Kleissner
commented
2 years ago Is there any advantage of pinning the packages (instead of just using the latest one)? Thank you for your efforts.
Closed cmlh closed 2 years ago
Kleissner
commented
2 years ago Is there any advantage of pinning the packages (instead of just using the latest one)? Thank you for your efforts.
cmlh
commented
2 years ago @Kleissner
Is there any advantage of pinning the packages (instead of just using the latest one)?
https://packaging.python.org/discussions/install-requires-vs-requirements/#install-requires states "_It is not considered best practice to use installrequires to pin dependencies to specific versions, or to specify sub-dependencies (i.e. dependencies of your dependencies)."
However, the reason that I have pinned both the major and minor release of the Python package within setup.py is to reach a compromise with @hynek "Semantic Versioning Will Not Save You".
I can also git cherry-pick and exclude https://github.com/IntelligenceX/SDK/pull/14/commits/35309e8eb7a9635a30e219f19272be389e0bbf4d too?
Kleissner
commented
2 years ago I can also git cherry-pick and exclude 35309e8 too?
Yes please do that!
cmlh
commented
2 years ago Replaced by Pull Request https://github.com/IntelligenceX/SDK/pull/18 as requested by @Kleissner within https://github.com/IntelligenceX/SDK/pull/14#issuecomment-944170989
Check pinned Python Packages against https://github.com/pyupio/safety
The @GItHub Actions is successful.