Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve Python dependency PRs #1582

Closed
7 tasks done
tynandebold opened this issue Oct 16, 2023 · 3 comments
Closed
7 tasks done

Resolve Python dependency PRs #1582

tynandebold opened this issue Oct 16, 2023 · 3 comments
Assignees
@MehdiNV @ravi-kumar-pilla
Labels
Dependencies Pull requests that update a dependency file Python Pull requests that update Python code

Comments

@tynandebold
Copy link
Member

tynandebold commented Oct 16, 2023
edited
Loading

Description

We have a number of open dependabot PRs that we should resolve. They are:

This issue should only be closed when all of those PRs are closed, either by merging and accepting the update or closing them because they're not needed.

Checklist

  • Include labels so that we can categorise your issue
@tynandebold tynandebold added Dependencies Pull requests that update a dependency file Python Pull requests that update Python code labels Oct 16, 2023
@tynandebold tynandebold moved this to Todo in Kedro-Viz Oct 16, 2023
@astrojuanlu
Copy link
Member

Comment from the peanut gallery: since Kedro-Viz dependabot is using the default configuration, versioning-strategy is set to auto, meaning

Try to differentiate between apps and libraries. Use increase for apps and widen for libraries.

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#versioning-strategy

and since Kedro-Viz uses requirements.txt for its Python requirements, it's probably applying the increase strategy, which is arguably too aggressive for a component like Kedro-Viz. In fact, since Kedro switched to pyproject.toml, dependabot PRs have been using the widen strategy.

Viz can either

  • Do nothing and keep aggressively upgrading dependencies, but this can lead to problems with people that have environments with lots of dependencies.
  • Configure dependabot to use widen.
  • Migrate dependencies to pyproject.toml Move to pyproject.toml #1527 and keep the auto config.

@tynandebold
Copy link
Member Author

Thanks for the input. I think we'll go with your third bullet point above (Migrate dependencies to pyproject.toml). I've pulled that issue into this sprint now, so when that's done I hope these upgrades quiet down a bit.

@MehdiNV MehdiNV moved this from Todo to In Progress in Kedro-Viz Oct 16, 2023
@MehdiNV MehdiNV moved this from In Progress to Todo in Kedro-Viz Oct 16, 2023
@ravi-kumar-pilla ravi-kumar-pilla moved this from Todo to In Progress in Kedro-Viz Oct 17, 2023
@MehdiNV
Copy link
Contributor

MehdiNV commented Oct 20, 2023

The pyproject.toml ticket may take a while due to its complexity, so going to progress this ticket forward so that it's not blocked

@MehdiNV MehdiNV moved this from In Progress to Todo in Kedro-Viz Oct 20, 2023
@astrojuanlu astrojuanlu mentioned this issue Oct 24, 2023
Closed
@ravi-kumar-pilla ravi-kumar-pilla moved this from Todo to In Progress in Kedro-Viz Oct 24, 2023
@MehdiNV MehdiNV moved this from In Progress to In Review in Kedro-Viz Oct 24, 2023
@MehdiNV MehdiNV moved this from In Review to Done in Kedro-Viz Oct 25, 2023
@MehdiNV MehdiNV moved this from Done to In Review in Kedro-Viz Oct 25, 2023
@MehdiNV MehdiNV moved this from In Review to Done in Kedro-Viz Oct 25, 2023
@astrojuanlu astrojuanlu mentioned this issue Jul 4, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MehdiNV MehdiNV

@ravi-kumar-pilla ravi-kumar-pilla

Labels
Dependencies Pull requests that update a dependency file Python Pull requests that update Python code
Projects
Kedro-Viz
Status: Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@astrojuanlu @tynandebold @MehdiNV @ravi-kumar-pilla