Skip to content

Loosen dependency version constraints for pyo3, serde, and serde_json #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Loosen dependency version constraints for pyo3, serde, and serde_json #21

wants to merge 6 commits into from

Conversation

LockedThread
Copy link
Contributor

Description:

This PR updates the version constraints for the dependencies in our Cargo.toml file to provide more flexibility in dependency resolution. Specifically:

  • Main Dependencies:

    • Changed pyo3 from "0.23.0" to ">=0.23".
    • Changed serde from "1.0.190" to ">=1.0".

  • Dev Dependencies:

    • Updated pyo3 from { version = "0.23.0", features = ["auto-initialize"] } to { version = ">=0.23", features = ["auto-initialize"] }.
    • Updated serde from { version = "1.0.190", features = ["derive"] } to { version = ">=1.0", features = ["derive"] }.
    • Updated serde_json from "1.0.108" to ">=1.0".

Rationale:

  • Flexibility: Allowing versions greater than or equal to the specified minimum enables compatibility with newer releases and patch updates without forcing an immediate version bump across the board.
  • Ease of Maintenance: This approach minimizes potential dependency conflicts, especially for downstream users who might already be using newer versions of pyo3 or serde.

Impact:

  • The changes are limited to version specification in Cargo.toml and should not affect the API or functionality.
  • All tests are expected to pass as long as the newer versions remain backwards compatible.

Additionally, I check what the minimum supported pyo3 version is and it is 0.23.0.

Please review and let me know if further adjustments are needed.

@LockedThread LockedThread mentioned this pull request Apr 2, 2025
Draft
@LockedThread
Copy link
Contributor Author

@konn Please review.

termoshtt
termoshtt reviewed May 24, 2025
View reviewed changes
Cargo.toml
pyo3 = ">=0.23.0, <0.25.0"
serde = "1.0.190"
pyo3 = ">=0.23.0, <0.26.0"
serde = "1"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since serde = "1.0.190" means 1.0.190 <= version < 2.0.0 (not < 1.1), this change only allows 1.0.189 or older. There is no reason to use old patch version. This change is not acceptable.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree there are very few reasons to use old patch versions. I decided to loosen the serde dependency after looking at my dependency tree and realizing my binary was using 10 different versions of serde. This is caused by libraries having strict versions.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Additionally, at the very least we should increase the pyo3 bounds to <0.26.0 since the release of 0.25.0, in preparation of 0.25.1 being released.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@termoshtt termoshtt termoshtt left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@LockedThread @termoshtt