Lower requirements constraints about json2xml HOT 6 CLOSED

@fmigneault I think you are right. On one hand, having pinned dependencies is nice for reproducibility, but that's more useful for an application and for libraries, it should be more relaxed so that it is more useful in other contexts.

I am going to fix this and do a new release soon.

Thanks for pointing it out.

from json2xml.

@vinitkumar Works like a charm! Thanks for the update.

from json2xml.

@fmigneault I just pushed a released to pypi where I fixed the complaint you had. https://pypi.org/project/json2xml/3.20.0/

Please check it and let me know if this fix the issue for you?

Thanks again for pointing this out.

from json2xml.

@vinitkumar
Is it possible to loosen the urllib3 version dependency as you did with the previous PR?
Although I see that you did update it in 092b132, the current latest available release https://github.com/vinitkumar/json2xml/tree/v4.0.1 drags it down to urllib3==1.26.13 instead of letting pip auto-resolve urllib3 to the latest available version. Every code that uses json2xml is therefore "less secure" because they must wait until you release a new version to respect dependencies.

from json2xml.

@fmigneault You raise a brilliant point. I haven't thought about this before. I am also thinking of not hardcoding a version on both the dependencies in requirements and pip auto to decide if those work or not. We have good test coverage to catch any regression. And at the same time, it would not limit people using these dependencies to run insecure versions.

from json2xml.

Thanks for the quick fix. Greatly appreciated!

from json2xml.