hainenber commented on code in PR #40987:
URL: https://github.com/apache/superset/pull/40987#discussion_r3408958505
##########
pyproject.toml:
##########
@@ -38,6 +38,12 @@ dependencies = [
# no bounds for apache-superset-core until we have a stable version
"apache-superset-core",
"backoff>=1.8.0",
+ # cachetools is used directly by ``superset.db_engine_specs.aws_iam``
(TTLCache).
+ # It used to be installed transitively via ``google-auth`` (<2.53), but
+ # ``google-auth`` 2.53+ dropped it, so Superset must declare it
+ # explicitly to keep fresh ``pip install apache-superset`` working
+ # without the ``base.txt`` lock file (#40962).
+ "cachetools>=5.0, <7",
Review Comment:
This semver range is a bit too broad, encompassing both v5 and v6. Let's
limit to v6 only
```suggestion
"cachetools>=6.2.1, <7",
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
