deps: bump flagsmith-common from 2.2.4 to 2.2.5#6256
deps: bump flagsmith-common from 2.2.4 to 2.2.5#6256matthewelwell wants to merge 18 commits intomainfrom
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub. 3 Skipped Deployments
|
Docker builds report
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #6256 +/- ##
=======================================
Coverage 98.01% 98.01%
=======================================
Files 1278 1278
Lines 45183 45183
=======================================
Hits 44285 44285
Misses 898 898 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
A snippet of the traceback from the CI failure here: This indicates to me that there's something wrong in the creation of the directory (as done here, by our own process now) which means that the prometheus process is unable to write to it. Looking at this thread might give us some answers. |
There was a problem hiding this comment.
This PR is being reviewed by Cursor Bugbot
Details
Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| djangorestframework-dataclasses = "^1.3.1" | ||
| pyotp = "^2.9.0" | ||
| flagsmith-common = "^2.2.4" | ||
| flagsmith-common = { git = "https://github.com/flagsmith/flagsmith-common", branch = "fix/os-dir-permissions" } |
There was a problem hiding this comment.
Bug: Unstable Dependencies Break Build Reproducibility
The dependency points to a mutable git branch fix/os-dir-permissions instead of a version tag, despite the PR claiming to bump to version 2.2.5. This creates non-reproducible builds since the branch content can change without notice, and different installations could receive different code. The dependency should reference a specific version tag or commit hash for reproducibility.
| djangorestframework-dataclasses = "^1.3.1" | ||
| pyotp = "^2.9.0" | ||
| flagsmith-common = "^2.2.4" | ||
| flagsmith-common = { git = "https://github.com/flagsmith/flagsmith-common", branch = "fix/os-dir-permissions" } |
There was a problem hiding this comment.
Bug: Conflicting Dependency Sources Block Installation
The flagsmith-common dependency is declared twice with conflicting sources: once in main dependencies as a git branch (line 166) and once in dev dependencies with a version constraint and extras (line 250). Poetry cannot resolve conflicting dependency sources for the same package, which will cause installation failures or unpredictable behavior. The dev dependency declaration needs to either use the same git source with extras or be removed if the git source already provides the needed functionality.
| djangorestframework-dataclasses = "^1.3.1" | ||
| pyotp = "^2.9.0" | ||
| flagsmith-common = "^2.2.4" | ||
| flagsmith-common = { git = "https://github.com/flagsmith/flagsmith-common", branch = "fix/os-dir-permissions" } |
There was a problem hiding this comment.
Reminder to use a tagged version.
|
Superseded by #6267 |
Changes
Update flagsmith-common from 2.2.4 to 2.2.6.
Contributes to #5990 and resolves this Sentry issue.
See the following PRs in flagsmith-common for more context.
Flagsmith/flagsmith-common#118
Flagsmith/flagsmith-common#120
How did you test this code?
Tested in flagsmith-common repo.