chore(deps)!: py-serializable==^1.1.1 -> ^2.0.0
#775
Conversation
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Coverage summary from CodacySee diff coverage on Codacy
Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: See your quality gate settings Change summary preferencesCodacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more |
jkowalleck
changed the title
py-serializable==^1.1.1 -> ^2.0.0py-serializable==^1.1.1 -> ^2.0.0
|
Looking over the PR, I'm struck by the fact that it hard-bumps the dependency on from importlib.metadata import version
from packaging.Version import Version
match Version(version('py-serializable')):
case ver if ver < Version('2.0.0'):
import serializable
case ver if Version('2.0.0') <= ver < Version('3.0.0'):
import py_serializable as serializable
case _:
throw ImportError("Can't predict py-serializable compatibility")The benefit here is that it loosens the need to bump the |
|
re: #775 (comment) i also thought about having a compatibility layer for supporting |
|
Fair enough - I did notice in reading some discussion threads that that appears to be the currently accepted solution direction for this class of problems, so this may just be a matter of clashing cultural expectations - my main experience with package management innards comes from the Haskell world, which supports multiple package versions being installed and so encourages packages to declare wider compatibility windows so as not to overconstrain the solver.
9 feb 2025 18:43:11 Jan Kowalleck ***@***.***>:
…
re: #775 (comment)[#775 (comment)]
i also thought about having a compatibility layer for supporting *^1.1.1||^2*.
I decided against this, as python venvs exist for people that need the old version of py-serializable`, still.
So there should be simply no reason to support backwards compatibility here.
—
Reply to this email directly, view it on GitHub[#775 (comment)], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AAJTW5JQEOPWH5355VWEZRD2O6AR5AVCNFSM6AAAAABWY3NDNWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNBWGM4TMMBTHE].
You are receiving this because you commented.
[Imagen de rastreo][https://github.com/notifications/beacon/AAJTW5MGPXW6PFJ2Y2HL7GD2O6AR5A5CNFSM6AAAAABWY3NDNWWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTU5XTGIO.gif]
|
|
A preview of the fix/feature is available via https://github.com/CycloneDX/cyclonedx-python-lib/releases/tag/v9.0.1-rc.1 |
### BREAKING Changes * Fix: `model.vulnerability.VulnerabilityReference`'s properties are all mandatory ([#790](#790) via [#792](#792)) * Refactor: Rename `spdx.is_compund_expression` -> `spdx.is_expression` ([#779](#779)) * Behavior: `BomRef` affects comparison/hashing ([#754](#754) & [#780](#780)) This is only a breaking change if you relied on ordering of elements. * Behavior: streamline comparison/hashing functions ([#755](#755)) This is only a breaking change if you relied on ordering of elements. * Dependency: bump dependency `py-serializable >=2 <3`, was `>=1.1.1 <2` ([#775](#775)) This is only a breaking change if you have other packages depend on that specific version. --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Signed-off-by: wkoot <3715211+wkoot@users.noreply.github.com> Signed-off-by: semantic-release <semantic-release@bot.local> Co-authored-by: wkoot <3715211+wkoot@users.noreply.github.com> Co-authored-by: semantic-release <semantic-release@bot.local>
bump to
py-serializablev2.0.0: https://github.com/madpah/serializable/releases/tag/v2.0.0This is considered a breaking change, as downstream users might rely on the same package's previous version.