dvzrv
commented
1 year ago Case in point: https://github.com/click-contrib/click-aliases/issues/5#issuecomment-1581103552 :smiling_face_with_tear:
Open dvzrv opened 1 year ago
dvzrv
commented
1 year ago Case in point: https://github.com/click-contrib/click-aliases/issues/5#issuecomment-1581103552 :smiling_face_with_tear:
Hi! When trying to upgrade to 0.4.38 I noticed that you have added a new dependency on click-aliases.
The project has not done a release since 2019 and although upstream seems not completely dead, it not testing against anything newer than Python 3.7, nor against click > 7 is very concerning.
From a developer's point of view I fully understand that you need to rely on 3rd party dependencies, however, please make sure that these are still alive and (ideally) tested against recent Python releases and the ecosystem (e.g. click) they integrate with.
As pynitrokey does neither have blanket unit tests, which ensure that runtime dependencies are met, nor declares dependency changes in the changelog, it is very easy to miss changes as a downstream packager.