Skip to content

Pin build dependencies and configure dependabot (#389) #392

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
lavaleri wants to merge 3 commits into from
Closed

Pin build dependencies and configure dependabot (#389) #392

lavaleri wants to merge 3 commits into from

Conversation

@lavaleri
Copy link
Contributor

@lavaleri lavaleri commented Dec 17, 2021

  • chore: Pin build dependencies and configure dependabot

  • Ignore flake8 document linting on tests

  • Unpin decrypt_oracle dependencies for now

  • Pin tox

  • Isolate pinned dependencies to dev_requirements dir

Issue #, if available:

Description of changes:

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Check any applicable:

  • Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

@lavaleri
Pin build dependencies and configure dependabot (aws#389)
d1487d3 
* chore: Pin build dependencies and configure dependabot

* Ignore flake8 document linting on tests

* Unpin decrypt_oracle dependencies for now

* Pin tox

* Isolate pinned dependencies to dev_requirements dir
@lavaleri lavaleri requested a review from a team as a code owner December 17, 2021 20:11
texastony
texastony previously approved these changes Dec 17, 2021
View reviewed changes
@texastony texastony self-requested a review December 17, 2021 20:25
@texastony texastony dismissed their stale review December 17, 2021 20:26

We need to regenerate these files with python2.7 passing...

@lavaleri
Copy link
Contributor Author

lavaleri commented Dec 17, 2021

Yup, hadn't considered how Python 2.7 would affect things. We need to consider how to handle dependencies with python2.7. Potentially we can pin dependencies for python 2.7 separately so they are not targeted by dependabot. Alternatively, we could consider just pinning all of them and don't target this branch for dependabot. I need to consider what the best support path for these older branches is.

@texastony
Copy link
Contributor

texastony commented Dec 17, 2021

We can talk it over with the team, but I think a version in maintenance can have pinned dependencies that do not update, or only update for security events.

@lavaleri
Copy link
Contributor Author

lavaleri commented Dec 21, 2021

closing in favor of #397

@lavaleri lavaleri closed this Dec 21, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@texastony texastony Awaiting requested review from texastony

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lavaleri @texastony