dash v2.10.0

[regro-cf-autotick-bot]

It is very likely that the current package version for this feedstock is out of date.

Checklist before merging this PR:

• [ ] Dependencies have been updated if changed: see upstream
• [ ] Tests have passed
• [ ] Updated license if changed and license_file is packaged

Information about this PR:

1. Feel free to push to the bot's branch to update this PR if needed.
2. The bot will almost always only open one PR per version.
3. The bot will stop issuing PRs if more than 3 version bump PRs generated by the bot are open. If you don't want to package a particular version please close the PR.
4. If you want these PRs to be merged automatically, make an issue with code>@conda-forge-admin,</codeplease add bot automerge in the title and merge the resulting PR. This command will add our bot automerge feature to your feedstock.
5. If this PR was opened in error or needs to be updated please add the bot-rerun label to this PR. The bot will close this PR and schedule another one. If you do not have permissions to add this label, you can use the phrase code>@<space/conda-forge-admin, please rerun bot in a PR comment to have the conda-forge-admin add it for you.

Dependency Analysis

Please note that this analysis is highly experimental. The aim here is to make maintenance easier by inspecting the package's dependencies. Importantly this analysis does not support optional dependencies, please double check those before making changes. If you do not want hinting of this kind ever please add bot: inspection: false to your conda-forge.yml. If you encounter issues with this feature please ping the bot team conda-forge/bot.

Analysis by source code inspection shows a discrepancy between it and the the package's stated requirements in the meta.yaml.

Packages found by source code inspection but not in the meta.yaml:

• requests
• coloredlogs
• pyyaml
• fire

_{This PR was created by the regro-cf-autotick-bot. The regro-cf-autotick-bot is a service to automatically track the dependency graph, migrate packages, and propose package version updates for conda-forge. Feel free to drop us a line if there are any issues! This PR was generated by https://github.com/regro/cf-scripts/actions/runs/5085392719, please use this URL for debugging.}

[conda-forge-webservices[bot]]

Hi! This is the friendly automated conda-forge-linting service.

I just wanted to let you know that I linted all conda-recipes in your PR (recipe) and found it was in an excellent condition.

[moorepants]

This version adds these pins:

Flask>=1.0.4,<=2.2.3
Werkzeug<=2.2.3

I expressed my concerns about this on the Dash issue tracker. This will inevitably cause installation issues in conda environments when you want to have dash installed along side other things that depend on Flask.

I would rather not add these pins on the feedstock. If we don't add them and a new Flask release breaks dash, then the user can pin to an older version of Flask/Werkzeug in their environment until a new Dash release comes out. This puts the onus on the user if they decide to upgrade things in an environment rather than us trying to predict the future and being strict on pins when the strictness is likely not necessary the vast majority of the time.

If we include the pins and new versions of Flask don't break dash (or only break some things in dash) then these pins just cause installation compatibility problems in conda envs.

[bandersen23]

I understand the concerns with the limit on the upper bounds (but pypi users would have the same problem), but I believe we should strive to keep dependencies as close to the source as possible - therefore, since they added the upper bound I would recommend adding the upper bound. It seems as though it could just be a short season of changes being worked through on latest Flask updates per the PR. Dash intends in the future pin to <2.4 which feels more natural and I would assume comes out in another update either way, so it seems this would just be short term.

[moorepants]

I understand the concerns with the limit on the upper bounds (but pypi users would have the same problem)

Yes, but that is a problem we don't have any control over. We have control over how the conda package works.

but I believe we should strive to keep dependencies as close to the source as possible

for downstream packaging, I think it is better to ensure that the package works in the system it is being packaged for. If flask changing does actually break something, then we can always add a build number bump to control things for a bit, but prematurely adding a pin for a problem that doesn't yet exist is overly restrictive.

[bandersen23]

Merging this as is to catch the updated versions