Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clamp down versions tighter #866

Closed
nphilipp opened this issue Jul 10, 2023 · 0 comments · Fixed by #867
Closed

Clamp down versions tighter #866

nphilipp opened this issue Jul 10, 2023 · 0 comments · Fixed by #867
Assignees
@nphilipp
Labels
dependencies Pull requests that update a dependency file

Comments

@nphilipp
Copy link
Collaborator

We’ve been playing a little (too) loose with dependency versions before we switched from Dependabot to Renovate (which deals with major version upgrades). Let’s go back to caret versions and let Renovate open PRs for upgraded versions so snags like in #864 are avoided.
@nphilipp nphilipp added the dependencies Pull requests that update a dependency file label Jul 10, 2023
@nphilipp nphilipp self-assigned this Jul 10, 2023
@nphilipp nphilipp mentioned this issue Jul 10, 2023
Merged
nphilipp added a commit to nphilipp/duffy that referenced this issue Jul 10, 2023
@nphilipp
Set allowed version ranges of dependencies tighter
e045363 
Prior to using Renovate to take care of dependency updates, we used
Dependabot which didn’t submit PRs for major version upgrades of
dependencies. With version specifications of the format "^0.y.z", Poetry
only accepts new versions that bump the least significant digit of the
specification as fulfilling the spec.

Fixes: CentOS#866

Signed-off-by: Nils Philippsen <nils@redhat.com>
nphilipp added a commit that referenced this issue Jul 10, 2023
@nphilipp
Set allowed version ranges of dependencies tighter
6246a82 
Prior to using Renovate to take care of dependency updates, we used
Dependabot which didn’t submit PRs for major version upgrades of
dependencies. With version specifications of the format "^0.y.z", Poetry
only accepts new versions that bump the least significant digit of the
specification as fulfilling the spec.

Fixes: #866

Signed-off-by: Nils Philippsen <nils@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nphilipp nphilipp

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Set allowed version ranges of dependencies tighter nphilipp/duffy
1 participant
@nphilipp