On Wed, Mar 26, 2025 at 2:08 AM Markus Armbruster <arm...@redhat.com> wrote:
> John Snow <js...@redhat.com> writes: > > > A few transitive dependencies were left floating; as a result, pip's > > dependency solver can pull in newer dependencies, which we don't > > want. Pin them down. > > > > Signed-off-by: John Snow <js...@redhat.com> > > What problem exactly does this fix? Make target check-minreqs? > I'm not sure it's a "problem" as such, but an inconsistency. Yes, it's with check-minreqs -- without this patch, pip is free to choose newer versions of these dependencies as appropriate. Though unlikely at this point, in theory, new dependency updates could be selected by pip and invalidate the concept of an entirely fixed/pinned virtual environment. That these transitive dependencies were not frozen initially was an oversight. check-minreqs is supposed to build the exact same venv every time without fail. Without this change, it's *possible* that it might do something different on release day if someone releases a new package. No good, probably. > > > --- > > python/tests/minreqs.txt | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/python/tests/minreqs.txt b/python/tests/minreqs.txt > > index a3f423efd84..19c0f5e4c50 100644 > > --- a/python/tests/minreqs.txt > > +++ b/python/tests/minreqs.txt > > @@ -38,10 +38,14 @@ pyflakes==2.5.0 > > > > # Transitive mypy dependencies > > mypy-extensions==1.0.0 > > +tomli==1.1.0 > > typing-extensions==4.7.1 > > > > # Transitive pylint dependencies > > astroid==2.15.4 > > +dill==0.2 > > lazy-object-proxy==1.4.0 > > +platformdirs==2.2.0 > > toml==0.10.0 > > +tomlkit==0.10.1 > > wrapt==1.14.0 > >
