[noissue]: Update aioredis requirement from ~=2.0.0 to ~=2.0.1 #1788
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
the
Dependencies
|
WARNING!!! This PR is not attached to an issue. In most cases this is not advisable. Please see our PR docs for more information about how to attach this PR to an issue. |
|
There seem to be features in a bugfix-release. Maybe we need to pin this dependency differently. |
Updates the requirements on [aioredis](https://github.com/aio-libs/aioredis-py) to permit the latest version. - [Release notes](https://github.com/aio-libs/aioredis-py/releases) - [Changelog](https://github.com/aio-libs/aioredis-py/blob/master/CHANGELOG.md) - [Commits](aio-libs-abandoned/aioredis-py@v2.0.0...v2.0.1) --- updated-dependencies: - dependency-name: aioredis dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/pip/aioredis-approx-eq-2.0.1
branch
from
aa9b95d
to
035a2f5
Compare
|
They do label features, but they seem like bugfixes. Two of them are CI and docs fixes and the other seems like a bugfix. That being said maybe we should pin because I don't see a claim from them if they use semver or not. |
|
They do mention semver here though aio-libs-abandoned/aioredis-py#930 (comment) |
|
I believe they follow semver and just don't document that. If that's the case I think we can merge this as is so I'm lgtm-ing it. I posted this here aio-libs-abandoned/aioredis-py#1277 to get more info on the issue. |
|
I'm fine with merging. What i don't quite get is why we need to bump the z version at all. As long as we use the ~= (Semver-operator) the here advertised package will be selected anyway. And we may even make the life of packagers easier by not requiring new dependencies all the time. |
There isn't a "big" reason I would say, but a small reason is that it declares that we've formally tested against it. Another small reason is it signals to the rpm build folks that they should be using a newer version of the dep. |
Updates the requirements on aioredis to permit the latest version.
Release notes
Sourced from aioredis's releases.
Changelog
Sourced from aioredis's changelog.
... (truncated)
Commits
224f843Release version 2.0.1 (#1247)a9825c2Bump py-actions/py-dependency-install from 2.1.0 to 3 (#1239)7f65c4cRemove del from Redis (Fixes #1115) (#1227)5062740Fix typing on blpop (etc) timeout argument (#1224)dbdd0adfix socket.error raises (#1129)2ba15fbFix buffer is closed error when using PythonParser class (#1213)0aa06dfFix typing on evalsha keys_and_args argument (#1215)33b2dbd[pre-commit.ci] pre-commit autoupdate (#1201)a708bd1Merge pull request #1162 from aio-libs/dependabot/pip/flake8-4.0.15d51d8dMerge pull request #1198 from aio-libs/dependabot/pip/docs/mkdocs-1.2.3Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)