ghost
commented
5 years ago How to update @ykdojo? Using pip ?
Closed ykdojo closed 5 years ago
ghost
commented
5 years ago How to update @ykdojo? Using pip ?
ykdojo
commented
5 years ago No I think we're going to keep using pipenv for this.
On Sat, Oct 20, 2018 at 11:57 AM rahul9832 notifications@github.com wrote:
How to update @ykdojo https://github.com/ykdojo? Using pip ?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ykdojo/editdojo/issues/7#issuecomment-431593991, or mute the thread https://github.com/notifications/unsubscribe-auth/ABukw0pSo_XBOUR4HKeqftS7YrQ5-XsVks5um0gFgaJpZM4Xw6qB .
bsoyka
commented
5 years ago @ykdojo, the issue is that a new version of Django could be released with a change that breaks the code, but it still fits the requirement, so your code should would no longer work. I recommend Dependabot. When a new version of a dependency (like Django) is released, the bot will make a PR updating the Pipfile with the new version number. Then, you make sure nothing will break your code, and merge the PR to update the Pipfile requirement.
So, it’s not necessarily an issue with a new version of Django, but it’s how you are requiring it in the Pipfile. Instead use:
django==2.1.2
and set up Dependabot, which will take care of the rest.
ykdojo
commented
5 years ago Okay sounds good. Thanks for the info!
bsoyka
commented
5 years ago Of course! Happy to help!
ykdojo
commented
5 years ago
It's just because GitHub says Django < 2.1.2 has some security issues. I'm not sure what they are exactly, but probably better to be safe here.