[ https://issues.apache.org/jira/browse/BEAM-4606?focusedWorklogId=116327&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-116327 ]
ASF GitHub Bot logged work on BEAM-4606: ---------------------------------------- Author: ASF GitHub Bot Created on: 27/Jun/18 06:52 Start Date: 27/Jun/18 06:52 Worklog Time Spent: 10m Work Description: aaltay commented on a change in pull request #5751: [BEAM-4606] Pin pytz version URL: https://github.com/apache/beam/pull/5751#discussion_r198383539 ########## File path: sdks/python/setup.py ########## @@ -105,7 +105,7 @@ def get_version(): 'oauth2client>=2.0.1,<5', # grpcio 1.8.1 and above requires protobuf 3.5.0.post1. 'protobuf>=3.5.0.post1,<4', - 'pytz>=2018.3', + 'pytz==2018.4', Review comment: I do not think it will break existing users. The scenario I have in mind is, suppose there is a library X that pins pytz==2018.3 and we pin it at 2018.4. With that a user cannot have both X and Beam in the same environment. Since we already know that Beam works with both 2018.3 and 2018.4; it would be more flexible to work with either version of the dependency. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking ------------------- Worklog Id: (was: 116327) Time Spent: 50m (was: 40m) > Upper bound for pytz dependency > ------------------------------- > > Key: BEAM-4606 > URL: https://issues.apache.org/jira/browse/BEAM-4606 > Project: Beam > Issue Type: Improvement > Components: sdk-py-core > Reporter: Ahmet Altay > Assignee: Udi Meiri > Priority: Major > Time Spent: 50m > Remaining Estimate: 0h > > Do we need an upper bound for the pytz dependency? > ([https://github.com/apache/beam/blob/release-2.5.0/sdks/python/setup.py#L108)] > We typically have upper bounds, in order to avoid future breakages due to a > possibility of breaking/backward incompatible change of that depepdency. > Good practice is to upper bound either at known version, or next major > version. Do we need an exception for pytz because it does not seem to be > following semantic versioning? > cc: [~yifanzou] Is this something dependency notifier can warn on? Dependency > without upper version bounds. -- This message was sent by Atlassian JIRA (v7.6.3#76005)