[
https://issues.apache.org/jira/browse/TINKERPOP-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17622885#comment-17622885
]
Stephen Mallette commented on TINKERPOP-2810:
---------------------------------------------
i've been burned so many times on release day by python dependencies suddenly
causing problems because of an upgrade that wasn't accounted for in all the
testing we did the weeks before. so in my frustration, i pin them tight to
versions we know work. i realize that's not the way python/js sorta work but
semantic versioning seems a bit of a myth given my experience with these
ecosystems on release days. just my two cents, so i'll leave it to others who
know this space better to decide what's best - at least until i'm responsible
for another release perhaps, get annoyed and pin them again :)
+0 for this change.
> gremlinpython aiohttp dependency requirement too strict
> -------------------------------------------------------
>
> Key: TINKERPOP-2810
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2810
> Project: TinkerPop
> Issue Type: Bug
> Components: python
> Affects Versions: 3.6.1
> Reporter: Gunther Vogel
> Priority: Major
>
> Currently, the requirements specify aiohttp >= 3.8.0, <= 3.8.1, disallowing
> newer bugfix releases of aiohttp (current version is 3.8.3). Following the
> general semantic versioning rules, the upper bound should be <4.0.0 (disallow
> breaking changes).
> The current requirements are the result of TINKERPOP-2668 which only had the
> goal of avoiding the bug contained in versions <= 3.7.4.
> Fixing aiohttp at a non-current bugfix release step increases the maintenance
> effort needed to get an error-free overall library setup; in my case,
> gremlinpython is not even used directly, but just pulled in by awswrangler.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
