Update django requirement from >=2.2.9,~=2.2 to >=2.2,<4.0 #219
Conversation
![dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?s=60&v=4){kind=small}
dependabot-preview
bot
added
the
dependency_updates
Codecov Report
@@ Coverage Diff @@
## master #219 +/- ##
=======================================
Coverage 87.15% 87.15%
=======================================
Files 42 42
Lines 1892 1892
=======================================
Hits 1649 1649
Misses 243 243
Continue to review full report at Codecov.
|
dependabot-preview
bot
force-pushed
the
dependabot/pip/master/django-gte-2.2-and-lt-4.0
branch
from
b017004
to
65d9ea9
Compare
CasperWA
force-pushed
the
dependabot/pip/master/django-gte-2.2-and-lt-4.0
branch
3 times, most recently
from
edaf2b1
to
2d5e9d2
Compare
There was a problem hiding this comment.
Adding the patch to the minimum required django version.
For the same reasons as was the case for #218, this change makes sense.
However, it should be noted, that for fresh installations, the newest allowed version will be installed by default (i.e., django v3.0.4).
Updates the requirements on [django](https://github.com/django/django) to permit the latest version. - [Release notes](https://github.com/django/django/releases) - [Commits](django/django@2.2.9...3.0.4) Update CI requirements.txt Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: Casper Welzel Andersen <casper.andersen@epfl.ch>
CasperWA
force-pushed
the
dependabot/pip/master/django-gte-2.2-and-lt-4.0
branch
from
2d5e9d2
to
8098cd5
Compare
|
It seems to me we should be careful. We could remedy this, I believe, by setting the TL;DR: We may not properly test our package for the support we claim with these dependencies spanning multiple major versions. |
I agree that we should be more cautious here, given that we don't really have any tests for elasticsearch/Django directly and instead are only testing the transformers. |
So the question then becomes whether we should stick to the version of the implementation at the time or move to a newer one? |
|
At least for elasticsearch_dsl, the underlying question is, would it work with both versions? I imagine that the python interface is the same for v6 and v7 and all differences between the versions are in the elastic search request/response handling. In this case we can span over both versions. If not, we might need different version specific transformers. It seems to work for 7.1.0 which you have in the requirements, right? I can tell you it also works (at least we use it) for 6.4.0 (selected by pip from elasticsearch-dsl>=6.0.0,<7.0.0). Therefore, I think it should work for elasticsearch-dsl>=6.0.0,<8.0.0 as well. I would not bother to support older versions. |
Yeah, we just updated from |
|
Sounds good to me.
…On Tue, Mar 10, 2020 at 12:24 PM Casper Welzel Andersen < ***@***.***> wrote:
At least for elasticsearch_dsl, the underlying question is, would it work
with both versions? I imagine that the python interface is the same for v6
and v7 and all differences between the versions are in the elastic search
request/response handling. In this case we can span over both versions. If
not, we might need different version specific transformers.
It seems to work for 7.1.0 which you have in the requirements, right? I
can tell you it also works (at least we use it) for 6.4.0 (selected by pip
from elasticsearch-dsl>=6.0.0,<7.0.0). Therefore, I think it should work
for elasticsearch-dsl>=6.0.0,<8.0.0 as well. I would not bother to support
older versions.
Yeah, we just updated from elasticsearch-dsl~=6.4, i.e., >=6.4.0,<7.0.0
to the current span over both v6 and v7.
We will keep it this way then, but eventually only test v7.1.0 (since this
is what's installed in the CI tests). Is that acceptable?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#219?email_source=notifications&email_token=AA2WUXFVEEMAWX22TW5D3RTRGYPPHA5CNFSM4LELMIS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEOLAXGQ#issuecomment-597035930>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA2WUXCD7I4B3UOFO7VFQMDRGYPPHANCNFSM4LELMISQ>
.
|
dependabot-preview
bot
deleted the
dependabot/pip/master/django-gte-2.2-and-lt-4.0
branch
Updates the requirements on django to permit the latest version.
Commits
c2250cf[3.0.x] Bumped version for 3.0.4 release.26a5cf8[3.0.x] Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS fu...c5cfaad[3.0.x] Fixed #31150 -- Included subqueries that reference related fields in ...4977f20[3.0.x] Documented default value of InlineModelAdmin.extra.5320ba9[3.0.x] Removed outdated note about not supporting partial indexes by Django.94e192a[3.0.x] Refs #31312 -- Fixed FTimeDeltaTests.test_date_case_subtraction() test.16cacdc[3.0.x] Fixed #31312 -- Properly ordered temporal subtraction params on MySQL.59ac25c[3.0.x] Fixed #31313 -- Fixed is_upperclass() example in enumeration types docs.ae6c6f9[3.0.x] Removed hint from fields.E310 message in system check docs.0193a16[3.0.x] Fixed #31303 -- Removed outdated note about symmetrical intermediate ...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.
You can always request more updates by clicking
Bump nowin your Dependabot dashboard.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and language@dependabot badge mewill comment on this PR with code to add a "Dependabot enabled" badge to your readmeAdditionally, you can set the following in your Dependabot dashboard: