You can also create an empty virtual env, install
all requirements and then do
pip freeze > requirements.txt
That should take care of pinning
Am Fr., 5. Mai 2023 um 13:11 Uhr schrieb Lucas Werkmeister
<lucas.werkmeister(a)wikimedia.de <mailto:lucas.werkmeister@wikimedia.de>>:
For the general case of Python projects, I’d
argue that a better solution is to adopt the lockfile pattern (package-lock.json,
composer.lock, Cargo.lock, etc.) and pin all dependencies, and only update them when the
new versions have been tested and are known to work. pip-tools
<https://pypi.org/project/pip-tools/> can help with that, for example
(requirements.in <http://requirements.in/> specifies “loose” dependencies;
pip-compile creates a pinned requirements.txt; pip-sync installs it; pip-compile -U
upgrades requirements.txt later; you check both requirements.in
<http://requirements.in/> and requirements.txt into version control.) But I don’t
know if that applies in your integration/config case.
Am Do., 4. Mai 2023 um 18:08 Uhr schrieb Antoine Musso <hashar(a)free.fr
<mailto:hashar@free.fr>>:
> Hello,
>
> This is for python projects.
>
> Today, May 4th, urllib3 <https://pypi.org/project/urllib3/#history> has
released a new major version 2.0.2 which breaks the extremely popular requests
<https://pypi.org/project/requests/> library.
>
> The fix is to pin urllib3<2 to prevent the new major version from being installed
(example <https://gerrit.wikimedia.org/r/c/integration/config/+/915736/1/tox.ini>).
>
>
https://phabricator.wikimedia.org/T335977
>
> Upstream issue:
https://github.com/psf/requests/issues/6432
>
>
>
> Antoine "hashar" Musso
> Wikimedia Release Engineering
> _______________________________________________
> Wikitech-l mailing list -- wikitech-l(a)lists.wikimedia.org
<mailto:wikitech-l@lists.wikimedia.org>
> To unsubscribe send an email to wikitech-l-leave(a)lists.wikimedia.org
<mailto:wikitech-l-leave@lists.wikimedia.org>
>
https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
--
Lucas Werkmeister (he/er)
Software Engineer
Wikimedia Deutschland e. V. | Tempelhofer Ufer 23-24 | 10963 Berlin
Phone: +49 (0)30-577 11 62-0
https://wikimedia.de <https://wikimedia.de/>
Imagine a world in which every single human being can freely share in the sum of all
knowledge. Help us to achieve our vision!
https://spenden.wikimedia.de <https://spenden.wikimedia.de/>
Wikimedia Deutschland - Gesellschaft zur Förderung Freien Wissens e. V. Eingetragen im
Vereinsregister des Amtsgerichts Berlin-Charlottenburg unter der Nummer 23855 B. Als
gemeinnützig anerkannt durch das Finanzamt für Körperschaften I Berlin, Steuernummer
27/029/42207.
_______________________________________________
Wikitech-l mailing list -- wikitech-l(a)lists.wikimedia.org
<mailto:wikitech-l@lists.wikimedia.org>
To unsubscribe send an email to wikitech-l-leave(a)lists.wikimedia.org
<mailto:wikitech-l-leave@lists.wikimedia.org>
https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
--
Amir (he/him)
_______________________________________________
Wikitech-l mailing list -- wikitech-l(a)lists.wikimedia.org
<mailto:wikitech-l@lists.wikimedia.org>
To unsubscribe send an email to wikitech-l-leave(a)lists.wikimedia.org
<mailto:wikitech-l-leave@lists.wikimedia.org>