search

dandi / zarr_checksum

Algorithms for calculating a zarr checksum against local or cloud storage
https://pypi.org/project/zarr-checksum/
Apache License 2.0
11 stars 3 forks source link

Bump project dependencies #32

Closed jjnesbitt closed 11 months ago

jjnesbitt commented 11 months ago

Since several PRs were opened, and I'd need to bump a version for each one to merge it, I bundled them all here.

jwodder commented 11 months ago

@AlmightyYakob FYI: For the dependencies that didn't have major version bumps (i.e., not black), increasing the minimum required versions in pyproject.toml was the wrong thing to do. If you actually look at Dependabot's PRs, you'll see they only update the lockfile, as there is no need to update pyproject.toml unless a dependency has a major version bump or the code starts using a feature added in a later version of a dependency. This PR causes problems for me in a project that uses aiobotocore, which has very restrictive version requirements for botocore, a dependency of boto3.

jjnesbitt commented 11 months ago

I see. Would reverting the version bumps in pyproject.toml (except for black) fix the issue for you? I can bump the version (0.3.0 -> 0.3.1 unless you have any objections) and yank 0.2.12 from PyPI.

jwodder commented 11 months ago

0.3.1 will be useful later (The project in question doesn't yet support Pydantic v2.). Don't yank 0.2.12; pip's dependency resolver seems to do the right thing at the moment.