Update deps #299
Update deps #299
Conversation
these get applied to the library now, so we shouldn't == any version unless really needed to work so, updating the deps based on which kind of versioning the package seems to be using: * majorver (versions like 33.1.0, where we don't expect 34 to be incompatible) * change to `>=33.1` * semver (versions like 1.33.1, where 2.0 might be incompatible) * change to `~=1.33` (equivalent to `>= 1.33, < 2`) * pre-1.0 (versions like 0.9.1, where 1.0 might be incompatible) * change to `>=0.9.1, <1` * calver (versions like 2025.1.3, which don't imply the existence of 2025.1.0) * stay with `>=2025.1.3` * python (just actual python) * stay with `>=3.12`, as `~=3.12` raises a warning
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
pyproject.toml
Outdated
| "django~=5.2", | ||
| "kubernetes>=33.1", | ||
| "openpyxl~=3.1", | ||
| "pandas~=2.2", |
There was a problem hiding this comment.
Bug: Constraints now allow previously excluded older patch versions
The constraints for pandas and segment-analytics-python changed from >=X.Y.Z to ~=X.Y, which lowers the minimum patch version. For example, pandas>=2.2.3 specifically excluded versions 2.2.0-2.2.2, but the new pandas~=2.2 allows them. Similarly, segment-analytics-python>=2.3.4 excluded 2.3.0-2.3.3, now allowed by ~=2.3. If the original patch-level minimums were set due to bug fixes the project depends on, allowing older versions could cause subtle issues.
Additional Locations (1)
setuptools leave >=6.0 maybe it's not an exception and more a majorver pandas leave >=2.2.3, add <3 because we need 2.2.3+ for python (though would still work with 2.2.1 in 2.4)
| "pytest>=8.3.4", | ||
| "ruff>=0.9.2", | ||
| "pre-commit~=4.0", | ||
| "pytest-cov~=6.0", |
There was a problem hiding this comment.
Bug: Unintended downgrade of pytest-cov from 7.0.0 to 6.3.0
The change from pytest-cov>=6.0.0 to pytest-cov~=6.0 causes an unintended major version downgrade. The ~=6.0 constraint means >=6.0, <7.0, which is more restrictive than the original >=6.0.0 that allowed version 7.x. The lock file confirms pytest-cov is downgraded from 7.0.0 to 6.3.0. This conflicts with the PR's stated goal of relaxing version constraints. To maintain compatibility with the latest version, consider using ~=7.0 or >=6.0 instead.
Additional Locations (1)
|
1 participant
The dependencies in
pyproject.tomlget applied to the library now, so we shouldn't==any version unless really needed to work.So, updating the deps based on which kind of versioning the package seems to be using:
majorver (versions like 33.1.0, where we don't expect 34 to be incompatible)
>=33.1semver (versions like 1.33.1, where 2.0 might be incompatible)
~=1.33(equivalent to>= 1.33, < 2)pre-1.0 (versions like 0.9.1, where 1.0 might be incompatible)
>=0.9.1, <1(same as ^, except*=might act differently for <1)calver (versions like 2025.1.3, which don't imply the existence of 2025.1.0)
>=2025.1.3python (just actual python)
>=3.12, as~=3.12raises a warningExceptions:
pandas - keeping 2.2.3+ for new python
setuptools - leaving >=6.0 because cursor