I know that the first thought while reading the task's title was "oh no please, not another dependency hell.." :D
I think that we should bump revscoring to 2.11.4 in our Docker images, and change the dependencies that breaks. I see multiple benefits:
- We keep the same version on ORES and Lift Wing. I don't think it makes a lot of sense to replace ORES if we don't have a complete feature parity. We have 2.11.1 on ORES but we'll deploy 2.11.4 soon.
- In T296173#7952700 there is a good example of problems that we'll encounter if we are not used to bump revscoring. Aiko tried to jump to kserve 0.8 (something that we'll likely have to do soon) and there was a problem with numpy deps, that we can probably fix with a new release of revscoring. If we keep lagging behind we'll not be able to rapidly fix these issues over time.
- Security fixes will become harder and harder the more we lag in Docker images.
Let me know your thoughts! It shouldn't be too painful to test one Docker image and see how it goes with revscoring 2.11.4, then we can decide how much work will be needed to migrate them all.