Update package dependences (dependabot) #1172
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
misi9170
added
the
package
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We recently introduced dependabot #1064 , and v4.6 is the first FLORIS version to include it; since v4.6 was released, dependabot opened four PRs to update dependencies: #1166, #1167, #1168, #1169. I have now tried various installations of FLORIS to confirm these, and the updates to
isort,pytest, andsphinx-autodoc-typehintsseem fine; however, the update tojupter-bookI am not currently OK with (see below). This PR combines the acceptable updates into a single PR to avoid having to merge three separate PRs, and also updates thelabelsfield of the dependabot.yml to prevent dependabot from automatically creating new labels (once this PR is merged and the ones dependabot opened are closed without merger, I will delete the automatically created labels).Regarding
jupyter-book:jupyter-bookv2 seems to require that node.js is installed. See here for more info. This seems an unnecessary extra dependency (that I'm not sure can be installed via pip), so I've leftjupyter-bookfixed atjupyter-book~=1.0for the time being. @rafmudaf , would you like to weigh in on this at all?Further, our current set-up of dependabot widens the version requirements to allow multiple major versions (e.g. from
isort~=5.0toisort>=5,<8). @paulf81 , back in #748, I think you were making an argument for trying to stick to a single major version for each requirement using the compatible-release specifier. Any opinions on whether we should stick to a single major version per requirement or are happy with a range? If we want to go with a single major version, we could move up to the latest available (that works), which would beisort~=7.0,pytest~=9.0,sphinx-autodoc-typehints~=3.0.Note that this PR only affects the "docs" and "develop" dependencies, not the main dependencies for simple installation of FLORIS. I believe this is simply luck this time around.
I have tried:
isortversions5.13.2(installed under current specification),6.1.0, and7.0.0.pytestupgraded to9.0.2sphinx-autodoc-typehintsupgrade to3.6.0When installing with
jupyter-book~=1.0, version1.0.4.post1is installed and works (including with the upgradedsphinx-autodoc-typehints); upgrading tojupyter-bookversion2.1.0triggered a prompt to install node.js, which I aborted.This is on my 2023 M3 Mac Pro.
Alternatively, we could simply take the dependabot PRs as informational only and non-critical, and simply close them (and this PR) without merger at this time.