You can also create an empty virtual env, install all requirements and then do pip freeze > requirements.txt
That should take care of pinning
Am Fr., 5. Mai 2023 um 13:11 Uhr schrieb Lucas Werkmeister < lucas.werkmeister@wikimedia.de>:
For the general case of Python projects, I’d argue that a better solution is to adopt the lockfile pattern (package-lock.json, composer.lock, Cargo.lock, etc.) and pin *all* dependencies, and only update them when the new versions have been tested and are known to work. pip-tools https://pypi.org/project/pip-tools/ can help with that, for example ( requirements.in specifies “loose” dependencies; pip-compile creates a pinned requirements.txt; pip-sync installs it; pip-compile -U upgrades requirements.txt later; you check both requirements.in and requirements.txt into version control.) But I don’t know if that applies in your integration/config case.
Am Do., 4. Mai 2023 um 18:08 Uhr schrieb Antoine Musso hashar@free.fr:
Hello,
This is for python projects.
Today, May 4th, urllib3 https://pypi.org/project/urllib3/#history has released a new major version 2.0.2 which breaks the extremely popular requests https://pypi.org/project/requests/ library.
The fix is to pin urllib3<2 to prevent the new major version from being installed (example https://gerrit.wikimedia.org/r/c/integration/config/+/915736/1/tox.ini ).
https://phabricator.wikimedia.org/T335977
Upstream issue: https://github.com/psf/requests/issues/6432
Antoine "hashar" Musso Wikimedia Release Engineering _______________________________________________ Wikitech-l mailing list -- wikitech-l@lists.wikimedia.org To unsubscribe send an email to wikitech-l-leave@lists.wikimedia.org
https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
-- Lucas Werkmeister (he/er) Software Engineer
Wikimedia Deutschland e. V. | Tempelhofer Ufer 23-24 | 10963 Berlin Phone: +49 (0)30-577 11 62-0 https://wikimedia.de
Imagine a world in which every single human being can freely share in the sum of all knowledge. Help us to achieve our vision! https://spenden.wikimedia.de
Wikimedia Deutschland - Gesellschaft zur Förderung Freien Wissens e. V. Eingetragen im Vereinsregister des Amtsgerichts Berlin-Charlottenburg unter der Nummer 23855 B. Als gemeinnützig anerkannt durch das Finanzamt für Körperschaften I Berlin, Steuernummer 27/029/42207. _______________________________________________ Wikitech-l mailing list -- wikitech-l@lists.wikimedia.org To unsubscribe send an email to wikitech-l-leave@lists.wikimedia.org https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/