Skip to content

Add upper/lower bounds to dependencies in pyproject.toml #450

New issue
New issue
Open
Task
Open
Add upper/lower bounds to dependencies in pyproject.toml#450
Task
Assignees
rhatgadkar-goog
Labels
priority: p2Moderately-important priority. Fix may not be included in next release.type: cleanupAn internal cleanup or hygiene concern.
@rhatgadkar-goog

Description

@rhatgadkar-goog
rhatgadkar-goog
opened on Apr 30, 2025

There is no upper/lower bound on dependencies in pyproject.toml:

alloydb-python-connector/pyproject.toml

Lines 43 to 52 in 3b5ea2f

dependencies = [
"aiofiles",
"aiohttp",
"cryptography>=42.0.0",
"requests",
"google-auth",
"protobuf",
"google-cloud-alloydb",
"google-api-core",
]

We should add lower bounds and test against those to ensure that new changes are compatible with the minimum version of a dependency.

As an example, see https://github.com/googleapis/python-bigquery-storage/blob/main/testing/constraints-3.7.txt where minimum versions of dependencies are tested. The reason is that we want tests to fail if the minimum version that we specify no longer works

For the upper bound, one reason to prevent pulling the latest major version of a dependency is that it's untested and could have a breaking change.

requirements.txt and constraints.txt have different purposes. For constraints, we want to check that tests pass with the minimum versions of dependencies. requirements.txt helps maintainers/CI have a consistent environment when running tests. In the latter case, we may want the latest versions of dependencies. May want to consider renaming the current requirements.txt to requirements-test.txt to show it is for testing.

Metadata

Metadata

Assignees

Labels

priority: p2Moderately-important priority. Fix may not be included in next release.type: cleanupAn internal cleanup or hygiene concern.

Type

Task

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions