Generate gemnasium-python's requirements.txt using pip-compile
What does this MR do?
While working on adding support for Python 3.11 and 3.12 (see !620 (closed)) I had to bump some dependencies because they were quite dated and didn't play ball with newer Python versions. That opened a whole can of worms that is finding transitive dependencies that are mutually compatible. Instead of trying to figure out them all by hand I just picked a tool I've used in great success in the past, pip-tools
and more specifically pip-compile
.
And while I was at it I cleaned up the dependency list so that requirements.in
only lists packages that are directly needed by the project and pins them to versions that aren't (supposedly) going to introduce backwards incompatible changes. If we're using a tool to figure out what transitive dependencies and what versions are needed then there's no point doing its work for it.
Also created a configuration file for pip-compile
for easier usage.
What are the relevant issue numbers?
None, but this prepares for Python 3.11 and 3.12 support in !620 (closed).
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer