fix: prevent downstream breakages by using compatible release version clauses (`~=` instead of `>=`)

pyupio / safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

https://safetycli.com/product/safety-cli

MIT License

1.66k stars 141 forks source link

fix: prevent downstream breakages by using compatible release version clauses (`~=` instead of `>=`) #518

Open jeff-at-tamer-dot-codes opened 2 months ago

jeff-at-tamer-dot-codes commented 2 months ago

Switching to ~= will prevent unintentionally breaking our users due to a major version change out of our control upstream. For packages still in beta (i.e. packages whose major versions equal zero), we use the latest "major.minor.bugfix" as the version identifier; otherwise we use "major.minor". Tested manually. I believe this PR fixes #511 in spirit.