Skip to content

June 2025 Python Dependency update#1024

Merged
davidfischer merged 2 commits intomainfrom
davidfischer/python-deps-update-june-2025
Jun 12, 2025
Merged

June 2025 Python Dependency update#1024
davidfischer merged 2 commits intomainfrom
davidfischer/python-deps-update-june-2025

Conversation

@davidfischer
Copy link
Copy Markdown
Collaborator

@davidfischer davidfischer commented Jun 5, 2025

In addition to general updates, there was a number of additional analyzer updates and more precise pinning.

@davidfischer
June 2025 Python Dependency update
d9a9d47 
In addition to general updates,
there was a number of additional analyzer updates and more precise
pinning.
@davidfischer davidfischer requested a review from a team as a code owner June 5, 2025 23:29
@davidfischer davidfischer requested a review from ericholscher June 5, 2025 23:29
This was referenced Jun 5, 2025
Closed
Closed
Closed
Closed
Closed
@ericholscher
Copy link
Copy Markdown
Member

ericholscher commented Jun 6, 2025

I'd be happy to turn off dependabot as well -- those PRs just seem like noise.

ericholscher
ericholscher approved these changes Jun 6, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@ericholscher ericholscher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems fine, but it seems it's adding dependencies while also updating them? Also, we should really note why we're doing an upper pin on things, otherwise we'll have no idea why/when we can update them.

requirements/analyzer.in
beautifulsoup4
textacy
spacy
spacy[transformers] >=3.8.7,< 4.0
Copy link
Copy Markdown
Member

@ericholscher ericholscher Jun 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should add a comment whenever we pin something noting why it's pinned.

requirements/analyzer.in Outdated

# Used to parse web pages and get the "main section" of the page
trafilatura
trafilatura >= 2.0.0,<3.0
Copy link
Copy Markdown
Member

@ericholscher ericholscher Jun 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar here -- guessing this is an API breakage?

requirements/analyzer.in

# Numpy v2 has some breaking changes (for now)
numpy<2
sentence-transformers >= 4.1,<5.0
Copy link
Copy Markdown
Member

@ericholscher ericholscher Jun 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also here? Lots of pinning here we're doing?

@davidfischer
Copy link
Copy Markdown
Collaborator Author

davidfischer commented Jun 6, 2025

This seems fine, but it seems it's adding dependencies while also updating them? Also, we should really note why we're doing an upper pin on things, otherwise we'll have no idea why/when we can update them.

I'll add notes. There isn't a lot of reason for an upper pin other than to avoid breaking changes. If a major version has breaking changes, shouldn't we be careful in taking them? The minimum pin on some of these is required because versions conflict with other modules.

@davidfischer davidfischer merged commit 122eec6 into main Jun 12, 2025
1 check passed
@davidfischer davidfischer deleted the davidfischer/python-deps-update-june-2025 branch June 12, 2025 14:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ericholscher ericholscher ericholscher approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@davidfischer @ericholscher