chore: Lock down deep dependencies to avoid upgrades to incompatible …

…versions (#19)
shipyard · Oct 2, 2024 · 1fd70ea · 1fd70ea
1 parent f9ee1c2
commit 1fd70ea
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/backend/pyproject.toml b/backend/pyproject.toml
@@ -18,6 +18,13 @@ flask-shell-ipython = "0.4.1"
 psycopg2 = "2.8.4"
 boto3 = "1.16.44"
 localstack-client = "1.10"
+# the following are not directly required, but because flask and other packages don't fully specify their own 
+# dependency versions, it's easy to get breaking dependency updates if these are not locked down.
+jinja2 = "2.11.3"
+markupsafe = "1.1.1"
+itsdangerous = "1.1.0"
+werkzeug = "1.0.1"
+sqlalchemy = "1.3.23"
 
 [tool.poetry.dev-dependencies]
 pytest = "5.2"