backend: swap to a dependency lockfile#3305
Open
mistydemeo wants to merge 1 commit into
Open
Conversation
|
No dependency changes detected. Learn more about Socket for GitHub. 👍 No dependency changes detected in pull request |
Contributor
Author
|
Alternately: we could use uv and its lockfile for tracking things and |
mistydemeo
force-pushed
the
misty/locked_deps
branch
3 times, most recently
from
6ad72c0 to
40405c1
Compare
Contributor
Author
|
Accidentally merged the dev and test groups here; I can split those back out if we want them separate. |
mistydemeo
force-pushed
the
misty/locked_deps
branch
2 times, most recently
from
e14ec88 to
08b6116
Compare
mistydemeo
force-pushed
the
misty/locked_deps
branch
2 times, most recently
from
1aad2b1 to
48fe822
Compare
I chose to go with uv's lockfile format for convenience since that lets us track the dependency tree a little more easily.
mistydemeo
force-pushed
the
misty/locked_deps
branch
from
48fe822 to
c88f107
Compare
emma-sg
approved these changes
May 20, 2026
Member
emma-sg
left a comment
emma-sg
left a comment
There was a problem hiding this comment.
In favour of this! It seems to speed things up a fair bit, and it also would mean we'd be able to use exclude-newer as a layer of supply-chain security.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I chose to go with uv's lockfile format for convenience since that lets us track the dependency tree a little more easily. Happy to back that out and go for
pip-compileor something else instead.