-
Notifications
You must be signed in to change notification settings - Fork 6.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updated to protobuf==3.15.0 in src/emailservices/requirements.in & src/recommendation/requirements.in #723
Conversation
🚲 PR staged at http://104.155.159.186 |
|
🚲 PR staged at http://104.155.159.186 |
1 similar comment
🚲 PR staged at http://104.155.159.186 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
re: dependabot not working with pip-compile by default, it seems possible to enable that: https://github.blog/changelog/2021-01-19-dependabot-pip-compile-5-5-0-support/
Changes look good! I played around with the staging deployment and all looks well.
Before we merge, could we add a little comment besides the protobuf
bump in the .in
files that we should remove that line once we bump to a version of the Google APIs that makes use of those newer protobuf?
Since protobuf
is a transitive dep, we ideally wouldn't have it in the .in
and would keep it as slim as possible (bumping the direct dep which depends on it, instead)
Good idea - I'll make the changes and push it 👍 |
🚲 PR staged at http://104.155.159.186 |
…c/recommendation/requirements.in (GoogleCloudPlatform#723) * Updated to requirements.in * Bump to recommendationservice requirements.in and txt * Added comment to req.in
…c/recommendation/requirements.in (GoogleCloudPlatform#723) * Updated to requirements.in * Bump to recommendationservice requirements.in and txt * Added comment to req.in
Background
Related to #717, where a dependabot alert was generated for
protobuf
. There is also an alert generated forrecommendationservice
, which was captured in this PRFixes
The dependabot didn't update
requirements.in
file. The PR generated was only for the auto-generatedrequirements.txt
. If a pip-compile was ran, it will returnprotobuf
to3.13.0
(I checked the libs that it depends on, and the minimum requirement by any of them was3.13.0
)Change Summary
Pinned
protobuf
in emailservice and recommendationservice to 3.15.0Additional Notes
n/a
Testing Procedure
n/a
Related PRs or Issues
#717