You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In a couple of instances, we have had to update all of our dependencies en masse because pipenv does not give very good tools for updating a portion of the dependency tree (#1796 and the work on it by @nateborr ). Python's new poetry tool should be better at this, but it requires a process to migrate the current dependency information from our Pipfile into the new pyproject.toml format.
We should (1) research how to do that migration, (2) do it, and then (3) test the resulting install to make sure that it works both locally, in Docker, and in staging on Cloud.gov. Ideally, we would make the change without also doing any dependency updates so that we can isolate the impact of the new tooling. We will also need to (4) update our documentation on dependency management to use the new commands.
Bonus points if we can (5) use the new tool to document a simple approach to responding to dependabot updates without having to update all of our dependencies.
The text was updated successfully, but these errors were encountered:
In a couple of instances, we have had to update all of our dependencies en masse because pipenv does not give very good tools for updating a portion of the dependency tree (#1796 and the work on it by @nateborr ). Python's new
poetrytool should be better at this, but it requires a process to migrate the current dependency information from ourPipfileinto the newpyproject.tomlformat.We should (1) research how to do that migration, (2) do it, and then (3) test the resulting install to make sure that it works both locally, in Docker, and in staging on Cloud.gov. Ideally, we would make the change without also doing any dependency updates so that we can isolate the impact of the new tooling. We will also need to (4) update our documentation on dependency management to use the new commands.
Bonus points if we can (5) use the new tool to document a simple approach to responding to dependabot updates without having to update all of our dependencies.
The text was updated successfully, but these errors were encountered: