dpaiton
commented
1 year ago This might be easier to accomplish by using conventional commits and commitizen
Open dpaiton opened 1 year ago
dpaiton
commented
1 year ago This might be easier to accomplish by using conventional commits and commitizen
dpaiton
commented
5 months ago Partially addressed by https://github.com/delvtech/agent0/pull/1490
but that didn't seem to work; release v0.20.1 did not include the requirements list in the assets.
dpaiton
commented
2 months ago Partially addressed after #1657 lands
We have to fix
requirements.txtto control the dependency versions to ensure that updates do not break our code.However, for security reasons, we need to make sure to stay on top of updates with all of our dependencies. Here's a blogpost that gives a high-level overview, and this post is also worth a read. We can use dependabot to fix part of the problem, but we need to deep-dive on how to best handle this.
One other solution is to refuse some versions, but allow all others. However I think the best solution is to pin major versions and allow patches tocome through.