Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): Bump all dependencies #252

Merged
merged 2 commits into from
Dec 8, 2024
Merged

chore(deps): Bump all dependencies #252

merged 2 commits into from
Dec 8, 2024

Conversation

LordAro
Copy link
Member

@LordAro LordAro commented Dec 1, 2024

Trying it myself, as dependabot apparently doesn't like when there are new dependencies-of-dependencies added? There's probably a better way of dealing with this with dependabot, but IDK what it is

Closes #251

@LordAro LordAro force-pushed the dependency-update branch 2 times, most recently from a0c6adb to 62e4e01 Compare December 1, 2024 10:17
@LordAro LordAro changed the title Update dependencies chore(deps): Bump all dependencies Dec 1, 2024
@LordAro LordAro requested a review from TrueBrain December 2, 2024 08:52
@TrueBrain
Copy link
Member

Not that what you did is wrong, but what I often do is just take over an existing dependabot PR. It makes it a bit easier, as you only have to fix what is wrong, instead of recreating it. It also means it has the history of what versions got bumped etc.

What is important to check versions that had major-version updates, to see what they were about. For example aiohttp 3.11 drops Python 3.8 support. Some parts of our software stack might still use 3.7, although most got bumped to 3.10. But more importantly, sometimes software like aiohttp changes parameters or something, making the software not work. But this isn't really noticeable in cases where we don't have a preview (like with dibridge), so we can't deploy it on staging. For most other projects that do have a staging, adding the "preview" label to the PR is enough to start that deployment. That way you can test if it actually works or not. Which is the ultimate validation of a PR :)

The only thing in the list of bumps that really stands out, is six. six is a library to make Py2 -> Py3 easier, and I do not really understand why that is re-introduced. As in, who in their right mind added a dependency that still needs six? That is something worth checking out.

TrueBrain
TrueBrain reviewed Dec 8, 2024
View reviewed changes
requirements.txt Outdated Show resolved Hide resolved
TrueBrain
TrueBrain reviewed Dec 8, 2024
View reviewed changes
requirements.txt Show resolved Hide resolved
requirements.txt Outdated Show resolved Hide resolved
@TrueBrain
Copy link
Member

The only thing in the list of bumps that really stands out, is six. six is a library to make Py2 -> Py3 easier, and I do not really understand why that is re-introduced. As in, who in their right mind added a dependency that still needs six? That is something worth checking out.

irc depends on tempora, which now depends on python-dateutil, which is most likely the only remaining package I know that is still compatible with Python 2.7. Lol. And they didn't make their six dependency depend on any version. So yeah ... we have that going for us :P

@TrueBrain TrueBrain force-pushed the dependency-update branch 2 times, most recently from 90d29ca to ec55843 Compare December 8, 2024 09:02
@LordAro
Copy link
Member Author

LordAro commented Dec 8, 2024

My method was:

uv venv --python 3.8
uv pip install -r requirements.base
uv pip freeze > requirements.txt
# brief diversion with https://github.com/astral-sh/uv/issues/9550
pip freeze > requirements.txt

I imagine all the "unnecessary" libraries and older versions are due to the older python version (which I used as it's what's used in testing)

@TrueBrain TrueBrain force-pushed the dependency-update branch 2 times, most recently from 0374612 to 7de5cf3 Compare December 8, 2024 09:14
@TrueBrain TrueBrain merged commit f32e7ad into main Dec 8, 2024
9 checks passed
@TrueBrain TrueBrain deleted the dependency-update branch December 8, 2024 09:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TrueBrain TrueBrain TrueBrain left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@LordAro @TrueBrain