Serverless-python-requirements: Unable to upgrade boto3 version

Created on 14 Sep 2018  路  5Comments  路  Source: UnitedIncome/serverless-python-requirements

Hi!

I see that boto3 is ignored: https://github.com/UnitedIncome/serverless-python-requirements/blob/137f8e1b1e10579a2b8db88a49c335329a3307dd/index.js#L48

AWS lambda boto3 version is typically far behind the latest release. Presently lambdas come with

BOTO3 VERSION: 1.7.74

However, I would like to vendor in a newer version, like 1.9.3

It would be great to allow serverless-python-requirements to package the latest in for me. What are your thoughts on this? In many serverless projects I vendor in the latest boto3. This is sort of a common practice / safe to do.

Most helpful comment

The correct way to handle this is to use the noDeploy option. boto3 is just in the defaults. Specifying the option overrides the defaults, it doesn't append to it. So add this to your config to not omit any dependencies:

custom:
  pythonRequirements:
    noDeploy: []

These are the default excludes for reference: https://github.com/UnitedIncome/serverless-python-requirements/blob/e14aac9542bfcaa540a5b7c23e1e91999cde890d/index.js#L47-L57

All 5 comments

I ended up going down the vendored libraries route https://www.npmjs.com/package/serverless-python-requirements#vendor-library-directory

But, I think it would be nice to allow boto3 by removing from noDeploy. That way I don't have to check in the vendored boto3 library into my code base directly.

I believe if you use the version pinning syntax it won鈥檛 skip installing the latest boto... eg boto3==1.9.3

Actually I just checked, that syntax won't work either. @dschep or anyone else have any objections to me changing the following regex to only check if the line equals the line in noDeploy, not contains that string. This would allow version pinned requirements to be installed if the user specified a version pin which I think is a desirable state-of-things.

https://github.com/UnitedIncome/serverless-python-requirements/blob/b32f55bb1791c38cbe8de2e30ca61af92e092fc8/lib/inject.js#L37

I've ran into this problem personally also, and similarly used vendored libraries, but the version pinning seems way cleaner. Thoughts?

The correct way to handle this is to use the noDeploy option. boto3 is just in the defaults. Specifying the option overrides the defaults, it doesn't append to it. So add this to your config to not omit any dependencies:

custom:
  pythonRequirements:
    noDeploy: []

These are the default excludes for reference: https://github.com/UnitedIncome/serverless-python-requirements/blob/e14aac9542bfcaa540a5b7c23e1e91999cde890d/index.js#L47-L57

Those defaults are now removed from master.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

bsamuel-ui picture bsamuel-ui  路  3Comments

miketheman picture miketheman  路  3Comments

simplesteph picture simplesteph  路  5Comments

jnicho02 picture jnicho02  路  6Comments

amadensor picture amadensor  路  3Comments