search

aspiers / git-deps

git commit dependency analysis tool
GNU General Public License v2.0
297 stars 46 forks source link

Dependency freezing #128

Open jerryleooo opened 1 month ago

jerryleooo commented 1 month ago

I encountered such error today:

Traceback (most recent call last):
  File "/Users/jerry/.pyenv/versions/3.9.5/bin/git-deps", line 8, in <module>
    sys.exit(run())
  File "/Users/jerry/.pyenv/versions/3.9.5/lib/python3.9/site-packages/git_deps/cli.py", line 146, in run
    main(sys.argv[1:])
  File "/Users/jerry/.pyenv/versions/3.9.5/lib/python3.9/site-packages/git_deps/cli.py", line 140, in main
    cli(options, args)
  File "/Users/jerry/.pyenv/versions/3.9.5/lib/python3.9/site-packages/git_deps/cli.py", line 123, in cli
    detector.find_dependencies(rev)
  File "/Users/jerry/.pyenv/versions/3.9.5/lib/python3.9/site-packages/git_deps/detector.py", line 103, in find_dependencies
    sha1s = [commit.hex[:8] for commit in self.todo]
  File "/Users/jerry/.pyenv/versions/3.9.5/lib/python3.9/site-packages/git_deps/detector.py", line 103, in <listcomp>
    sha1s = [commit.hex[:8] for commit in self.todo]
AttributeError: '_pygit2.Commit' object has no attribute 'hex'

And after some debug I think it's related to the new release of pygit2, which removed hex method in its newer versions, ref: https://github.com/libgit2/pygit2/blob/master/CHANGELOG.md I resolved this by installing version 1.10.1

I also encountered this issue: https://github.com/aspiers/git-deps/issues/110 ,which was caused my Werkzeug version is too new and I had to install version 2.0.3 to resolve it

I checked the requirements.txt and found it only has a lower version limit, while I think an upper version limit might be necessary.

aspiers commented 1 month ago

Good catch, and thanks a lot for reporting! That said, it seems this should be resolved easily by changing foo.hex to str(foo) and I'd prefer to move forwards rather than spend time keeping things working with old versions. Do you think you might be able to submit a PR for that? Also see #118 which I never finished but shows that this package needs modernizing in more than one way.

jerryleooo commented 1 month ago

Hi @aspiers , I am sorry but I still prefer freezing the dep versions for better maintainability, so I am not able to submit a PR for such change..

aspiers commented 1 month ago

I'm fine with freezing versions, but freezing on a pygit2 version which is already broken by newer releases would mean that no other upgrade is possible until the hex issue is resolved. I'll try to find time to fix it, but it probably won't be in the next month as I have a lot of other commitments currently.