Application Dependencies Lock File #795
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What should we change and why?
Arelle operates both as a Python library and an application, which requires dependency management for both of these scenarios.
As a Library: compatible version ranges for dependencies should be specified to maintain compatibility when installed alongside other libraries that require the same dependencies.
As an Application: To achieve reproducible builds, a lock file should be used that outlines explicit versions of all direct and indirect dependencies.
At present, version ranges are appropriately managed in the library use case as seen in pyproject.toml. However, for the application use case, despite having requirements.txt, requirements-dev.txt, and requirements-build.txt files specifying explicit versions of direct dependencies, versions of indirect dependencies are not specified.
Possible solutions to manage this better could be:
These options should be explored for better dependency management.
The text was updated successfully, but these errors were encountered: