P403n1x87
commented
1 year ago Awesome find! Should we perhaps make this more general and pin all dependencies?
Closed gnufede closed 1 year ago
P403n1x87
commented
1 year ago Awesome find! Should we perhaps make this more general and pin all dependencies?
brettlangdon
commented
1 year ago Awesome find! Should we perhaps make this more general and pin all dependencies?
I'd prefer we not, same as our other packages, we should only set minimum required versions....
in fact for this, we could probably just do virtualenv<=20.20.0 to avoid upgrading someones own version of virtualenv.
P403n1x87
commented
1 year ago IMO we should install riot in its isolated environment as a stand-alone tool (e.g. with pipx) and pin all dependencies. I don't think that we would ever have the need to "inject" riot in other environments.
gnufede
commented
1 year ago we just need a changelog entry, otherwise lgtm
Should it be a fix entry? or what kind?
brettlangdon
commented
1 year ago IMO we should install riot in its isolated environment as a stand-alone tool (e.g. with
pipx) and pin all dependencies. I don't think that we would ever have the need to "inject" riot in other environments.
We aren't the only users of riot though. so instead would be better to be as open/permissive on dependencies as possible.
If we want we can/should have a pipx/pip-compile lock file for riot where we install it in our CI environment?
brettlangdon
commented
1 year ago @P403n1x87 we can probably handle as a follow-up, since this fix vs changing how riot defines dependencies can be separated. wdyt?
P403n1x87
commented
1 year ago @P403n1x87 we can probably handle as a follow-up, since this fix vs changing how riot defines dependencies can be separated. wdyt?
👍 yep, that's fine by me.
Virtualenv dropped support for Python 2.7, so we need to pin this requirement in order to keep creating 2.7 virtualenvs