleogenic
left a comment
There was a problem hiding this comment.
Happy to approve on the basis my build was successful and all tests passed. We might want to look at the dependency pinning in the future. There's some other options for dependency management in Python too, but I don't know much about them. Glad to see some dependencies updated too.
| bjoern==3.1.0 | ||
| click==7.1.2 | ||
| Flask==2.0.1 | ||
| itsdangerous==2.0.1 | ||
| Jinja2==3.0.1 | ||
| MarkupSafe==2.0.1 | ||
| bjoern==3.2.2 | ||
| Flask==2.2.2 | ||
| Jinja2==3.1.2 | ||
| protobuf==3.20.1 | ||
| requests==2.26.0 |
There was a problem hiding this comment.
AFAIK, it would be best practice to run pip freeze and pin the exact versions of the dependencies, to ensure all installations are running the same versions. These then have to be split out into requirements.txt and requirements-dev.txt manually.
With that said, I'm not familiar enough with our direct dependencies to know if there is an actual risk of upstream dependency versions changing.
There was a problem hiding this comment.
Using pip freeze sounds like something worth looking into, and better than manually tag individual versions. Let me revert the library bumps and just merge the test fix here. We can revisit the libraries after the release.
…e that are dependencies of other packages" This reverts commit dbd24bd.
|
Kudos, SonarCloud Quality Gate passed!
|
Uh oh!
There was an error while loading. Please reload this page.