Mark all packages with semver ranges, and update #2166
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Since Poetry lets us specify compatible packages separate from the lock file, this means we can now specify that we are compatible with a range of packages, and then let semver updates happen through
poetry update
and (soon) dependabot. We get this without having to give up the determinstic builds we had before, since Poetry's lock file includes exact versions and files hashes.Note that DRF does not follow strict semver, and introduced a breaking change between 3.10 and 3.11. This is fine, we can specify that we want version 3.10.x and not have to worry about the breaking changes until we are ready for them.
If CI passes, this is probably good to go.