Closed ykdojo closed 5 years ago
How to update @ykdojo? Using pip ?
No I think we're going to keep using pipenv for this.
On Sat, Oct 20, 2018 at 11:57 AM rahul9832 notifications@github.com wrote:
How to update @ykdojo https://github.com/ykdojo? Using pip ?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ykdojo/editdojo/issues/7#issuecomment-431593991, or mute the thread https://github.com/notifications/unsubscribe-auth/ABukw0pSo_XBOUR4HKeqftS7YrQ5-XsVks5um0gFgaJpZM4Xw6qB .
@ykdojo, the issue is that a new version of Django could be released with a change that breaks the code, but it still fits the requirement, so your code should would no longer work. I recommend Dependabot. When a new version of a dependency (like Django) is released, the bot will make a PR updating the Pipfile with the new version number. Then, you make sure nothing will break your code, and merge the PR to update the Pipfile requirement.
So, it’s not necessarily an issue with a new version of Django, but it’s how you are requiring it in the Pipfile. Instead use:
django==2.1.2
and set up Dependabot, which will take care of the rest.
Okay sounds good. Thanks for the info!
Of course! Happy to help!
It's just because GitHub says Django < 2.1.2 has some security issues. I'm not sure what they are exactly, but probably better to be safe here.