Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pip-requirements.txt: Bump versions of several packages and fix URL #6059

Merged
merged 2 commits into from
Sep 3, 2024
Merged

pip-requirements.txt: Bump versions of several packages and fix URL #6059

merged 2 commits into from
Sep 3, 2024

Conversation

ghost
Copy link

@ghost ghost commented Aug 7, 2024

Description

edk2-basetools was depending on old versions of several packages. That was fixed in version 0.1.53. Update pip-requirements.txt to use that version, and bump the versions and dependency expressions of other packages to use or allow use of newer versions.

Also, update the URL to the requirements file format since it's moved.

  • Breaking change?
  • Impacts security?
  • Includes tests?

How This Was Tested

Ran CI locally.

Integration Instructions

N/A

@makubacki
Copy link
Member

makubacki commented Aug 7, 2024
edited
Loading

It's good to get everything updated here. We should be a bit more proactive about merging dependabot PRs to help with this. In some cases, they might need touched up, but they help give build status results per update and highlight potential compatibility problems between modules visible in CI results.

I'm a little hesitant to move to ~= as that will reduce the frequency and therefore regular verification of those checks prior to merge. At the same time, the modules should only be making backward compatible updates.

Dependabot PRs that can be closed (and should have been handled earlier):

@bexcran
pip-requirements.txt: Bump versions of several packages and fix URL
04cabd8 
edk2-basetools was depending on old versions of several packages. That
was fixed in version 0.1.53. Update pip-requirements.txt to use that
version, and bump the versions and dependency expressions of other
packages to use or allow use of newer versions.

Also, update the URL to the requirements file format since it's
moved.

Signed-off-by: Rebecca Cran <[email protected]>
@ghost
Copy link
Author

ghost commented Aug 14, 2024

I'm a little hesitant to move to ~= as that will reduce the frequency and therefore regular verification of those checks prior to merge. At the same time, the modules should only be making backward compatible updates.

@makubacki I understand. Would you prefer me to change it back? This change will go in after the stable tag anyway, so there's no rush.

@makubacki
Copy link
Member

@makubacki I understand. Would you prefer me to change it back? This change will go in after the stable tag anyway, so there's no rush.

I don't have a strong opinion. I'm okay with this given the patch version is updated as it should be. @Javagedes, who does the edk2-pytool releases for his opinion.

@Javagedes
Copy link
Contributor

I'm fine with '~='. If it's a targeted fix for something in edk2, but not a breaking change, we can always manually make a PR.

@mdkinney mdkinney added the push Auto push patch series in PR if all checks pass label Sep 2, 2024
@mergify mergify bot merged commit 909849b into tianocore:master Sep 3, 2024
126 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ajfish ajfish Awaiting requested review from ajfish

@leiflindholm leiflindholm Awaiting requested review from leiflindholm

Assignees
No one assigned
Labels
push Auto push patch series in PR if all checks pass
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@makubacki @Javagedes @mdkinney @bexcran