“How do we make sure that like ownership is like kept up?”
People are pushing new things, abandoning things left behind. We don’t have any official steward of the codebase. Stephens team has the power to say, we’re doing it this way moving forward.
Figuring out performance stuff is pretty critical
Using pip tools before, migrated to poetry.
Engineer on the security team is looking at this from a security angle. Dependabot making sure we don’t have any big vulnerabilities.
Pip tools not supported by dependabot, poetry was
Infra team owns AWS layer
Eli gets tagged when vulnerabilities come up
NOthing stopping adding from a new dependency
Like to see when folks are adding a dependency.
"Lets look at these packages that are several major versions behind"
If it's a big one, it becomes a backlog item
Have familiarity with libCST, codemod stuff
SEMGrep rewriter is very bad
Grit - They want to write a SQL Alchemy rewriter and publish open source
Our team would be responsible for writing the initial codemod
The team identifies areas in the codebase that have not yet been addressed, termed "long migrations."
They consider implementing tools like Semgrep or Flake to check for correct syntax usage.
Migration tasks are assigned based on which team is responsible for the relevant portion of the code.
For complex migrations like SQL Alchemy, they use detailed migration guides provided by the library.
Recognizing that these guides can be extensive, they focus on curating the most relevant sections for their team's needs.
If necessary, they create their own concise instructions or summaries to facilitate the migration process.
Want to print your doc? This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
