Do not pin dependency versions

Question

Do not pin dependency versions

jonashaag opened this issue 4 years ago · 2 comments

Pinning dependencies of a library to an exact version (e.g., pandas==1.0.1) has many drawbacks, for example security issues. I see no reason why the dependencies have to be pinned for surfboard.

Maybe we can pin only the major versions, e.g. pandas>=1,<2.

Answer 1 · 2020-05-27T15:08:22.000Z

Thanks very much -- we'll consider this.

Answer 2 · 2020-06-02T09:26:24.000Z

Addressed in #13 . Thanks for the suggestion @jonashaag