Closed turbomam closed 2 days ago
PR Preview Action v1.4.7
:---:
:rocket: Deployed preview to https://microbiomedata.github.io/nmdc-schema/pr-preview/pr-2097/
on branch gh-pages
at 2024-07-03 12:54 UTC
I'd rather not have a new direct dependency be introduced when the only reason it is being introduced is to specify that a specific version of it be installed (and it is otherwise a transitive dependency). With this approach, even if the direct dependencies switch to using something other than urllib3
, nmdc-schema
will continue to "depend" on it.
I think you can instead run:
poetry update urllib3
And then commit the resulting poetry.lock
file.
can you suggest an alternative?
I posted a shell command (suggestion) right above your most recent comment (I think we posted those at roughly the same time).
@turbomam, here's what I suggest for a PR description:
GitHub's "dependabot" recently reported an issue in the
urllib3
Python package upon which this project depends. According to "dependabot," the issue is present inurllib3
version 2.2.1, but not 2.2.2. In this branch, I ranpoetry update urllib3
to updateurllib3
to a version newer than 2.2.1, and committed the resultingpoetry.lock
file.This branch does not contain any schema changes.
GitHub's dependabot recently reported an issue in the
urllib3
Python package upon which this project depends. According to dependabot, the issue is present inurllib3
version 2.2.1, but not 2.2.2. In this branch, I ranpoetry update urllib3
to updateurllib3
to a version newer than 2.2.1, and committed the resultingpoetry.lock
file.