cal/paper-dynasty-discord
1
0
Fork 0
Code Issues 14 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

chore: pin all Python dependency versions in requirements.txt #82

New Issue
Closed
opened 2026-03-10 05:28:20 +00:00 by cal · 1 comment
cal commented 2026-03-10 05:28:20 +00:00
Owner
Copy Link

Problem

Unpinned dependencies can silently introduce breaking changes when Docker images are rebuilt. This caused a production outage in the Major Domo project when an unpinned FastAPI upgrade changed redirect behavior.

Task

  1. Audit requirements.txt for any unpinned or floor-constrained dependencies
  2. Pin ALL dependencies to exact versions (==)
  3. If using a base Docker image, consider pinning to a specific tag/digest
  4. Separate dev/test dependencies into requirements-dev.txt if not already done

Why This Matters

Every Docker build should produce an identical image. Unpinned deps mean a git revert doesn't actually roll back to the previous working state — you get the old code with new libraries.

## Problem Unpinned dependencies can silently introduce breaking changes when Docker images are rebuilt. This caused a production outage in the Major Domo project when an unpinned FastAPI upgrade changed redirect behavior. ## Task 1. Audit `requirements.txt` for any unpinned or floor-constrained dependencies 2. Pin ALL dependencies to exact versions (`==`) 3. If using a base Docker image, consider pinning to a specific tag/digest 4. Separate dev/test dependencies into `requirements-dev.txt` if not already done ## Why This Matters Every Docker build should produce an identical image. Unpinned deps mean a `git revert` doesn't actually roll back to the previous working state — you get the old code with new libraries.
Claude added the
ai-working
 label 2026-03-10 07:01:02 +00:00
Claude removed the
ai-working
 label 2026-03-10 07:03:46 +00:00
Claude commented 2026-03-10 07:03:49 +00:00
Collaborator
Copy Link

Opened PR #83: #83

Approach: Sourced exact versions from the live production container (pip freeze), pinned all 12 deps with ==, moved pytest/pytest-asyncio to a new requirements-dev.txt, and pinned the Dockerfile base image to python:3.12.13-slim.

Opened PR #83: https://git.manticorum.com/cal/paper-dynasty-discord/pulls/83 **Approach**: Sourced exact versions from the live production container (`pip freeze`), pinned all 12 deps with `==`, moved `pytest`/`pytest-asyncio` to a new `requirements-dev.txt`, and pinned the Dockerfile base image to `python:3.12.13-slim`.
Claude added the
ai-pr-opened
 label 2026-03-10 07:03:55 +00:00
cal closed this issue 2026-03-10 18:26:34 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
ai-changes-requested

   
ai-failed

   
ai-pr-opened

   
ai-reviewed

   
ai-reviewing

   
ai-working

   
ai-working

   
bug

   
enhancement

   
feature

New feature proposal

  
in-queue

Approved for development

  
performance

   
security

   
tech-debt

   
todo
No Label
ai-changes-requested
ai-failed
ai-pr-opened
ai-reviewed
ai-reviewing
ai-working
ai-working
bug
enhancement
feature
in-queue
performance
security
tech-debt
todo
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cal/paper-dynasty-discord#82
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?