Closed VikingScientist closed 4 months ago
I don't disagree, but just to illustrate the problem, the question is what version of, say, numpy do we test against on the CI machines.
https://github.com/SINTEF/Splipy/blob/131175054904a5a1528b1adeccc87fa90c6aa6cb/requirements.txt#L1
Right now we use this version (1.21), which has wheels on PyPi for Python 3.10 but not 3.11. We use that one instead of 1.22 because 1.22 dropped support for Python 3.7, which we are also testing against. The newest numpy version, 1.23, has releases for Python 3.8 to 3.11.
Python 3.7 isn't EOL until next summer.
Maybe we need to just use different dependency versions for different test runs.
But we could also benefit from a clearer policy about which Python versions our packages should target (not just this one but all the other ones too).
This document provides a guide for the Python scientific community at large: https://numpy.org/neps/nep-0029-deprecation_policy.html
Maybe we should just conform to it? And, by consequence, drop Python 3.7.
This document provides a guide for the Python scientific community at large: https://numpy.org/neps/nep-0029-deprecation_policy.html
I love it! Clear conscise reccomendations. Away with Python 3.7! One of my main concerns with dropping older versions is if it breaks for older ubuntu users, but python 3.8 has been the default since Ubuntu 20.04, so this should be sufficient. The NEP does however also state that we should support at a minimum the 3 latest minor releases of numpy. Which is at the time of writing at numpy version 1.23.4. Why dependabot then suggest we upgrade to version 1.22 in #159 I cannot tell. Who is this bot and where does he come from?
When fixing this issue and dropping support for python 3.7 we must also update the contribution guidelines in README.md
to state what the development choices being made are. Basically just link to the NEP and say that we try to follow this.
Sure thing (y)
Why dependabot then suggest we upgrade to version 1.22 in https://github.com/SINTEF/Splipy/pull/159 I cannot tell. Who is this bot and where does he come from?
Dependabot is a Github system that auto-PRs some types of repositories when some of their dependencies have security bugs. I'm not sure why it wants to bump Numpy though, and in any case the requirements files aren't for end users so I'm not concerned. You can disable it on a per-repo level, maybe I should just do that.
Is there any reason to keep this open after #162 was merged?
As of october 24th, python 3.11 is officially released and this should be reflected in the CI pipeline with tests run against this as well.