#5442 Revert "build(requirements): pin python package versions"
Closed 5 months ago by wombelix. Opened 8 months ago by ferdnyc.
ferdnyc/pagure pygit2-version  into  master

file modified
+2 -2
@@ -1,2 +1,2 @@ 

- cryptography <= 36.0.0

- python-jenkins <= 1.7.0

+ cryptography

+ python-jenkins

file modified
+1 -1
@@ -1,1 +1,1 @@ 

- trololio == 1.0

+ trololio

file modified
+16 -16
@@ -1,24 +1,24 @@ 

- bcrypt <= 3.2.2

- beautifulsoup4 <= 4.11.1

- black <= 22.8.0

- cryptography <= 36.0.0

- eventlet <= 0.33.2

- fedmsg <= 1.1.2

- flake8 <= 4.0.1

+ bcrypt

+ beautifulsoup4

+ black

+ cryptography

+ eventlet

+ fedmsg

+ flake8

+ mock

  

  # Important: Until https://github.com/puiterwijk/flask-oidc/pull/144 is merged and a new version of flask-oidc is released,

  # it's necessary to ensure `itsdangerous` is pinned to a version lower as 2.1 as well.

  flask-oidc <= 1.4.0

- itsdangerous < 2.1          

+ itsdangerous < 2.1

  

- mock <= 4.0.3

+ mock

  pagure-messages >= 0.0.1

- pytest <= 6.2.5

- pytest-cov <= 4.0.0

- pytest-xdist <= 2.5.0

- 

- python-fedora == 1.1.1

- trololio == 1.0

+ pytest

+ pytest-cov

+ pytest-xdist

+ python-fedora

+ trololio

  

  # Seems that mock doesn't list this one

- funcsigs <= 1.0.2

+ funcsigs

file modified
+31 -30
@@ -1,45 +1,46 @@ 

  # Used for when working from a virtualenv.

  # Use this file by running "$ pip install -r requirements.txt"

- alembic <= 1.8.1

- arrow <= 1.2.3

- bcrypt <= 3.2.2

- binaryornot == 0.4.4

- bleach <= 5.0.1

- blinker <= 1.5

- celery <= 5.2.6

- chardet <= 4.0.0

- cryptography <= 36.0.0

- docutils <= 0.17.1

+ alembic

+ arrow

+ bcrypt

+ binaryornot

+ bleach

+ blinker

+ celery

+ chardet

+ cryptography

+ docutils

  

  # required for backward compatibility

  email_validator

  

- flask <= 2.2.2

+ flask

  werkzeug < 3.0.0

- flask-wtf <= 1.0.0

- kitchen == 1.2.6

- markdown <= 3.3.7

- munch <= 2.5.0

- Pillow <= 9.2.0

- psutil <= 5.9.2

- pygit2 >= 0.26.0, <=1.8.0

- python3-openid <= 3.2.0

- python-openid-cla == 1.2

- python-openid-teams == 1.1

- redis <= 3.5.3

- requests <= 2.28.1

- six <= 1.16.0

+ flask-wtf

+ kitchen

+ markdown

+ munch

+ Pillow

+ psutil

+ pygit2 >= 0.26.0

+ python3-openid

+ python-openid-cla

+ python-openid-teams

+ redis

+ requests

  

  # required for backward compatibility

  setuptools

  

- sqlalchemy >= 0.8, <=1.4.46

- straight.plugin == 1.5.0

- whitenoise <= 6.2.0

- wtforms <= 3.0.1

+ six

+ # sqlalchemy minimum 0.8

+ sqlalchemy >= 0.8

+ straight.plugin >= 1.5.0

+ whitenoise

+ wtforms

  

  # Required only for the `oidc` authentication backend

- # Important: Until https://github.com/puiterwijk/flask-oidc/pull/144 is merged and a new version of flask-oidc is released, 

+ # Important: Until https://github.com/puiterwijk/flask-oidc/pull/144 is merged and a new version of flask-oidc is released,

  # it's necessary to ensure `itsdangerous` is pinned to a version lower as 2.1 as well.

  # flask-oidc <= 1.4.0

  # itsdangerous < 2.1
@@ -48,4 +49,4 @@ 

  # flask-session

  

  # Required only for the `fas` and `openid` authentication backends

- # python-fedora == 1.1.1

+ # python-fedora

This reverts commit c937675 except
where it makes sense (the temporary pinning of flask-oidc and
itsdangerous due to newer-version incompatibilities).

A conversation can be had about reproducibility (including possibly creating a requirements-frozen.txt with == pinned versions), but doing it in a heavy-handed manner across the entire set of requirements breaks lots of things, especially on different Python versions.

Fixes #5441

Metadata Update from @ngompa:
- Request assigned

8 months ago

pretty please pagure-ci rebuild

5 months ago

@ferdnyc we pinned as workaround to have working unit tests during development of Pagure 6. There was just no other option to move forward. It wasn't done because we think that's a good solution.
So from a technical perspective I agree with the issue you raised and the PR you submitted. But I'm pretty sure this will kill the unit tests again.

I can review the PR but you have to rebase first please, the PR is out of sync with the master branch.

OK this PR only removes the pins without addressing the problems in the code base with newer package versions. I'm closing this one in favour of https://pagure.io/pagure/pull-request/5463.

Pull-Request has been closed by wombelix

5 months ago