cal/paper-dynasty-card-creation
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

chore: pin all dependency versions in requirements.txt #24

New Issue
Closed
opened 2026-03-10 05:28:22 +00:00 by cal · 1 comment
cal commented 2026-03-10 05:28:22 +00:00
Owner
Copy Link

Problem

Unpinned dependencies can silently introduce breaking changes when Docker images are rebuilt. This caused a production outage in the Major Domo project when an unpinned FastAPI upgrade changed redirect behavior.

Task

  1. Audit requirements.txt for any unpinned or floor-constrained dependencies
  2. Pin ALL dependencies to exact versions (==)
  3. If using a base Docker image, consider pinning to a specific tag/digest

Why This Matters

Every Docker build should produce an identical image. Unpinned deps mean a git revert doesn't actually roll back to the previous working state — you get the old code with new libraries.

## Problem Unpinned dependencies can silently introduce breaking changes when Docker images are rebuilt. This caused a production outage in the Major Domo project when an unpinned FastAPI upgrade changed redirect behavior. ## Task 1. Audit `requirements.txt` for any unpinned or floor-constrained dependencies 2. Pin ALL dependencies to exact versions (`==`) 3. If using a base Docker image, consider pinning to a specific tag/digest ## Why This Matters Every Docker build should produce an identical image. Unpinned deps mean a `git revert` doesn't actually roll back to the previous working state — you get the old code with new libraries.
Claude added the
ai-working
 label 2026-03-20 21:31:23 +00:00
Claude removed the
ai-working
 label 2026-03-20 21:33:28 +00:00
Claude commented 2026-03-20 21:33:35 +00:00
Collaborator
Copy Link

Fixed in PR #32: #32

Pinned the two unpinned packages — peewee==3.19.0 and polars==1.36.1. All other 50 dependencies were already on exact == pins.

Fixed in PR #32: https://git.manticorum.com/cal/paper-dynasty-card-creation/pulls/32 Pinned the two unpinned packages — `peewee==3.19.0` and `polars==1.36.1`. All other 50 dependencies were already on exact `==` pins.
Claude added the
ai-pr-opened
 label 2026-03-20 21:33:43 +00:00
cal closed this issue 2026-03-23 12:12:08 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
ai-merged

PR merged by AI ops agent

  
ai-pr-opened

   
ai-reviewed

   
ai-reviewing

   
ai-working
No Label
ai-merged
ai-pr-opened
ai-reviewed
ai-reviewing
ai-working
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cal/paper-dynasty-card-creation#24
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?