-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pin stubs to their corresponding upstream version #12694
Comments
There are some problems I can see:
I think we could experiment with only specifying the lower limit for now. Maybe we can later extend our metadata to be able to specify an upper limit or an upper limit algorithm in some way. |
I'd be opposed to this by default, but I'd be willing to add e.g. an |
I've seen projects use stubs targeting an older version than the installed version of a library, since updating stubs can sometimes take significant effort. In particular, a new version of stubs can have new (or modified) type annotations that trigger false positives. A large project may depend a huge number of third-party libraries, and not keeping stubs and implementations always in sync (at least temporarily) can be an acceptable form of technical debt in some contexts, I think. |
I was also initially opposed to this as well for the reasons already mentioned, but then I also thought this could be done through extras, as it would be opt-in. Maybe also only though a lower bound in the extra, since it's expected that typeshed stubs versioning will fall behind. Using the same |
Now that third party stubs are released as individual packages it would be great if the package included the upstream version range as an install requirements.
Currently the generated stubs contain a paragraph indicating the version they are intended for but, no such restriction is present in the
setup.py
file.Issues #5768 and #5618 discuss allowing external dependencies, but they only allow to specify dependencies that are in fact dependencies of the corresponding upstream package, not the upstream package itself. In the example below it can be seen how
types-requests
depends onurllib3
, but not onrequests
itself.Adding the upstream package is important, as currently many teams use automated tools like Renovatebot or Dependabot to manage their dependencies, and without the explicit requirement you may end up with inconsistent deps. In our case someone in our team updated the types for protobuf to version 5.26, but we are restricted to use version 4.25. One could argue that any incompatibilities should be caught by CI, and it's true. But there's another case that is not prevented. First you upload the types of protobuf to the latest version, CI does not catch any errors, because you are using a small part of the library. Some time later you start working on a new feature and use a function or parameter that is only defined in the latest version. You write a test and it fails, and you end up scratching your head for a long time not understanding why that function/param is not present.
Examples
Requests
Cachetools
The text was updated successfully, but these errors were encountered: