search

adobe-apiplatform / umapi-client.py

Python client for the User Management API (UMAPI) from Adobe
https://developer.adobe.com/umapi/
MIT License
12 stars 19 forks source link

poetry: unlock cryptography versions to prevent conflicts with other packages #115

Open markjm opened 22 hours ago

markjm commented 22 hours ago

Summary

Currently, cryptography is pinned to cryptography = "^38.0.4". In poetry, this expands to >=38.04,<39.

This worked well for old cryptography package versions since they always looked like 3.X.Y, but starting in 35.* versioning changed.

See https://cryptography.io/en/latest/api-stability/#versioning for specifics - essentially a major version change does not indicate breaking changes necessarily.

In short, code that runs without warnings will always continue to work for a period of two major releases.

From time to time, we may decide to deprecate an API that is particularly widely used. In these cases, we may decide to provide an extended deprecation period, at our discretion.

Testing

Running tests on latest cryptography right now (40), all tests pass

Additionally, a random sampling of 3p dependencies used in a random internal project seems to indicate that this is standard practice image

Note - I have signed the CLA on behalf of my company, tied to my github username @markjm

markjm commented 22 hours ago

Hi @adorton-adobe - thanks for maintaining the project. I have created a small PR which i think demonstrates a problem and fixes it. Please let me know if there is anything else youd like from me for validation or process!