fix: #49 allow newer version of dependencies

sonatype-nexus-community / jake

Check your Python environments for vulnerable Open Source packages with OSS Index or Sonatype Nexus Lifecycle.

https://jake.readthedocs.io/

Apache License 2.0

114 stars 24 forks source link

fix: #49 allow newer version of dependencies #57

Closed bhamail closed 3 years ago

bhamail commented 3 years ago

Allow newer version of dependencies.

The click library had failures when the very recently released v8.0.0 was used, so I added an upper bound to solve that issue for now.

Also fixed an error due to db.purge deprecation, replaced with db.truncate call.

Fixes #49

cc @bhamail / @DarthHater

bhamail commented 3 years ago

@jwa5426 Please holler if this looks sane to you.

jwa5426 commented 3 years ago

@bhamail I agree with preventing the click 8.0.0 issue, I actually ran into that as well. For some of the other non-issue ones maybe it is a good idea to keep them pinned to known good versions or at least a tighter range.

bhamail commented 3 years ago

@jwa5426 Thanks for looking this over! I was trying to fix the issues described in Issue #49, and "looser" version ranges seemed better for the reasons mentioned there. That said, I'm not against adding upper bounds to version ranges when we slam into known issues (e.g. click 8.0.0).

jwa5426 commented 3 years ago

@bhamail seems reasonable to me 👍