Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: Set only lower bounds on core dependencies #1382

Merged
merged 39 commits into from
Mar 27, 2021
Merged

build: Set only lower bounds on core dependencies #1382

merged 39 commits into from
Mar 27, 2021

Conversation

matthewfeickert
Copy link
Member

@matthewfeickert matthewfeickert commented Mar 26, 2021
edited
Loading

Description

Following @henryiii's and @hynek's advice (for the core dependencies now, we'll get to discussing the ones for the setup.py extras later) only place lower bounds on the core library dependencies, which have all reached maturity in their API.

This was more recently motivated by the fact that Henry pointed out that we'll be excluding use of Click v8.0.0 (when it is released, currently only v8.0.0a1 on PyPI), but there's no reason to want to bound Click to only v7.X or v8.X.

Thanks also to a very good comment from @tacaswell this also reverts the effects of PR #1378:

I think this is another library vs application difference. Your users are adults who are responsible for keeping their own house in order 😉 It is not a random libraries job to keep their systems up-to-date and secure (that falls to the end users and the packagers).

I think this is also a good case for why libraries should be as loose as possible with their version pinning as say other library was being super picky. Say some other library was being strict to some version range of pyyaml < 5.4 (for whatever reasons). Bumping your minimum to >= 5.4 with good intentions just drove someone to have unsatisfyable constraints.

Checklist Before Requesting Reviewer

  • Tests are passing
  • "WIP" removed from the title of the pull request
  • Selected an Assignee for the PR to be responsible for the log summary

Before Merging

For the PR Assignees:

  • Summarize commit messages into a comprehensive review of the PR
* Place only lower bounds (>=) on all core dependencies in setup.cfg
* Update lower bounds for core dependencies
   - Lower bounds established through empirical tests in CI with minimum supported dependencies workflow
* Effectively reverts PR #1378

@matthewfeickert matthewfeickert added the build Changes that affect the build system or external dependencies label Mar 26, 2021
@matthewfeickert matthewfeickert self-assigned this Mar 26, 2021
@codecov
Copy link

codecov bot commented Mar 26, 2021
edited
Loading

Codecov Report

Merging #1382 (04b4732) into master (cfc4b6a) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #1382   +/-   ##
=======================================
  Coverage   97.53%   97.53%           
=======================================
  Files          63       63           
  Lines        3808     3808           
  Branches      538      538           
=======================================
  Hits         3714     3714           
  Misses         55       55           
  Partials       39       39
Flag Coverage Δ
contrib 24.18% <ø> (ø)
unittests 97.53% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cfc4b6a...04b4732. Read the comment docs.

@matthewfeickert
Copy link
Member Author

This is still a Draft PR as I want to go through and test if these lower bounds that we have can be safely pushed down any lower.

@matthewfeickert matthewfeickert marked this pull request as ready for review March 26, 2021 23:03
@matthewfeickert matthewfeickert merged commit 99212ea into master Mar 27, 2021
@matthewfeickert matthewfeickert deleted the build/change-bounds-on-defaults branch March 27, 2021 04:31
@matthewfeickert matthewfeickert mentioned this pull request Apr 16, 2021
Closed
@matthewfeickert matthewfeickert mentioned this pull request Jun 21, 2021
Merged
4 tasks
matthewfeickert added a commit that referenced this pull request Jun 21, 2021
@matthewfeickert
chore: Update codemeta softwareRequirements to match setup.cfg (#1498)
2cc8c96 
* Update softwareRequirements in codemeta.json to use required lower bounds on all core dependencies
   - Applies lower bounds from PR #1382
* Add CPython implimentation to programmingLanguage codemeta.json metadata
@matthewfeickert matthewfeickert mentioned this pull request Mar 7, 2022
Merged
@matthewfeickert matthewfeickert mentioned this pull request May 26, 2022
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kratsg kratsg kratsg approved these changes

@lukasheinrich lukasheinrich Awaiting requested review from lukasheinrich

Assignees

@matthewfeickert matthewfeickert

Labels
build Changes that affect the build system or external dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@matthewfeickert @kratsg