Dependabot increase to latest available

Borda · May 16, 2022, 10:32am

I wonder if there is a way to make the dependency update safe/reliable and update to the latest available package version so it can be tested and not increase to a future version that is not released yet…

for example, if we have requirements such as

packageABC >= 0.1, <=0.8.6

and there is a new release 0.8.7, so I want to increase the version to <=0.8.7 not to <0.9 as I can’t know if eventually next 0.8.8 is also safe… see the sample PR from dependable bellow which bumped version from actual 12.x to even 13.0 which is unacceptable

github.com/PyTorchLightning/pytorch-lightning

Update rich requirement from !=10.15.*,<=12.0.0,>=10.2.2 to >=10.2.2,!=10.15.0.a,<13.0.0 in /requirements

PyTorchLightning:master ← PyTorchLightning:dependabot-pip-requirements-rich-gte-10.2.2-and-neq-10.15.0.a-and-lt-13.0.0

opened 01:14PM - 12 May 22 UTC

dependabot[bot]

+1 -1

Updates the requirements on [rich](https://github.com/willmcgugan/rich) to permi…t the latest version. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/willmcgugan/rich/releases">rich's releases</a>.</em></p> <blockquote> <h2>SVG Redux Redux</h2> <p>A fix and further enhancements to the SVG export.</p> <p>Default color scheme is now dimmed Monokai, and there is a keyline around the terminal so it looks distinct against a dark background.</p> <p><img src="https://user-images.githubusercontent.com/554369/167307024-2f354792-9ba2-4dea-bf60-dba34ae584ce.svg" alt="Rich SVG example" /></p> <h2>[12.4.1] - 2022-05-08</h2> <h3>Fixed</h3> <ul> <li>Fix for default background color in SVG export <a href="https://github-redirect.dependabot.com/Textualize/rich/issues/2260">Textualize/rich#2260</a></li> </ul> <h3>Changed</h3> <ul> <li>Added a keyline around SVG terminals which is visible on dark backgrounds</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Textualize/rich/blob/master/CHANGELOG.md">rich's changelog</a>.</em></p> <blockquote> <h2>[12.4.1] - 2022-05-08</h2> <h3>Fixed</h3> <ul> <li>Fix for default background color in SVG export <a href="https://github-redirect.dependabot.com/Textualize/rich/issues/2260">Textualize/rich#2260</a></li> </ul> <h3>Changed</h3> <ul> <li>Added a keyline around SVG terminals which is visible on dark backgrounds</li> </ul> <h3>Changed</h3> <ul> <li>Added a keyline around SVG terminals which is visible on dark backgrounds</li> </ul> <h2>[12.4.0] - 2022-05-07</h2> <h3>Changed</h3> <ul> <li>Rebuilt SVG export to create a simpler SVG that is more portable</li> <li>Fix render_lines crash when render height was negative <a href="https://github-redirect.dependabot.com/Textualize/rich/pull/2246">Textualize/rich#2246</a></li> </ul> <h3>Added</h3> <ul> <li>Add <code>padding</code> to Syntax constructor <a href="https://github-redirect.dependabot.com/Textualize/rich/pull/2247">Textualize/rich#2247</a></li> </ul> <h2>[12.3.0] - 2022-04-26</h2> <h3>Added</h3> <ul> <li>Ability to change terminal window title <a href="https://github-redirect.dependabot.com/Textualize/rich/pull/2200">Textualize/rich#2200</a></li> <li>Added show_speed parameter to progress.track which will show the speed when the total is not known</li> <li>Python blocks can now opt out from being rendered in tracebacks's frames, by setting a <code>_rich_traceback_omit = True</code> in their local scope <a href="https://github-redirect.dependabot.com/Textualize/rich/issues/2207">Textualize/rich#2207</a></li> </ul> <h3>Fixed</h3> <ul> <li>Fall back to <code>sys.__stderr__</code> on POSIX systems when trying to get the terminal size (fix issues when Rich is piped to another process)</li> <li>Fixed markup escaping issue <a href="https://github-redirect.dependabot.com/Textualize/rich/issues/2187">Textualize/rich#2187</a></li> <li>Safari - Box appearing around SVG export <a href="https://github-redirect.dependabot.com/Textualize/rich/pull/2201">Textualize/rich#2201</a></li> <li>Fixed recursion error in Jupyter progress bars <a href="https://github-redirect.dependabot.com/Textualize/rich/issues/2047">Textualize/rich#2047</a></li> <li>Complex numbers are now identified by the highlighter <a href="https://github-redirect.dependabot.com/Textualize/rich/issues/2214">Textualize/rich#2214</a></li> <li>Fix crash on IDLE and forced is_terminal detection to False because IDLE can't do escape codes <a href="https://github-redirect.dependabot.com/Textualize/rich/issues/2222">Textualize/rich#2222</a></li> <li>Fixed missing blank line in traceback rendering <a href="https://github-redirect.dependabot.com/Textualize/rich/issues/2206">Textualize/rich#2206</a></li> <li>Fixed running Rich with the current working dir was deleted <a href="https://github-redirect.dependabot.com/Textualize/rich/issues/2197">Textualize/rich#2197</a></li> </ul> <h3>Changed</h3> <ul> <li>Setting <code>total=None</code> on progress is now possible, and will display pulsing animation</li> <li>Micro-optimization for Segment.divide</li> </ul> <h2>[12.2.0] - 2022-04-05</h2> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Textualize/rich/commit/0fd6bc567f761cecb764673979c7491b1aa2c51b"><code>0fd6bc5</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/willmcgugan/rich/issues/2262">#2262</a> from Textualize/svg-default-back</li> <li><a href="https://github.com/Textualize/rich/commit/3239e56a2bfc26cc0942df960e57468dbd21f8e5"><code>3239e56</code></a> version bump</li> <li><a href="https://github.com/Textualize/rich/commit/bcf6cff58d783ecab721664585363afa7da0e61b"><code>bcf6cff</code></a> test fix</li> <li><a href="https://github.com/Textualize/rich/commit/1e0e33e9440a17c3d041ad907bea554188f3a37f"><code>1e0e33e</code></a> tweaked backgorund and border of terminal</li> <li><a href="https://github.com/Textualize/rich/commit/fb8843bb49d534679d0b32ac6a475ee994e9d9aa"><code>fb8843b</code></a> changelog</li> <li><a href="https://github.com/Textualize/rich/commit/4761fa9eeb96d76d790fc7a781e600fc853533d3"><code>4761fa9</code></a> fix test</li> <li><a href="https://github.com/Textualize/rich/commit/8f066de5248ff860aa5eb7158abc1a3bc9c6c967"><code>8f066de</code></a> tweaks to SVG output</li> <li><a href="https://github.com/Textualize/rich/commit/7cbbd6ba6a1956429cea8687abf32a38fa466cb7"><code>7cbbd6b</code></a> version links</li> <li><a href="https://github.com/Textualize/rich/commit/2c21b51d2e713016b271b66fc6f3ffb93eec3daf"><code>2c21b51</code></a> changlog</li> <li><a href="https://github.com/Textualize/rich/commit/b6a5824204d381df3d8d0fcf8823f23f8b7ddb55"><code>b6a5824</code></a> fix for default background in svg export</li> <li>Additional commits viewable in <a href="https://github.com/willmcgugan/rich/compare/v10.2.2...v12.4.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>