potiuk commented on PR #42954: URL: https://github.com/apache/airflow/pull/42954#issuecomment-2408126334
> Is there any place we can restrict the pip versions which are indirectly installed, in this case kiota-http is using inside msgraph_core, how to restrict pip version? It's a bit case-by-case. Usually it is ok to add such transitive dependency directly to provider as additional dependency - we've done that a number of times in the past - also it is often accompanied by an issue to the upstream project to let them know they have incompatibility and suggest to add similar transitive dependency in their package. What you've done here is following that and is a valid approach. However, often it turns out, that such "transitive dependency" limit is already added in a newer version of our direct dependency - but only in one of the latest versions and `uv` or `pip` do not resolve the latest version automatically - in such case we can also bump minimum version of such direct dependency. But this is really something that rquires to take a close look at history of changes in dependencies of such dependencies and understanding them. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
