Closed c0c0n3 closed 11 months ago
CLA Assistant Lite bot All contributors have signed the CLA ✍️
There are two geo-coding tests that have failed:
But those failures are actually unrelated to this PR. In fact, the coords of the points we expect have changed in the OpenStreetMap DB (51.12...
vs 51.23...
) This kind of thing crops up every now and then, you could blame it on whoever updates the OpenStreetMap DB, but I'd rather blame it on ourselves not being able to write proper tests that are independent of the actual coords---what we need to check is not how accurate OSM is, but rather that we're able to parse the response.
Proposed changes
This PR upgrades most of the Python deps to fix security vulnerabilities, makes the Docker image build again and restores a working dev env on Apple silicon.
In detail, we've found a combination of Python dependencies that fixed all the security vulnerabilities reported by #736 as well as the ones below reported by Dependabot
The implemented combination of deps along with some Docker file fixes make the Docker image build succeed again, which works out the issues reported by #735.
Finally, we've chosen Python deps that make it possible to set up a Python dev env on Apple silicon. The Apple dev env used to work last year, but now it was broken both on M1 and M2. This PR fixes #734 and provides a minimal Nix dev env you can use both on x86 and aarch64.
Types of changes
What types of changes does your code introduce to the project?
Checklist
Further comments
Dependency hell. This PR entailed a tremendous amount of debugging, dependency analysis, testing and fiddling. Docker layers, image tagging and caching, silly build file syntax, Linux package managers...these are 20th century solutions to dependency management. Nix and NixOS have leaped in the 21st century already offering a way out of the mess with proper dependency management and programming language support. We should consider a Nix-based build system so we can track all deps properly and guarantee proper app isolation and build reproducibility. As an added benefit, we can create tiny Docker images, even smaller than what you can do with an Alpine base.
"Martel Open Source Software Individual Contributor License Agreement" "Contributing to QuantumLeap" "QuantumLeap Release Notes"