A word of warning: using `pip freeze` to populate requirements.txt can result in a hard to read (very long) file and other issues: https://medium.com/@tomagee/pip-freeze-requirements-txt-considered-harmful-f0bce66cf895 .
*Sebastian Berlin* Utvecklare/*Developer* Wikimedia Sverige (WMSE) E-post/*E-Mail*: [email protected] Telefon/*Phone*: (+46) 0707 - 92 03 84 On Fri, 5 May 2023 at 13:17, Amir Sarabadani <[email protected]> wrote: > You can also create an empty virtual env, install all requirements and > then do > pip freeze > requirements.txt > > That should take care of pinning > > Am Fr., 5. Mai 2023 um 13:11 Uhr schrieb Lucas Werkmeister < > [email protected]>: > >> For the general case of Python projects, I’d argue that a better solution >> is to adopt the lockfile pattern (package-lock.json, composer.lock, >> Cargo.lock, etc.) and pin *all* dependencies, and only update them when >> the new versions have been tested and are known to work. pip-tools >> <https://pypi.org/project/pip-tools/> can help with that, for example ( >> requirements.in specifies “loose” dependencies; pip-compile creates a >> pinned requirements.txt; pip-sync installs it; pip-compile -U upgrades >> requirements.txt later; you check both requirements.in and >> requirements.txt into version control.) But I don’t know if that applies >> in your integration/config case. >> >> Am Do., 4. Mai 2023 um 18:08 Uhr schrieb Antoine Musso <[email protected]>: >> >>> Hello, >>> >>> This is for python projects. >>> >>> Today, May 4th, urllib3 <https://pypi.org/project/urllib3/#history> has >>> released a new major version 2.0.2 which breaks the extremely popular >>> requests <https://pypi.org/project/requests/> library. >>> >>> The fix is to pin urllib3<2 to prevent the new major version from being >>> installed (example >>> <https://gerrit.wikimedia.org/r/c/integration/config/+/915736/1/tox.ini> >>> ). >>> >>> https://phabricator.wikimedia.org/T335977 >>> >>> Upstream issue: https://github.com/psf/requests/issues/6432 >>> >>> >>> Antoine "hashar" Musso >>> Wikimedia Release Engineering >>> _______________________________________________ >>> Wikitech-l mailing list -- [email protected] >>> To unsubscribe send an email to [email protected] >>> >>> https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/ >> >> >> >> -- >> Lucas Werkmeister (he/er) >> Software Engineer >> >> Wikimedia Deutschland e. V. | Tempelhofer Ufer 23-24 | 10963 Berlin >> Phone: +49 (0)30-577 11 62-0 >> https://wikimedia.de >> >> Imagine a world in which every single human being can freely share in the >> sum of all knowledge. Help us to achieve our vision! >> https://spenden.wikimedia.de >> >> Wikimedia Deutschland - Gesellschaft zur Förderung Freien Wissens e. V. >> Eingetragen im Vereinsregister des Amtsgerichts Berlin-Charlottenburg unter >> der Nummer 23855 B. Als gemeinnützig anerkannt durch das Finanzamt für >> Körperschaften I Berlin, Steuernummer 27/029/42207. >> _______________________________________________ >> Wikitech-l mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> >> https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/ > > > > -- > Amir (he/him) > > _______________________________________________ > Wikitech-l mailing list -- [email protected] > To unsubscribe send an email to [email protected] > https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
_______________________________________________ Wikitech-l mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
