Use of legacy dependencies #404
Labels
Comments
|
Case in point: click-contrib/click-aliases#5 (comment) 🥲 |
|
Since this issue has been opened, there have been four new releases for |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi! When trying to upgrade to 0.4.38 I noticed that you have added a new dependency on click-aliases.
The project has not done a release since 2019 and although upstream seems not completely dead, it not testing against anything newer than Python 3.7, nor against click > 7 is very concerning.
From a developer's point of view I fully understand that you need to rely on 3rd party dependencies, however, please make sure that these are still alive and (ideally) tested against recent Python releases and the ecosystem (e.g. click) they integrate with.
As pynitrokey does neither have blanket unit tests, which ensure that runtime dependencies are met, nor declares dependency changes in the changelog, it is very easy to miss changes as a downstream packager.
The text was updated successfully, but these errors were encountered: