From 653900dc150d5d29f042802a5812e3f4c2898e4f Mon Sep 17 00:00:00 2001 From: egg Date: Fri, 13 Feb 2026 14:41:34 +0800 Subject: [PATCH] chore(deps): lock pandas to 2.3.3 and add upper bounds --- environment.yml | 82 ++++++++++++++++++++++++------------------------ pyproject.toml | 25 ++++++++------- requirements.txt | 24 +++++++------- 3 files changed, 66 insertions(+), 65 deletions(-) diff --git a/environment.yml b/environment.yml index a74722b..f14bd12 100644 --- a/environment.yml +++ b/environment.yml @@ -1,46 +1,46 @@ -# Conda environment for MES Dashboard -# Usage: conda env create -f environment.yml -# conda activate mes-dashboard -# -# Note: Most packages use minimum version pins (>=) to allow automatic security updates. -# For reproducible builds, generate a lock file: pip freeze > requirements.lock - -name: mes-dashboard -channels: - - conda-forge - - defaults +# Conda environment for MES Dashboard +# Usage: conda env create -f environment.yml +# conda activate mes-dashboard +# +# Note: Packages use bounded ranges (>=,<) to avoid accidental major-version breaks. +# For reproducible builds, generate a lock file: pip freeze > requirements.lock + +name: mes-dashboard +channels: + - conda-forge + - defaults dependencies: # Python version - pinned for consistency across deployments - python=3.11 # Frontend build toolchain (Vite) - nodejs>=22 - - # Use pip for Python packages (better compatibility with pypi packages) - - pip - - pip: - # Core Framework - - flask>=3.0.0 - - # Database - - oracledb>=2.0.0 - - sqlalchemy>=2.0.0 - - # Data Processing - - pandas>=2.0.0 - - openpyxl>=3.0.0 - - # Cache (Redis) - - redis>=5.0.0 - - hiredis>=2.0.0 # C parser for better performance - - # HTTP Client - - requests>=2.28.0 - - # Configuration - - python-dotenv>=1.0.0 - - # WSGI Server (Production) - - gunicorn>=21.2.0 - - # System Monitoring - - psutil>=5.9.0 + + # Use pip for Python packages (better compatibility with pypi packages) + - pip + - pip: + # Core Framework + - flask>=3.0.0,<4.0.0 + + # Database + - oracledb>=2.0.0,<4.0.0 + - sqlalchemy>=2.0.0,<3.0.0 + + # Data Processing + - pandas==2.3.3 # Pin DBAPI2-compatible release for current pd.read_sql flow + - openpyxl>=3.0.0 + + # Cache (Redis) + - redis>=5.0.0,<6.0.0 + - hiredis>=2.0.0,<4.0.0 # C parser for better performance + + # HTTP Client + - requests>=2.28.0,<3.0.0 + + # Configuration + - python-dotenv>=1.0.0,<2.0.0 + + # WSGI Server (Production) + - gunicorn>=21.2.0,<25.0.0 + + # System Monitoring + - psutil>=5.9.0,<7.0.0 diff --git a/pyproject.toml b/pyproject.toml index 952ecdc..49fa1b7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -22,36 +22,37 @@ classifiers = [ "License :: OSI Approved :: MIT License", ] -# Note: Using minimum version pins (>=) to allow automatic security updates. +# Note: Use bounded ranges (>=,<) to avoid accidental major-version breaks. # For reproducible builds, use: pip freeze > requirements.lock dependencies = [ # Core Framework - "flask>=3.0.0", + "flask>=3.0.0,<4.0.0", # Database - "oracledb>=2.0.0", - "sqlalchemy>=2.0.0", + "oracledb>=2.0.0,<4.0.0", + "sqlalchemy>=2.0.0,<3.0.0", # Data Processing - "pandas>=2.0.0", + # Pin pandas to a DBAPI2-compatible release for current pd.read_sql flow. + "pandas==2.3.3", "openpyxl>=3.0.0", # Cache (Redis) - "redis>=5.0.0", - "hiredis>=2.0.0", + "redis>=5.0.0,<6.0.0", + "hiredis>=2.0.0,<4.0.0", # HTTP Client - "requests>=2.28.0", + "requests>=2.28.0,<3.0.0", # Configuration - "python-dotenv>=1.0.0", + "python-dotenv>=1.0.0,<2.0.0", # WSGI Server - "gunicorn>=21.2.0", - "waitress>=2.1.2; platform_system == 'Windows'", + "gunicorn>=21.2.0,<25.0.0", + "waitress>=2.1.2,<4.0.0; platform_system == 'Windows'", # System Monitoring - "psutil>=5.9.0", + "psutil>=5.9.0,<7.0.0", ] [project.optional-dependencies] diff --git a/requirements.txt b/requirements.txt index a3a137f..614d054 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,35 +2,35 @@ # =========================== # # Version Strategy: -# Using minimum version pins (>=) to allow automatic security updates. +# Use bounded version ranges (>=,<) to avoid accidental major-version breaks. # For reproducible builds, generate a lock file: pip freeze > requirements.lock # # Python Version: >=3.9 (recommended: 3.11) # Core Framework -flask>=3.0.0 +flask>=3.0.0,<4.0.0 # Database -oracledb>=2.0.0 -sqlalchemy>=2.0.0 +oracledb>=2.0.0,<4.0.0 +sqlalchemy>=2.0.0,<3.0.0 # Data Processing -pandas>=2.0.0 # Note: numpy is installed as a dependency +pandas==2.3.3 # pandas 3.x removed DBAPI2 flow used by current pd.read_sql + SQLAlchemy usage openpyxl>=3.0.0 # Excel file support # Cache (Redis) -redis>=5.0.0 -hiredis>=2.0.0 # C parser for better Redis performance +redis>=5.0.0,<6.0.0 +hiredis>=2.0.0,<4.0.0 # C parser for better Redis performance # HTTP Client -requests>=2.28.0 +requests>=2.28.0,<3.0.0 # Configuration -python-dotenv>=1.0.0 +python-dotenv>=1.0.0,<2.0.0 # WSGI Server -gunicorn>=21.2.0 # Linux/macOS production server -waitress>=2.1.2; platform_system=="Windows" # Windows alternative +gunicorn>=21.2.0,<25.0.0 # Linux/macOS production server +waitress>=2.1.2,<4.0.0; platform_system=="Windows" # Windows alternative # System Monitoring -psutil>=5.9.0 # Process and system utilities +psutil>=5.9.0,<7.0.0 # Process and system utilities