You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Set up a dependency monitoring and automatic updating of GitHub actions through dependabot. This should automatically update to the latest version all the time.
Set up dependency monitoring and automatic updating of Python dependencies.
Note that Python does not have a standardised way to lock dependencies. Additionally, all dependencies are shared within a virtual environment which can give rise to conflicts easily.
As a result, there is merit to supporting the widest range of versions possible. As a rule of thumb, I think we should have all dependencies specified as follows:
Default to having version ~= x.0, where x is the latest major version supported.
If we require a specific feature introduced after x.0, then use ~= x.y where y is the first minor version to introduce the required feature.
A minor version greater than x.0 might also be used if there is a security vulnerability that has direct and significant consequences to Pact Python.
As a result of the above, the Dependabot configuration for Python will need to be tweaked from the default.
Set up automatically dependency monitoring and automatic updating of pre-commit hooks. This should automatically update to the latest version all the time.
Has this been requested on Canny?
No response
Motivation
I want to set up automatic dependency updates for Pact Python, so that maintainers can be aware of updates and continuously upgrade them, as opposed to accumulating debt and making the upgrade process subsequently more difficult.
Have you tried building it?
No response
Self-service
I'd be willing to contribute this feature to Pact Python myself.
The text was updated successfully, but these errors were encountered:
🤖 Great news! We've labeled this issue as smartbear-supported and created a tracking ticket in PactFlow's Jira (PACT-1410). We'll keep work public and post updates here. Meanwhile, feel free to check out our docs. Thanks for your patience!
Have you read the Contributing Guidelines on issues?
Description
Set up a dependency monitoring and automatic updating of GitHub actions through dependabot. This should automatically update to the latest version all the time.
Set up dependency monitoring and automatic updating of Python dependencies.
Note that Python does not have a standardised way to lock dependencies. Additionally, all dependencies are shared within a virtual environment which can give rise to conflicts easily.
As a result, there is merit to supporting the widest range of versions possible. As a rule of thumb, I think we should have all dependencies specified as follows:
~= x.0
, wherex
is the latest major version supported.x.0
, then use~= x.y
wherey
is the first minor version to introduce the required feature.x.0
might also be used if there is a security vulnerability that has direct and significant consequences to Pact Python.As a result of the above, the Dependabot configuration for Python will need to be tweaked from the default.
Set up automatically dependency monitoring and automatic updating of pre-commit hooks. This should automatically update to the latest version all the time.
Has this been requested on Canny?
No response
Motivation
I want to set up automatic dependency updates for Pact Python, so that maintainers can be aware of updates and continuously upgrade them, as opposed to accumulating debt and making the upgrade process subsequently more difficult.
Have you tried building it?
No response
Self-service
The text was updated successfully, but these errors were encountered: