diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 895ad08229..a8a8cc37ae 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -6,11 +6,12 @@ Thank you for considering contributing to **dlt**! We appreciate your help in ma 1. [Getting Started](#getting-started) 2. [Submitting Changes](#submitting-changes) -3. [Linting](#linting) -4. [Testing](#testing) -5. [Local Development](#local-development) -6. [Publishing (Maintainers Only)](#publishing-maintainers-only) -7. [Resources](#resources) +3. [Adding or updating core dependencies](#adding-or-updating-core-dependencies) +4. [Linting](#linting) +5. [Testing](#testing) +6. [Local Development](#local-development) +7. [Publishing (Maintainers Only)](#publishing-maintainers-only) +8. [Resources](#resources) ## Before You Begin @@ -62,6 +63,26 @@ only the `duckdb` and `postgres` are available to forks. In case you submit a new destination or make changes to a destination that require credentials (so Bigquery, Snowflake, buckets etc.) you **should contact us so we can add you as contributor**. Then you should make a PR directly to the `dlt` repo. +## Adding or updating core dependencies + +Our objective is to maintain stability and compatibility of dlt across all environments. +By following these guidelines, we can make sure that dlt stays secure, reliable and compatible. +Please consider the following points carefully when proposing updates to dependencies. + +### Updating guidelines + +1. **Critical security or system integrity updates only:** + Major or minor version updates to dependencies should only be considered if there are critical security vulnerabilities or issues that impact the system's integrity. In such cases, updating is necessary to protect the system and the data it processes. + +2. **Using the '>=' operator:** + When specifying dependencies, please make sure to use the `>=` operator while also maintaining version minima. This approach ensures our project remains compatible with older systems and setups, mitigating potential unsolvable dependency conflicts. + +For example, if our project currently uses a package `example-package==1.2.3`, and a security update is +released as `1.2.4`, instead of updating to `example-package==1.2.4`, we can set it to `example-package>=1.2.3,<2.0.0`. This permits the necessary security update and at the same time +prevents the automatic jump to a potentially incompatible major version update in the future. +The other important note on using possible version minimas is to prevent potential cases where package +versions will not be resolvable. + ## Linting `dlt` uses `mypy` and `flake8` with several plugins for linting. diff --git a/poetry.lock b/poetry.lock index 257714ad6a..bb3001d25f 100644 --- a/poetry.lock +++ b/poetry.lock @@ -8635,13 +8635,13 @@ files = [ [[package]] name = "tzdata" -version = "2024.1" +version = "2023.3" description = "Provider of IANA time zone data" optional = false python-versions = ">=2" files = [ - {file = "tzdata-2024.1-py2.py3-none-any.whl", hash = "sha256:9068bc196136463f5245e51efda838afa15aaeca9903f49050dfa2679db4d252"}, - {file = "tzdata-2024.1.tar.gz", hash = "sha256:2674120f8d891909751c38abcdfd386ac0a5a1127954fbc332af6b5ceae07efd"}, + {file = "tzdata-2023.3-py2.py3-none-any.whl", hash = "sha256:7e65763eef3120314099b6939b5546db7adce1e7d6f2e179e3df563c70511eda"}, + {file = "tzdata-2023.3.tar.gz", hash = "sha256:11ef1e08e54acb0d4f95bdb1be05da659673de4acbd21bf9c69e94cc5e907a3a"}, ] [[package]] @@ -9090,4 +9090,4 @@ weaviate = ["weaviate-client"] [metadata] lock-version = "2.0" python-versions = ">=3.8.1,<3.13" -content-hash = "0bd3559c3b2e0ad8a33bfdb81586f1db8399d862728e8899b259961c8e175abf" +content-hash = "dfd9c83255cedff494fa28475473f232cae56ec49451f770c6940f0cb3e2b33e" diff --git a/pyproject.toml b/pyproject.toml index 301ac726ea..97b1cb5aba 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -30,7 +30,7 @@ simplejson = ">=3.17.5" PyYAML = ">=5.4.1" semver = ">=2.13.0" hexbytes = ">=0.2.2" -tzdata = ">=2024.1" +tzdata = ">=2022.1" tomlkit = ">=0.11.3" pathvalidate = ">=2.5.2" typing-extensions = ">=4.0.0" @@ -80,6 +80,7 @@ pyodbc = {version = "^4.0.39", optional = true} qdrant-client = {version = "^1.6.4", optional = true, extras = ["fastembed"]} databricks-sql-connector = {version = ">=2.9.3,<3.0.0", optional = true} dbt-databricks = {version = "^1.7.3", optional = true} +black = "23.9.1" [tool.poetry.extras] dbt = ["dbt-core", "dbt-redshift", "dbt-bigquery", "dbt-duckdb", "dbt-snowflake", "dbt-athena-community", "dbt-databricks"]