Should we be Pinning dependencies? #1106
Comments
svrooij
added
the
status:waiting-for-triage
|
See also this comment by @sanmai-NL |
|
@baywet or @andrueastman what are your ideas on this? It seems to bug people and I have no idea what is the best course of action for python |
|
Thanks for starting the conversation here. Service libs should only depend on graph core. Yes there has been a few dependencies alignment issues in the past, but they are usually resolved quickly/easily. Let us know if you have any additional comments or questions. |
baywet
added
question
|
The issue seems to be that due to a pr (by me) in a deep down dependency kiota-abstractions, code that first worked stopped working because python downloads the latest version of dependencies. Meaning if you install graph now, and you built something. That same code may no longer work in the future if you reinstall graph (build pipeline, user installing something). In my opinion it should not pin the dependencies in graph. But the developer that built something with it should pin the used dependencies in his/her project and update them at will. |
microsoft-github-policy-service
bot
added
Needs: Attention 👋
and removed
status:waiting-for-author-feedback
Recently a few issues appeared that are related to dependencies being updated, namely:
In C# if you install a package it installs the lowest available version that matches (by default). This means if you install the same package next time, you're pretty certain you will get exactly the same dependencies as last time. Back to python, it seems that python does the exact opposite.
Maybe there should be a discussion about whether or not we should start pinning dependencies so you get a more stable installation of a specific version of this sdk. I'm not a python expert and I don't know what is recommended for libraries but it is certainly something to think about.
Any ideas?
msgraph-sdk-python/pyproject.toml
Lines 13 to 21 in 25d6c6c
The text was updated successfully, but these errors were encountered: