julian_knight
11/23/2021, 5:12 PMpoetry.lock
file locking the singer-sdk
dependency to 0.3.8, and that lock file is committed to the repo.
However, when we install the tap in our Meltano project (using a git repo link, if that matters), it ignores the lock file and uses 0.3.11. This happened to cause a breaking change. That’s not to say that there’s a breaking change in the sdk; we overrode request_records
for a RESTStream
, at our own risk. But I would have thought the lock file would have protected us from this. Is this a known issue, does pip install
not know how to correctly install poetry apps? Or is there a setting we can add to our project files to fix this?julian_knight
11/23/2021, 5:12 PMvisch
11/23/2021, 5:13 PMjulian_knight
11/23/2021, 5:23 PM^0.3.7
. But I assume if poetry works similar to ruby bundler and npm, that the ^
only applies when doing poetry update
edgar_ramirez_mondragon
11/23/2021, 5:25 PMpyproject.toml
and ignores poetry.lock
to resolve dependencies, so it installs any minor release equal or greater than 0.3.7
edgar_ramirez_mondragon
11/23/2021, 5:26 PMvisch
11/23/2021, 5:26 PMvisch
11/23/2021, 5:28 PMpip install
it doesn't reference lockfilesedgar_ramirez_mondragon
11/23/2021, 5:45 PMpyproject.toml
, e.g. singer-sdk = "0.3.8"
so pip always uses that version 😕
There's a few discussions going on in both the python and poetry communities around this topic:
• Standardize around a lock file format: PEP 665
• Support building packages with pinned dependencies: https://github.com/python-poetry/poetry-core/pull/71julian_knight
11/23/2021, 5:46 PMjulian_knight
11/23/2021, 5:56 PMpyproject.toml
?edgar_ramirez_mondragon
11/23/2021, 5:58 PM