Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider loosening Django pin #10650

Closed
jacobtylerwalls opened this issue Mar 4, 2024 · 4 comments · Fixed by #10688
Closed

Consider loosening Django pin #10650

jacobtylerwalls opened this issue Mar 4, 2024 · 4 comments · Fixed by #10688
Assignees
@jacobtylerwalls

Comments

@jacobtylerwalls
Copy link
Member

I've set a monthly calendar reminder to check for Django security patches, which usually come out the first Monday of the month. If we loosened the upper bound on Django to include micro releases, projects wouldn't need to wait for us to update the pin and then eventually issue a patch release.

I also think we should consider loosening the upper bound on major versions of Django, now that we run the Arches test suite with DeprecationWarnings enabled. (If you run tests with DeprecationWarnings, you can still jump from LTS to LTS as we do without missing any "news" about breaking changes.) Projects should be able to use new features in Django 5.0 if they wish without waiting for us to enforce it as the floor for the whole ecosystem.

cc/ @chiatt
@chiatt chiatt added this to pipeline Mar 4, 2024
@chiatt
Copy link
Member

chiatt commented Mar 12, 2024

I'm definitely in favor of loosening the upper bound on micro releases. We really should't have to worry about delivering a micro release of Arches just to pass along a Django patch. For major Django versions, I don't completely object to loosening the cap, but I'm a bit hesitant. My concern is that a new version of Django might come out shortly before an Arches release that we haven't really put through its paces.

@jacobtylerwalls
Copy link
Member Author

Good point, we should only raise the cap near the beginning of an arches release cycle to give us the full period to test with it.

@chiatt
Copy link
Member

chiatt commented Mar 13, 2024

That sounds like a good plan

@jacobtylerwalls jacobtylerwalls self-assigned this Mar 13, 2024
@jacobtylerwalls jacobtylerwalls moved this to 🔖 Ready in pipeline Mar 13, 2024
@jacobtylerwalls jacobtylerwalls moved this from 🔖 Ready to 🏗 In Progress in pipeline Mar 15, 2024
jacobtylerwalls added a commit that referenced this issue Mar 15, 2024
@jacobtylerwalls
Relax upper bound on Django #10650
7995e27
@jacobtylerwalls jacobtylerwalls mentioned this issue Mar 15, 2024
Merged
@jacobtylerwalls jacobtylerwalls moved this from 🏗 In Progress to 👀 In Review in pipeline Mar 18, 2024
@jacobtylerwalls jacobtylerwalls linked a pull request Mar 18, 2024 that will close this issue
Relax upper bound on Django patch releases #10650 #10688
Merged
chiatt pushed a commit that referenced this issue Mar 18, 2024
@jacobtylerwalls @chiatt
Relax upper bound on Django #10650
9c8dc3e
@jacobtylerwalls
Copy link
Member Author

Closed in #10688

@jacobtylerwalls jacobtylerwalls moved this from 👀 In Review to ✅ Done in pipeline Mar 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jacobtylerwalls jacobtylerwalls

Labels
None yet
Projects
pipeline
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Relax upper bound on Django patch releases #10650 archesproject/arches
2 participants
@chiatt @jacobtylerwalls