Update dependencies

[CasperWA]

Update dependencies

Automatically created PR from the dependabot_updates branch.

For more information see the "Dependabot updates" workflow.

To-do

• Check that the diff is sensible, and that tests and builds pass with the new dependency versions.
• Check whether the dependency versions in setup.py need updating, keeping the version requirements as loose as possible.
• Make sure that the PR is squash merged, with a sensible commit message.

[codecov]

Codecov Report

Merging #1017 (1df1b80) into master (0db4e7d) will decrease coverage by 0.02%.
The diff coverage is 66.66%.

@@            Coverage Diff             @@
##           master    #1017      +/-   ##
==========================================
- Coverage   92.91%   92.89%   -0.03%     
==========================================
  Files          67       67              
  Lines        3782     3784       +2     
==========================================
+ Hits         3514     3515       +1     
- Misses        268      269       +1     

Flag	Coverage Δ
project	92.89% <66.66%> (-0.03%)	⬇️
validator	92.89% <66.66%> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
optimade/server/entry_collections/mongo.py	94.44% <66.66%> (-1.71%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0db4e7d...1df1b80. Read the comment docs.

[CasperWA]

Note - The major change in these updates is the change from PyMongo v3 to v4. See changes here.
It seems to me it makes sense to update to v4, not including v3 support, since we've already dropped the old Python version support. The only issue might the Mongo v3 drops? But is this really an issue? If yes, we should probably still allow the latest PyMongo v3, having something like: pymongo>=3.12.1,<5.

[ml-evs]

Note - The major change in these updates is the change from PyMongo v3 to v4. See changes here. It seems to me it makes sense to update to v4, not including v3 support, since we've already dropped the old Python version support. The only issue might the Mongo v3 drops? But is this really an issue? If yes, we should probably still allow the latest PyMongo v3, having something like: pymongo>=3.12.1,<5.

I think we should keep support for Mongo v3 until the next minor version (and add a deprecation message here) - I am using Mongo v3.6 (which still gets updates) and migrating to newer versions requires some care. I imagine MP are using a more recent Mongo (maybe we could ask).

[JPBergsma]

The tests pass for me with the new dependency versions

[ml-evs]

Can we add the following (or similar) to optimade/server/entry_collections/mongo.py?

    from pymongo import version_tuple
    if version_tuple[0] < 4:
        LOGGER.warning(
            "Support for pymongo<=3 (and thus MongoDB v3) is deprecated and will be removed in the next minor release."
        )

[ml-evs]

Also, a side comment, do you think weekly dependency updates is still a suitable cadence? We don't have any "active" developments going on at the moment (and releases are less frequent than 1 per month), perhaps we could turn it down a notch?

[CasperWA]

Also, a side comment, do you think weekly dependency updates is still a suitable cadence? We don't have any "active" developments going on at the moment (and releases are less frequent than 1 per month), perhaps we could turn it down a notch?

Sure. The frequency can be edited here:

optimade-python-tools/.github/workflows/ci_dependabot.yml

Line 8 in 0db4e7d

- cron: "30 6 * * 3"

[CasperWA]

Can we add the following (or similar) to optimade/server/entry_collections/mongo.py?

Added. But only if pymongo is imported, i.e., if CONFIG.database_backend is "mongodb".
Should it be general instead? I think I'd rather have it this way, personally.

I tried to look into mongomock to see if they have some similar "issues", but I couldn't find anything.

[ml-evs]

Added. But only if pymongo is imported, i.e., if CONFIG.database_backend is "mongodb". Should it be general instead? I think I'd rather have it this way, personally.

Yeah that's where I imagined it would go.

I tried to look into mongomock to see if they have some similar "issues", but I couldn't find anything.

Indeed, I'm not really sure why pymongo itself needs to drop support (beyond additional maintenance burden).

[ml-evs]

Sure. The frequency can be edited here:

optimade-python-tools/.github/workflows/ci_dependabot.yml

Line 8 in 0db4e7d

- cron: "30 6 * * 3"

I don't feel super strongly about it, just worry that we'll end up as project with multiple dep update PRs in a row without any new code :)

[ml-evs]

Thanks @CasperWA !

[CasperWA]

Sure. The frequency can be edited here:

optimade-python-tools/.github/workflows/ci_dependabot.yml

Line 8 in 0db4e7d

- cron: "30 6 * * 3"

I don't feel super strongly about it, just worry that we'll end up as project with multiple dep update PRs in a row without any new code :)

Welp... it's better than nothing? :)