search

NatLibFi / Annif

Annif is a multi-algorithm automated subject indexing tool for libraries, archives and museums.
https://annif.org
Other
190 stars 41 forks source link

Pin Flask and rdflib major/minor versions #697

Closed juhoinkinen closed 11 months ago

juhoinkinen commented 1 year ago

Currently Flask and rdflib are loosely pinned in pyproject.toml:

flask = ">=1.0.4,<3"
...
rdflib = ">=4.2,<7.0"

I meant to pin all major/minor versions of all non-dev dependencies as suggested in #683, but missed these two.

Lets do it for the next release, however wait for connexion 3 release, as the current connexion version 2.14 dependens on not-latests Flask version.

juhoinkinen commented 1 year ago

Also the versions of system packages for Voikko in the Docker image could be pinned. Current ones are the following:

docker run -it quay.io/natlibfi/annif:apt-upgrade apt-cache policy libvoikko1 voikko-fi
libvoikko1:
  Installed: 4.3-1+b1
  Candidate: 4.3-1+b1
  Version table:
 *** 4.3-1+b1 100
        100 /var/lib/dpkg/status
voikko-fi:
  Installed: 2.4-1
  Candidate: 2.4-1
  Version table:
 *** 2.4-1 100
        100 /var/lib/dpkg/status
juhoinkinen commented 11 months ago

In branch update-dependencies-v1.0 Flask is pinned to 2.2. instead of newer 2.3. due to the requirement by Connexion v2.14.2.

Changing pinning of rdflib from >=4.2,<7.0.* to 6.0.* actually downgrades rdflib and urllib3:

(annif-py3.8) jmminkin@lx8-9811-008:/home/local/jmminkin/git/Annif$ poetry update
Updating dependencies
Resolving dependencies... (8.6s)

Package operations: 0 installs, 2 updates, 0 removals

  • Updating urllib3 (2.0.4 -> 1.26.16)
  • Updating rdflib (6.3.2 -> 6.0.2)

Which is strange. I think it is better to not touch this line, to avoid the downgrades.

(Updating rdflib to 7.* is blocked by the requirement by stwfsapy.)

osma commented 11 months ago

How about pinning rdflib to 6.3.* instead? That would match the currently used version (6.3.2).

juhoinkinen commented 11 months ago

How about pinning rdflib to 6.3.* instead? That would match the currently used version (6.3.2).

Yes, that is the right pinning ofcourse. And using it does not downgrade urllib3.

juhoinkinen commented 11 months ago

Also the versions of system packages for Voikko in the Docker image could be pinned. Current ones are the following:

docker run -it quay.io/natlibfi/annif:apt-upgrade apt-cache policy libvoikko1 voikko-fi
libvoikko1:
  Installed: 4.3-1+b1
  Candidate: 4.3-1+b1
  Version table:
 *** 4.3-1+b1 100
        100 /var/lib/dpkg/status
voikko-fi:
  Installed: 2.4-1
  Candidate: 2.4-1
  Version table:
 *** 2.4-1 100
        100 /var/lib/dpkg/status

@osma Any opinion on pinning the system packages? Some Debian versions use different voikko package versions / version numbers:

Now I think pinning system packages is not necessary.

osma commented 11 months ago

Any opinion on pinning the system packages? Some Debian versions use different voikko package versions / version numbers

In my understanding, choosing a specific Debian stable release (e.g. bookworm) in practice pins the voikko/libvoikko versions into a very narrow range. Only serious bugs will be fixed by Debian, and if that happens, we probably want to upgrade to the updated versions. So I don't think pinning on that level is necessary.