-
Task
-
Resolution: Won't Do
-
Major
-
None
-
None
-
5
-
False
-
-
False
-
-
Quarterly reminder to review and update the python deps we're using for markdown techdocs.
- [ ] Review the python/requirements* files and determine if we can update them and/or remove anything no longer required
- [ ] Ensure that the upstream and downstream builds pin the same versions, wherever possible
Note that where python deps do not distribute sources, a hermeto config workaround (or a security policy exception) is needed:
- https://github.com/hermetoproject/hermeto/blob/main/docs/pip.md#dependency-does-not-distribute-sources
- https://gitlab.cee.redhat.com/releng/konflux-release-data/-/blob/main/config/stone-prod-p02.hjvn.p1/product/EnterpriseContractPolicy/registry-rhdh-prod.yaml#L39-42
See also:
Note also that these are the same (but we need the source zip, because 3.9.7 doesn't include sources in a way that makes hermeto happy):
plantuml-markdown @ https://github.com/mikitex70/plantuml-markdown/archive/fcf62aa930708368ec1daaad8b5b5dbe1d1b2014.zip#cachito_hash=sha256:a487c2312a53fe47a0947e8624290b2c8ea51e373140d02950531966b1db5caa
and
plantuml-markdown==3.9.7
