Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency monitoring is broken #182

Closed
lukpueh opened this issue Sep 19, 2019 · 1 comment · Fixed by #209
Closed

Dependency monitoring is broken #182

lukpueh opened this issue Sep 19, 2019 · 1 comment · Fixed by #209

Comments

@lukpueh
Copy link
Member

lukpueh commented Sep 19, 2019

Description of issue or feature request:
securesystemslib configures pyup to perform dependency monitoring.

Current behavior:

Expected behavior:
Configure dependency monitoring to regularly und automatically run securesystemslib's test suite against the latest versions of its dependencies.

See tuf for a working pyup configuration, or in-toto which revises tuf's dependency monitoring and uses dependabot instead of pyup. (in-toto/in-toto#294)
@lukpueh
Copy link
Member Author

lukpueh commented Sep 19, 2019

Should coordinate with #179

lukpueh added a commit to lukpueh/securesystemslib that referenced this issue Nov 11, 2019
@lukpueh
Unpin python-dateutil dependency
21a9ad2 
There is no reason to strictly pin python-dateutil to 2.8.0. On
the contrary, pinning dependency is prone to introduce dependency
conflicts (especially in downstream releases).

This was most likely a copy-paste mistake related to the practice
of pinning dependencies in dev-requirements.txt.

This is a quick fix for python-dateutil. A more comprehensive
dependency handling revision may be performed with
secure-systems-lab#182
@lukpueh lukpueh mentioned this issue Nov 11, 2019
Merged
@lukpueh lukpueh mentioned this issue Jan 24, 2020
Closed
3 tasks
tanishqjasoria pushed a commit to tanishqjasoria/securesystemslib that referenced this issue Jan 30, 2020
@lukpueh @tanishqjasoria
Unpin python-dateutil dependency
0e81982 
There is no reason to strictly pin python-dateutil to 2.8.0. On
the contrary, pinning dependency is prone to introduce dependency
conflicts (especially in downstream releases).

This was most likely a copy-paste mistake related to the practice
of pinning dependencies in dev-requirements.txt.

This is a quick fix for python-dateutil. A more comprehensive
dependency handling revision may be performed with
secure-systems-lab#182
@lukpueh lukpueh mentioned this issue Feb 19, 2020
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix dependency monitoring and revise requirements files lukpueh/securesystemslib
1 participant
@lukpueh