You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2021/01/29 09:32:11 UTC

[GitHub] [superset] villebro commented on pull request #12804: fix(release): pin pyjwt to version <2

villebro commented on pull request #12804:
URL: https://github.com/apache/superset/pull/12804#issuecomment-769690744


   > I would prefer to pin all our main dependencies under the next major
   > 
   > Yes, we should give poetry another try
   
   After some more research, I believe tackling this properly will require fairly extensive updating of how we manage dependencies. As such I'd prefer to keep this as a hotfix one-liner, and not add pinning to all deps listed in `setup.py`, because we already know this won't solve the full problem. As can be seen, `PyJWT` was not previously listed as a dependency, hence we would have to pin all implicit deps from `requirements/base.txt` here to catch them all, which in itself might be risky and reduce the maintainability of `setup.py`.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org