Updated to protobuf==3.15.0 in src/emailservices/requirements.in & src/recommendation/requirements.in #723
Conversation
xtineskim
changed the title
|
🚲 PR staged at http://104.155.159.186 |
|
|
|
🚲 PR staged at http://104.155.159.186 |
1 similar comment
|
🚲 PR staged at http://104.155.159.186 |
xtineskim
changed the title
There was a problem hiding this comment.
re: dependabot not working with pip-compile by default, it seems possible to enable that: https://github.blog/changelog/2021-01-19-dependabot-pip-compile-5-5-0-support/
Changes look good! I played around with the staging deployment and all looks well.
Before we merge, could we add a little comment besides the protobuf bump in the .in files that we should remove that line once we bump to a version of the Google APIs that makes use of those newer protobuf?
Since protobuf is a transitive dep, we ideally wouldn't have it in the .in and would keep it as slim as possible (bumping the direct dep which depends on it, instead)
Good idea - I'll make the changes and push it 👍 |
|
🚲 PR staged at http://104.155.159.186 |
…c/recommendation/requirements.in (GoogleCloudPlatform#723) * Updated to requirements.in * Bump to recommendationservice requirements.in and txt * Added comment to req.in
…c/recommendation/requirements.in (GoogleCloudPlatform#723) * Updated to requirements.in * Bump to recommendationservice requirements.in and txt * Added comment to req.in
Background
Related to #717, where a dependabot alert was generated for
protobuf. There is also an alert generated forrecommendationservice, which was captured in this PRFixes
The dependabot didn't update
requirements.infile. The PR generated was only for the auto-generatedrequirements.txt. If a pip-compile was ran, it will returnprotobufto3.13.0(I checked the libs that it depends on, and the minimum requirement by any of them was3.13.0)Change Summary
Pinned
protobufin emailservice and recommendationservice to 3.15.0Additional Notes
n/a
Testing Procedure
n/a
Related PRs or Issues
#717