reconsider types-requests dependency #1988
Labels
dependencies
Pull requests that update a dependency file
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We get a lot of dependency bumps from dependabot for types-requests: The dependency is in requirements-test.txt, I assume it brings in annotation stubs for requests so that mypy does not complain during lint.
These upgrades are annoying because typeshed (the project producing this package) does not make real releases. They don't even tag the releases in source: the packages just appear in pypi.org. So there is absolutely no way to know if the new version is something we want or what source version it represents -- meaning no way to review a dependency upgrade.
Our use of requests is pretty stable: no changes in months. I wonder if we should just tell mypy to ignore requests and stop depending on types-requests?
The text was updated successfully, but these errors were encountered: