Closed regro-cf-autotick-bot closed 1 year ago
Hi! This is the friendly automated conda-forge-linting service.
I just wanted to let you know that I linted all conda-recipes in your PR (recipe
) and found it was in an excellent condition.
This version adds these pins:
Flask>=1.0.4,<=2.2.3
Werkzeug<=2.2.3
I expressed my concerns about this on the Dash issue tracker. This will inevitably cause installation issues in conda environments when you want to have dash installed along side other things that depend on Flask.
I would rather not add these pins on the feedstock. If we don't add them and a new Flask release breaks dash, then the user can pin to an older version of Flask/Werkzeug in their environment until a new Dash release comes out. This puts the onus on the user if they decide to upgrade things in an environment rather than us trying to predict the future and being strict on pins when the strictness is likely not necessary the vast majority of the time.
If we include the pins and new versions of Flask don't break dash (or only break some things in dash) then these pins just cause installation compatibility problems in conda envs.
I understand the concerns with the limit on the upper bounds (but pypi users would have the same problem), but I believe we should strive to keep dependencies as close to the source as possible - therefore, since they added the upper bound I would recommend adding the upper bound. It seems as though it could just be a short season of changes being worked through on latest Flask updates per the PR. Dash intends in the future pin to <2.4
which feels more natural and I would assume comes out in another update either way, so it seems this would just be short term.
I understand the concerns with the limit on the upper bounds (but pypi users would have the same problem)
Yes, but that is a problem we don't have any control over. We have control over how the conda package works.
but I believe we should strive to keep dependencies as close to the source as possible
for downstream packaging, I think it is better to ensure that the package works in the system it is being packaged for. If flask changing does actually break something, then we can always add a build number bump to control things for a bit, but prematurely adding a pin for a problem that doesn't yet exist is overly restrictive.
Merging this as is to catch the updated versions
It is very likely that the current package version for this feedstock is out of date.
Checklist before merging this PR:
license_file
is packagedInformation about this PR:
please add bot automerge
in the title and merge the resulting PR. This command will add our bot automerge feature to your feedstock.bot-rerun
label to this PR. The bot will close this PR and schedule another one. If you do not have permissions to add this label, you can use the phrase code>@<space/conda-forge-admin, please rerun bot in a PR comment to have theconda-forge-admin
add it for you.Dependency Analysis
Please note that this analysis is highly experimental. The aim here is to make maintenance easier by inspecting the package's dependencies. Importantly this analysis does not support optional dependencies, please double check those before making changes. If you do not want hinting of this kind ever please add
bot: inspection: false
to yourconda-forge.yml
. If you encounter issues with this feature please ping the bot teamconda-forge/bot
.Analysis by source code inspection shows a discrepancy between it and the the package's stated requirements in the meta.yaml.
Packages found by source code inspection but not in the meta.yaml:
This PR was created by the regro-cf-autotick-bot. The regro-cf-autotick-bot is a service to automatically track the dependency graph, migrate packages, and propose package version updates for conda-forge. Feel free to drop us a line if there are any issues! This PR was generated by https://github.com/regro/cf-scripts/actions/runs/5085392719, please use this URL for debugging.