Re: [PR] fix: pin packaging dep to 25 [skywalking-python]

Mon, 12 Jan 2026 00:38:55 -0800 


Copilot commented on code in PR #383:
URL: https://github.com/apache/skywalking-python/pull/383#discussion_r2681292559


##########
pyproject.toml:
##########
@@ -72,7 +72,7 @@ sw-python = 'skywalking.bootstrap.cli.sw_python:start'
 python = ">=3.8, <=3.13"
 grpcio = '*'
 grpcio-tools = '*'
-packaging = '*'
+packaging = '25.0'

Review Comment:
   The PR description lacks critical information about why the packaging 
dependency needs to be pinned to version 25.0. Without context about what issue 
this fixes or why this specific version is required, it's difficult to validate 
whether this is the correct approach.
   
   Additionally, the poetry.lock file currently shows packaging version 24.2 is 
in use. If version 25.0 doesn't exist yet or if there are compatibility 
concerns, this change could break the build. Please verify that:
   1. Version 25.0 of the packaging library actually exists and is available on 
PyPI
   2. It's compatible with the Python version constraints (>=3.8, <=3.13)
   3. There's a documented reason for this specific version pin (e.g., a bug 
fix, breaking change in a newer version, etc.)
   ```suggestion
   packaging = '24.2'
   ```



##########
pyproject.toml:
##########
@@ -72,7 +72,7 @@ sw-python = 'skywalking.bootstrap.cli.sw_python:start'
 python = ">=3.8, <=3.13"
 grpcio = '*'
 grpcio-tools = '*'
-packaging = '*'
+packaging = '25.0'

Review Comment:
   Pinning the packaging dependency to an exact version ('25.0') deviates from 
the project's dependency management pattern for core runtime dependencies. In 
the [tool.poetry.dependencies] section, most dependencies use wildcards ('*') 
or flexible version constraints (e.g., '>=2.26.0', '^0.17.0'), with only psutil 
having an upper bound ('<=5.9.5').
   
   Exact version pins are more appropriate for the plugin dependencies (lines 
105-140) where specific versions are needed for testing compatibility. For a 
core utility library like packaging, consider using a more flexible constraint 
such as '>=25.0,<26.0' or '^25.0' to allow for patch updates while maintaining 
stability. This would prevent dependency resolution issues and align with the 
existing patterns in this section.
   ```suggestion
   packaging = "^25.0"
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to