On Thu, Mar 27, 2025 at 1:36 AM Markus Armbruster <arm...@redhat.com> wrote:
> John Snow <js...@redhat.com> writes: > > > On Wed, Mar 26, 2025 at 2:08 AM Markus Armbruster <arm...@redhat.com> > wrote: > > > >> John Snow <js...@redhat.com> writes: > >> > >> > A few transitive dependencies were left floating; as a result, pip's > >> > dependency solver can pull in newer dependencies, which we don't > >> > want. Pin them down. > >> > > >> > Signed-off-by: John Snow <js...@redhat.com> > >> > >> What problem exactly does this fix? Make target check-minreqs? > >> > > > > I'm not sure it's a "problem" as such, but an inconsistency. Yes, it's > with > > check-minreqs -- without this patch, pip is free to choose newer versions > > of these dependencies as appropriate. Though unlikely at this point, in > > theory, new dependency updates could be selected by pip and invalidate > the > > concept of an entirely fixed/pinned virtual environment. > > > > That these transitive dependencies were not frozen initially was an > > oversight. > > > > check-minreqs is supposed to build the exact same venv every time without > > fail. Without this change, it's *possible* that it might do something > > different on release day if someone releases a new package. No good, > > probably. > > I see. > > You've been spoiling me with really nice commit messages... If you'd > like to push this one to that level, I'd suggest to start with a short > paragraph explaining why we pin versions for check-minreq, then state > the issue being fixed: we missed some pins. > "If you give a mouse a cookie, ..." Already typed it all out to you, might as well update the commit message at this point. --js
