Relax Django dependency accepted versions #2808
Labels
status: accepted
This issue has been accepted for implementation
Comments
|
We decided to adopt strict dependency pinning after dealing with numerous compatibility issues (see #2239 for an example). However, I agree that Django is a mature and stable enough project that we should have no problem matching on minor version only. |
jeremystretch
added
the
status: accepted
Merged
cimnine
added a commit
to netbox-community/netbox-docker
that referenced
this issue
Feb 8, 2019
This change is in accordance with netbox-community/netbox#2808
cimnine
added a commit
to netbox-community/netbox-docker
that referenced
this issue
Feb 22, 2019
This change is in accordance with netbox-community/netbox#2808
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Proposed Changes
Restore a more relaxed dependency on Django (e.g.
Django>=2.1,<2.2) that would allow the patch version to change, simplifying the inclusion of Django security releases.Justification
In 0a71c63 the dependency on Django was changed from a relaxed major-minor that accepted any patch version
Django>=2.0,<2.1to a frozen versionDjango==2.1.3, that was later bumped to2.1.4in baeb793.On Jan. 4th Django had another security release
2.1.5, that is not included in an installation of Netbox due to the frozen requirement.I'm wondering what lead to the choice of using a frozen version, in particular for Django that is well known to be stable and to properly follow semantic versioning.
The text was updated successfully, but these errors were encountered: