Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chore/bump werkzeug 3.0.3 #217

Merged
merged 2 commits into from
May 20, 2024
Merged

Chore/bump werkzeug 3.0.3 #217

merged 2 commits into from
May 20, 2024

Conversation

george42-ctds
Copy link
Contributor

@george42-ctds george42-ctds commented May 17, 2024
edited by jira bot
Loading

JIRA ticket: PPS-1184

New Features

Breaking Changes

Bug Fixes

Improvements

Dependency updates

  • werkzeug to 3.0.3
  • jinja2 to 3.1.4
  • cryptography to 42.0.7

Deployment changes

@github-actions GitHub Actions
Copy link

The style in this PR agrees with black. ✔️

This formatting comment was generated automatically by a script in uc-cdis/wool.

MaribelleHGomez
MaribelleHGomez reviewed May 20, 2024
View reviewed changes
Copy link

@MaribelleHGomez MaribelleHGomez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm only seeing changes for the lock file?

@george42-ctds
Copy link
Contributor Author

Yes, correct, only bumping a few dependencies in the lock file.

@MaribelleHGomez
Copy link

Yes, correct, only bumping a few dependencies in the lock file.

so we're choosing not to change the toml file, and changing the lock file instead?

@george42-ctds
Copy link
Contributor Author

Yes, the minimal update is to just have changes in the lock file, or do a "re-lock". The relevant packages (werkzeug, etc.) are not direct dependencies and are not listed in the pyproject.toml. The "re-locking" was sufficient to bump up these packages by a patch version or minor version. Sometimes you have to start bumping versions in the pyproject.toml to bump up sub-dependencies but that is not required in this case.

@george42-ctds
Copy link
Contributor Author

Poetry will still utilize the pyproject.toml to determine which versions to install. Everything will still adhere to the rules in the proproject.toml.

@george42-ctds george42-ctds merged commit 9864735 into master May 20, 2024
13 checks passed
@george42-ctds george42-ctds deleted the chore/bump-werkzeug-3.0.3 branch May 20, 2024 21:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MaribelleHGomez MaribelleHGomez MaribelleHGomez approved these changes

Assignees
No one assigned
Labels
@requires-peregrine
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@george42-ctds @MaribelleHGomez