foca icon indicating copy to clipboard operation
foca copied to clipboard
verified publisher icon elixir-cloud-aai

build: relax dependency version limits

Open uniqueg opened this issue 2 years ago • 0 comments

Problem

Currently, the versions of most dependencies are pinned to a precise version. This means that everytime a pinned version gets deprecated, removed etc, all apps relying on FOCA stop working.

Solution

Relax dependency version limits such that any compatible version with the currently pinned ones can be used. E.g., if a version is pinned to 1.2.3, then any version that fulfills >= 1.2.3, < 2 should be permitted.

For any minor dependencies that likely would not stop FOCA from working if updated to a new major version, we can also remove the < part.

I would suggest, as a starting point, to only prevent new major versions from the following packages:

  • celery <6
  • connexion <3
  • Flask <3
  • Flask-PyMongo <3
  • pydantic <2
  • pymongo <4
  • Werkzeug <3

All the rest, just >= currently pinned version should probably/hopefully work just fine.

uniqueg avatar Jan 22 '24 15:01 uniqueg