Let dependencies in the pyproject.toml float upwards to reduce depencency version conflicts #2079
Conversation
when using capa as a library. Added requirements.txt to continue pinning dependency versions for release builds.
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Please add bug fixes, new features, breaking changes and anything else you think is worthwhile mentioning to the master (unreleased) section of CHANGELOG.md. If no CHANGELOG update is needed add the following to the PR description: [x] No CHANGELOG update needed
There was a problem hiding this comment.
overall looks good, with a few recommendations inline.
thanks @uckelman-sf!
| "dncil==1.0.2", | ||
| "pydantic==2.7.1", | ||
| "protobuf==5.26.1", | ||
| "tqdm>=4.66.3", |
There was a problem hiding this comment.
would you please add a comment that indicates something like "the following minimum dependency versions were imported in May 2024".
then if we have to bump some versions up, or otherwise restrict, we can move those to another section so that it's clear which are "hard" lower limits and which happen to be snapshots from today.
does this make sense? open to discussion.
There was a problem hiding this comment.
Yeah, makes sense.
|
Howdy! I... reaaaaaaaaaaalllllllllllllly... don't want to take three months of conference calls to sign a stupid CLA for some greater-than signs. Please consider this a well-specified bug report. :-) |
…andiant#2132) * relax pyproject dependency versions and introduce requirements.txt closes mandiant#2053 closes mandiant#2079 * pyproject: document dev/build profile dependency policies * changelog * doc: installation: describe requirements.txt usage * pyproject: don't use dnfile 0.15 yet --------- Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
Let dependencies in the pyproject.toml float upwards to reduce conflicts when using capa as a library. Added requirements.txt to continue pinning dependency versions for release builds.
Resolves #2053.
Checklist