chore: pin all dependency versions #1

New Issue

Open

opened 2026-03-10 05:28:24 +00:00 by cal · 0 comments

cal commented 2026-03-10 05:28:24 +00:00

Owner

Copy Link

Problem

Unpinned dependencies can silently introduce breaking changes when Docker images are rebuilt. This caused a production outage in the Major Domo project when an unpinned FastAPI upgrade changed redirect behavior.

Task

1. Audit dependency files for any unpinned or floor-constrained dependencies
2. Pin ALL dependencies to exact versions
3. If using a base Docker image, consider pinning to a specific tag/digest

Why This Matters

Every build should produce an identical artifact. Unpinned deps mean a git revert doesn't actually roll back to the previous working state — you get the old code with new libraries.

## Problem Unpinned dependencies can silently introduce breaking changes when Docker images are rebuilt. This caused a production outage in the Major Domo project when an unpinned FastAPI upgrade changed redirect behavior. ## Task 1. Audit dependency files for any unpinned or floor-constrained dependencies 2. Pin ALL dependencies to exact versions 3. If using a base Docker image, consider pinning to a specific tag/digest ## Why This Matters Every build should produce an identical artifact. Unpinned deps mean a `git revert` doesn't actually roll back to the previous working state — you get the old code with new libraries.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

No results found.

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cal/paper-dynasty-apiproxy#1

No description provided.