Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unpin regex dependency #4924

Merged
merged 2 commits into from
Mar 31, 2023
Merged

unpin regex dependency #4924

merged 2 commits into from
Mar 31, 2023

Conversation

gruebel
Copy link
Contributor

@gruebel gruebel commented Mar 25, 2023

Which issue(s) does this change fix?

the regex package was pinned to version 2021.9.30 for over a year, even the issue was already fixed and the package dateparser, which is actually using it, is not pinning it.

Why is this change necessary?

I'm not judging, but I highly recommend to rethink your practice of pinning all these packages, which makes it almost impossible to install anything else in the same environment. You should rather start to embrace wildcard dependencies or at least upper/lower bounds for all of them. If you find an incompatible one, then you can easily exclude it, like I did in my PR.
The SAM CLI is pre-installed on CodeBuild via pip so your strict dependencies block any other packages version dependencies or dictate typically very old versions.
ex.

docker~=4.2.0 (from 06/2020, current latest 6.0.1)
jmespath~=0.10.0 (from 05/2020, current latest 1.0.1)
PyYAML>=5.4.1,==5.* (from 01/2021, current latest 6.0)
tzlocal==3.0 from 08/2021, current latest 4.3) <- dateparser doesn't pin this dependency, so probably worth to test an upgrade again
watchdog==2.1.2 (from 05/2021, current latest 3.0.0)

How does it address the issue?

What side effects does this change have?

Mandatory Checklist

PRs will only be reviewed after checklist is complete

  • Add input/output type hints to new functions/methods
  • Write design document if needed (Do I need to write a design document?)
  • Write/update unit tests
  • Write/update integration tests
  • Write/update functional tests if needed
  • make pr passes
  • make update-reproducible-reqs if dependencies were changed
  • Write documentation

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@gruebel gruebel requested a review from a team as a code owner March 25, 2023 17:53
@gruebel gruebel requested review from jfuss and qingchm March 25, 2023 17:53
@github-actions github-actions bot added pr/external stage/needs-triage Automatically applied to new issues and PRs, indicating they haven't been looked at. labels Mar 25, 2023
@gruebel gruebel mentioned this pull request Mar 25, 2023
Closed
moelasmar
moelasmar reviewed Mar 27, 2023
View reviewed changes
requirements/base.txt
# NOTE: regex is not a direct dependency of SAM CLI, but pin to 2021.9.30 due to 2021.10.8 not working on M1 Mac - https://bitbucket.org/mrabarnett/mrab-regex/issues/399/missing-wheel-for-macosx-and-the-new-m1
regex==2021.9.30
# NOTE: regex is not a direct dependency of SAM CLI, exclude version 2021.10.8 due to not working on M1 Mac - https://github.com/mrabarnett/mrab-regex/issues/399
regex!=2021.10.8
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in my opinion it is better to pin to a specific version, so the SAM CLI behaviour will be the same for everyone. Can you change this to pin to the latest stable version.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are you sure about that? the dependency comes from dateparser and currently only regex and tzlocal are pinned, but not pytz and python-dateutil. Also you don't pin most of the other indirect dependency coming from the other packages.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good point

@mildaniel mildaniel added this pull request to the merge queue Mar 31, 2023
Merged via the queue into aws:develop with commit 450d953 Mar 31, 2023
@gruebel gruebel deleted the unbound-regex-dep branch April 3, 2023 21:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moelasmar moelasmar moelasmar approved these changes

@mildaniel mildaniel mildaniel approved these changes

@jfuss jfuss Awaiting requested review from jfuss jfuss is a code owner automatically assigned from aws/serverless-application-experience-sbt

@qingchm qingchm Awaiting requested review from qingchm qingchm is a code owner automatically assigned from aws/serverless-application-experience-sbt

Assignees
No one assigned
Labels
pr/external stage/needs-triage Automatically applied to new issues and PRs, indicating they haven't been looked at.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gruebel @moelasmar @mildaniel