Pin biaplotter version with next stable release

[haesleinhuepf]

Hi all,

it's great to see all the advancements happening here.

I'm sure you are aware, this issue just allows to track this. This line in the 0.9.0 branch introduces an issue regarding reproducible builds:

napari-clusters-plotter/pyproject.toml

Line 43 in 579888c

"biaplotter@https://github.com/BiAPoL/biaplotter/archive/refs/heads/main.zip"

It uses an unspecified version of code in a remote repository. Users cannot guess what gets actually installed here. It's actually a security risk too because you install stuff via github and not via pypi. I recommend shipping biaplotter to pypi early and using defined versions for specifying dependencies.

Best,
Robert

[jo-mueller]

Hi @haesleinhuepf ,

thanks for pointing this out - it's currently there to make sure CI tests are running. Some more recent developments here on the 0.9.0 branch depend on changes in the biaplotter, that are not (yet) released, but only on main.

It's not very obvious though 🙈 - I'll change the title of this issue to make sure we don't forget to pin the versions correctly once things are released properly over at the biaplotter.

[zoccoler]

A new release of biaplotter will be on pypi next week. It is not there yet because it introduces a couple breaking changes, and I am preparing fixes on another plugin that will rely on the newer version.

[jo-mueller]

WIth @zoccoler's release and #371 merged, I'll close this. Thanks for keeping an eye out @haesleinhuepf :)