Document dependency versioning

prowler-cloud/prowler

Based on 3 comments

Toml

Use consistent patterns for specifying dependency versions in configuration files and document reasoning behind version constraints. Guidelines: 1. Use exact versions (`==`) for stability-critical dependencies

Configurations Toml

Reviewer Prompt

Use consistent patterns for specifying dependency versions in configuration files and document reasoning behind version constraints.

Guidelines:

Use exact versions (==) for stability-critical dependencies
Use version ranges only when there’s a specific compatibility requirement
Document the reason for version constraints, especially when using ranges or preventing upgrades
Only add dependencies to the root configuration when the constraint applies project-wide

Example:

# Exact version for stability
some-critical-package = "1.2.3"

# Version range with documented reason
marshmallow = ">=3.15.0,<4.0.0"  # Safety tool incompatible with v4.0+

# Development dependency with more flexibility
pytest = ">=7.0.0"

When adding version constraints that differ from the project norm or prevent upgrades, add a comment explaining why, either in the PR description or inline with the configuration change.

Comments Analyzed

Toml

Primary Language

Configurations

Document dependency versioning

Reviewer Prompt

Source Discussions

Add Repository

Private Repository