Task #5196
Pin dependencies to y releases and use dependabot to update them
Start date:
Due date:
% Done:
100%
Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:
Description
Recently, Pulp 3 package installs were broken by a new version of DRF which necessitated a new release of pulpcore (RC4)[0]. Our releases are fragile and unstable because they don't pin versions of dependencies.
Instead, pin pulpcore's dependencies to specific y release versions and use dependabot[1] to notify us of new updates for pulpcore dependencies.
This was the outcome of a discussion on pulp-dev[2].
.. [0] https://www.redhat.com/archives/pulp-dev/2019-July/msg00076.html
.. [1] https://dependabot.com/
.. [2] https://www.redhat.com/archives/pulp-dev/2019-July/msg00088.html
Associated revisions
History
#1
Updated by daviddavis over 1 year ago
#2
Updated by daviddavis over 1 year ago
- Description updated (diff)
#3
Updated by daviddavis over 1 year ago
- Status changed from POST to MODIFIED
- % Done changed from 0 to 100
Applied in changeset pulpcore|433775d92b58dba939157c980489fb85df390a5e.
#4
Updated by bmbouter about 1 year ago
- Sprint/Milestone set to 3.0.0
#5
Updated by bmbouter about 1 year ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Please register to edit this issue
Pinning dependencies and using dependabot to manage updates
fixes #5196 https://pulp.plan.io/issues/5196