amotl commented on issue #33162: URL: https://github.com/apache/superset/issues/33162#issuecomment-2977598267
Hi @mistercrunch, in this particular case we are really just looking at getting the marshmallow dependency fixed by running a regular release, but we can extend the topic into a general discussion, sure. > In theory we could put a ceiling based on semver, meaning we would always assume the a new major version of any package could break things, and even if say marshmallow 4.x isn't release yet, we would assume it could break things and always put a ceiling on the next major across ALL packages. Yeah, exactly. This is kind of common practice, and makes very much sense? > Now in practice doing this prevents `dependabot`/`supersetbot` from opening PRs trying to bump libraries. Maybe we'd need for these integration to alter or look beyond those ceilings. Can you elaborate how this breaks your workflow? It works perfectly well for us. With kind regards, Andreas. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
