villebro commented on pull request #12804: URL: https://github.com/apache/superset/pull/12804#issuecomment-769690744
> I would prefer to pin all our main dependencies under the next major > > Yes, we should give poetry another try After some more research, I believe tackling this properly will require fairly extensive updating of how we manage dependencies. As such I'd prefer to keep this as a hotfix one-liner, and not add pinning to all deps listed in `setup.py`, because we already know this won't solve the full problem. As can be seen, `PyJWT` was not previously listed as a dependency, hence we would have to pin all implicit deps from `requirements/base.txt` here to catch them all, which in itself might be risky and reduce the maintainability of `setup.py`. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
