(I apologise for essentially filing a "my version pinning philosophy differs from yours" bug)
Part of my test suite involves "run flake8, fail the tests if any errors are generated". I believe this to be a relatively common scenario.
flake8 does not pin its dependencies. Over the weekend,
pep8 version 1.6.0 was released, which added new checks. This meant my code, despite using a pinned version of flake8, went from "passing" to "not passing" with no internal changes.
I understand that I could, and perhaps should, pin everything -
flake8 and all transient dependencies.
However, I propose that flake8 should pin its dependencies - it's effectively a standalone tool rather than a library designed for integration with other existing libraries; it should be enough to say "my code is clean under
flake8==2.3.0", rather than needing to declare "this version of flake8 with this version of pep8 and this version of pyflakes and this version of mccabe".