search

iterative / scmrepo

SCM wrapper and fsspec filesystem for Git for use in DVC.
https://dvc.org
Apache License 2.0
21 stars 13 forks source link

unpin test deps #345

Closed skshetry closed 8 months ago

codecov-commenter commented 8 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 78.78%. Comparing base (a00b5ef) to head (a224599).

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #345 +/- ## ======================================= Coverage 78.78% 78.78% ======================================= Files 39 39 Lines 5156 5156 Branches 931 931 ======================================= Hits 4062 4062 Misses 930 930 Partials 164 164 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

sisp commented 8 months ago

Just out of curiosity: Why do you think unpinning dev/test dependencies is a good idea? I'd argue in favor of pinning – and even locking the entire dependency tree – and letting Dependabot or Renovate help in maintaining the pins/locks. Without pinning/locking, dev environments are non-deterministic, so tracing bugs becomes more difficult across environments. In fact, Renovate's config:best-practices preset includes the :pinDevDependencies preset. IMO, deptry has a great setup w.r.t. dependency management.

WDYT, @skshetry?

skshetry commented 8 months ago

Hi. I like pinning dependencies too, and it's a good idea in general.

Here, it's a tradeoff. With limited resources, and ~20 other libraries to maintain, it's hard for me to keep up with all the updates.

The pytest ecosystem is very mature, and I think it takes less effort to fix any issues that may arise due to a new update of a dependency than keeping up with the spam of updates.

We used to pin all test dependencies before when we had a larger team, but we started unpinning test dependencies in all projects we maintain as the team got smaller.

Also, see https://github.com/iterative/py-template/issues/90.

sisp commented 8 months ago

Thanks for clarifying and giving some background info. :+1: Have you considered using Renovate with auto-merge? deptry also uses it for some dependency types. If you're unpinning dependencies, there's no downside to automerging as you're not reviewing those changes either way. Regarding update spam (even with auto-merge): You could group updates with Renovate. Just my 2 cents. :wink: