There is no upper/lower bound on dependencies in pyproject.toml:
|
dependencies = [ |
|
"aiofiles", |
|
"aiohttp", |
|
"cryptography>=42.0.0", |
|
"requests", |
|
"google-auth", |
|
"protobuf", |
|
"google-cloud-alloydb", |
|
"google-api-core", |
|
] |
We should add lower bounds and test against those to ensure that new changes are compatible with the minimum version of a dependency.
As an example, see https://github.com/googleapis/python-bigquery-storage/blob/main/testing/constraints-3.7.txt where minimum versions of dependencies are tested. The reason is that we want tests to fail if the minimum version that we specify no longer works
For the upper bound, one reason to prevent pulling the latest major version of a dependency is that it's untested and could have a breaking change.
requirements.txt and constraints.txt have different purposes. For constraints, we want to check that tests pass with the minimum versions of dependencies. requirements.txt helps maintainers/CI have a consistent environment when running tests. In the latter case, we may want the latest versions of dependencies. May want to consider renaming the current requirements.txt to requirements-test.txt to show it is for testing.
There is no upper/lower bound on dependencies in
pyproject.toml:alloydb-python-connector/pyproject.toml
Lines 43 to 52 in 3b5ea2f
We should add lower bounds and test against those to ensure that new changes are compatible with the minimum version of a dependency.
As an example, see https://github.com/googleapis/python-bigquery-storage/blob/main/testing/constraints-3.7.txt where minimum versions of dependencies are tested. The reason is that we want tests to fail if the minimum version that we specify no longer works
For the upper bound, one reason to prevent pulling the latest major version of a dependency is that it's untested and could have a breaking change.
requirements.txtandconstraints.txthave different purposes. For constraints, we want to check that tests pass with the minimum versions of dependencies.requirements.txthelps maintainers/CI have a consistent environment when running tests. In the latter case, we may want the latest versions of dependencies. May want to consider renaming the currentrequirements.txttorequirements-test.txtto show it is for testing.