Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ python:
- '3.4'
- '3.5'
install:
# ensure we have recent pip/setuptools
- pip install --upgrade pip setuptools
- pip install -r requirements-test.txt
- pip install release-manager
- pip install -e .
Expand Down
12 changes: 6 additions & 6 deletions setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -75,12 +75,12 @@
],

install_requires=[
"greenlet==0.4.10",
"requests==2.2.1",
"greenlet>=0.4.10",
"requests>=2.2.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would better to put upper bounds to be safe, but feel free to ignore this suggestion. For example Requests uses semver: http://docs.python-requests.org/en/master/dev/philosophy/#semantic-versioning

There is also ~= operator if you prefer it: https://www.python.org/dev/peps/pep-0440/#compatible-release

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using the ~= will still downgrade if the minor version doesn't match so I'm not sure but an upper bound sounds like a very good idea.

What should the upper bound be? I can bump on our end to latest, try it out and put that as the upper bound.

@asoltysik Andrzej Sołtysik (asoltysik) Aug 6, 2018

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For requests I think it's safe to put < 3.0.0 as they are using SemVer - for others I guess it depends what versioning scheme they are using?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm also all for adding upper bounds. Of course we need to update the tracker more often, but last time unbounded dependencies caused a lot of pain as we simply didn't know what deps were used last time.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 for upper bounds

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Silviu Tantos (@razius) If we can get upper bounds on all these, this should be ready for merging.

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Michael Hadam (@mhadam) , I'll try to find some time this weekend.

"pycontracts==1.7.6",
"celery==3.1.11",
"gevent==1.0.2",
"redis==2.9.1",
"six==1.9.0"
"celery>=3.1.11,<3.1.25",
"gevent>=1.0.2",
"redis>=2.9.1",
"six>=1.9.0"
],
)