Resolve dependency versions explicitly in pyproject.toml
Marco Ricci

Marco Ricci commited on 2025-01-31 18:03:02
Zeige 1 geänderte Dateien mit 22 Einfügungen und 9 Löschungen.


Remove the `~=` version specifiers in favor of `>=` specifiers, and only
use explicitly tested versions as minimum version requirements.

Also explicitly list pytest plugins and coverage plugins as
dependencies.
... ...
@@ -44,24 +44,30 @@ dynamic = ['version']
44 44
 dev = [
45 45
     # Development uses the hatch build system, to isolate all tools in
46 46
     # their own virtual environment...
47
-    "hatch ~= 1.10",
47
+    "hatch >= 1.10",
48 48
     # ...but it is still sensible to have most static analysis tools
49 49
     # available in the main virtual environment as well, so that your
50 50
     # editor/IDE setup can access them as well.
51
-    "mypy ~= 1.0",
52
-    "ruff ~= 0.9.0",
51
+    "mypy >= 1.0",
52
+    "ruff >= 0.9.0",
53 53
     # Test dependencies should be installed as well, to have static
54 54
     # analysis in the test suite working too.  `packaging` is needed
55 55
     # because the test suite compares version numbers.
56
+    "coverage[toml] >= 7.4",
57
+    "coverage-enable-subprocess >= 1.0",
56 58
     "hypothesis >= 6.0",
57 59
     "packaging",
58
-    "pytest ~= 8.1",
60
+    "pytest >= 8.1",
61
+    "pytest-randomly >= 3.15",
62
+    "pytest-xdist[psutil] >= 3.6.0",
59 63
 ]
60 64
 export = [
61 65
     # The vault configuration exporter relies on cryptography.
62 66
     # Version 38 was the first to include the `algorithms.AES256`
63
-    # interface, instead of only the `algorithms.AES` interface.
64
-    "cryptography >= 38.0.0",
67
+    # interface, instead of only the `algorithms.AES` interface, but
68
+    # this was never tested, so we require the earliest cryptography
69
+    # version we tested on.
70
+    "cryptography >= 42.0.0",
65 71
 ]
66 72
 
67 73
 [project.scripts]
... ...
@@ -148,10 +154,17 @@ features = [
148 154
 
149 155
 [tool.hatch.envs.hatch-test]
150 156
 default-args = ['src', 'tests']
151
-extra-dependencies = [
157
+# See "dev" extra in main project section for commentary on the
158
+# dependencies.  We override them here because hatch is too restrictive
159
+# by default.
160
+dependencies = [
161
+    "coverage[toml] >= 7.4",
162
+    "coverage-enable-subprocess >= 1.0",
152 163
     "hypothesis >= 6.0",
153
-    "packaging",  # The test suite compares version numbers.
154
-    "pytest ~= 8.1",
164
+    "packaging",
165
+    "pytest >= 8.1",
166
+    "pytest-randomly >= 3.15",
167
+    "pytest-xdist[psutil] >= 3.6.0",
155 168
 ]
156 169
 matrix-name-format = '{variable}_{value}'
157 170
 
158 171