You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We get a lot of dependency bumps from dependabot for types-requests: The dependency is in requirements-test.txt, I assume it brings in annotation stubs for requests so that mypy does not complain during lint.
These upgrades are annoying because typeshed (the project producing this package) does not make real releases. They don't even tag the releases in source: the packages just appear in pypi.org. So there is absolutely no way to know if the new version is something we want or what source version it represents -- meaning no way to review a dependency upgrade.
Our use of requests is pretty stable: no changes in months. I wonder if we should just tell mypy to ignore requests and stop depending on types-requests?
The text was updated successfully, but these errors were encountered:
We get a lot of dependency bumps from dependabot for types-requests: The dependency is in requirements-test.txt, I assume it brings in annotation stubs for requests so that mypy does not complain during lint.
These upgrades are annoying because typeshed (the project producing this package) does not make real releases. They don't even tag the releases in source: the packages just appear in pypi.org. So there is absolutely no way to know if the new version is something we want or what source version it represents -- meaning no way to review a dependency upgrade.
Our use of requests is pretty stable: no changes in months. I wonder if we should just tell mypy to ignore requests and stop depending on types-requests?
The text was updated successfully, but these errors were encountered: