Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chore - Python dependencies management #170

Open
cusma opened this issue Sep 8, 2024 · 0 comments
Open

Chore - Python dependencies management #170

cusma opened this issue Sep 8, 2024 · 0 comments

Comments

@cusma
Copy link
Contributor

cusma commented Sep 8, 2024
edited
Loading

Hi all,

As improvement of the project I would highly encourage the usage of a Python dependency management tool.

This makes sure all the dependencies are controlled and pinned to ensure both stability and repeatability, avoiding unexpected breaking changes and improving overall security (e.g. prevent supply chain flaws, etc.).

I would recommend introducing Poetry, which manages dependencies in the pyproject.toml, locking the dependency graph in poetry.lock file (to be committed).

Moreover, this would enable Dependabot in the repository, to ensure that the repository is both protected with security alerts and kept up to date with dependencies updates.

This is critical to ensure stability, liveness and easier contributions to an open-source project like this.

Opened a discussion here: #161
@cusma cusma changed the title Python dependencies management Chore - Python dependencies management Sep 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cusma