henhuy
commented
1 year ago Hmm. Should have made a comment behind it, explaining why some stuff is pinnend. I'm pretty sure that pinning numpy and pyyaml happend for a reason - but unfortunately I'm not 100% sure. Can't remember pinning rtree though.
jnnr
Some of the dependencies are pinned to a version. This causes dependabot to complain, as it cannot install a newer version of numpy that has important security fixes. Have we pinned this for a specific purpose, @henhuy? Can we set more permissive constraints on the version?
https://github.com/rl-institut/oemof-B3/blob/0f8de8229a9cfeaba96be7b4f256ddd1a8136cda/pyproject.toml#L23-L25