toqito icon indicating copy to clipboard operation
toqito copied to clipboard
Published 3 weeks ago verified publisher icon vprusso

Keep dependency versions unpinned to specific versions unless needed

Open vprusso opened this issue 9 months ago • 4 comments

Generally, we shouldn't be hard-pinning to dependencies in the pyproject.toml file unless we absolutely need to for a specific dependency. Ideally, we want all of these packages to be up-to-date with the latest updates and should ensure we use the >= syntax where appropriate.

vprusso avatar Mar 07 '25 22:03 vprusso

Do u mean like this?

From:

[tool.poetry.dependencies]
python = ">=3.11,<4"
cvxpy = "1.6.2"
more-itertools = "10.6.0"
numpy = "2.2.3"
scipy = "1.15.2"
scs = "3.2.7.post2"
picos = "2.6.0"

To:

[tool.poetry.dependencies]
python = ">=3.11,<4"
cvxpy = ">=1.6.2"
more-itertools = ">=10.6.0"
numpy = ">=2.2.3"
scipy = ">=1.15.2"
scs = ">=3.2.7"
picos = ">=2.6.0"

ryanbijoy avatar Apr 04 '25 15:04 ryanbijoy

This is a good question, @ryanbijoy . I actually think we should use ^= in favor of >=. The reason for this is that using >= could unintentionally install a future breaking version which may not be compatible.

Do you agree with this, @purva-thakre ? I know that you previously had some input on whether we should hard-pin dependencies.

vprusso avatar Apr 04 '25 16:04 vprusso

Sure working on this. Also should i keep the .post2 which should it be scs = "^=3.2.7.post2" or scs = "^=3.2.7"

Image

ryanbijoy avatar Apr 04 '25 16:04 ryanbijoy

scs

@ryanbijoy Hmm, yes, that .post2 seems to be a specific way in which the scs developers decided to version things. Let's aim for scs ^= 3.2.7.post2 as this is how they have the most recent released version on the PyPi server: https://pypi.org/project/scs/

vprusso avatar Apr 04 '25 18:04 vprusso