Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handy requirements.in packages overview - current, latest, latest obeying freeze rules #2010

Open
LukasJerabek opened this issue Oct 27, 2023 · 9 comments
Open

Handy requirements.in packages overview - current, latest, latest obeying freeze rules #2010

LukasJerabek opened this issue Oct 27, 2023 · 9 comments

Comments

@LukasJerabek
Copy link

LukasJerabek commented Oct 27, 2023
edited

What's the problem this feature will solve?

When I want to update packages that I have in requirements.in I need to run pip-compile, override my requirements.txt and then carefully look up packages from requirements.in there, which have their version changed. Thats because I need to read changelogs for breaking changes for those. Or I do all of this (or with different approach) with a script, but then, I think this could be part of pip-tools.

Describe the solution you'd like

It would be nice to supply pip-compile with some attribute to get an output with only packages stated in requirements.in and their current version, highest available version and highest available version obeying freeze rules (like with pydantic<2)

Alternative Solutions

We have our custom script, that searches these information, but we have found out few times that the parsing was imperfect and had to update it, that made me think, that it would be nice if pip-tools provided the info by itself instead of maintaining some script, which many might have for the same purpose.
@LukasJerabek
Copy link
Author

I guess it might be a little bit troublesome with displaying the current version, since I have a feeling, that pip-tools doesnt care about current versions and simply outputs the latest for the rules in requirements.in... However even latest and latest obeying freeze rules would be helpful.

@WhyNotHugo
Copy link
Member

It would be nice to supply pip-compile with some attribute to get an output with only packages stated in requirements.in and their current version, highest available version and highest available version obeying freeze rules (like with pydantic<2)

This is already implemented. Define your input requirements with an aproximate or final version. Some read examples:

"Django~=4.2.0",
"django-stubs[compatible-mypy]>=4.2.4",

@LukasJerabek
Copy link
Author

LukasJerabek commented Oct 27, 2023
edited

It would be nice to supply pip-compile with some attribute to get an output with only packages stated in requirements.in and their current version, highest available version and highest available version obeying freeze rules (like with pydantic<2)

This is already implemented. Define your input requirements with an aproximate or final version. Some read examples:

"Django~=4.2.0",
"django-stubs[compatible-mypy]>=4.2.4",

I think you misunderstood. I know you can specify rules on packages versions. I try to come up with better example.
requirements.in

pydantic<2

requiremnts.txt

pydantic==1.10.13
    # via
    #   -r requirements.in
typing-extensions==4.8.0
    # via
    #   pydantic

Now I want to do an update of pydantic.

So I do have to pip-compile, see that pydantic number has risen and typing-extensions has risen. With one package it is easy to see that pydantic is in requirements.in and that is has risen its version number and I can check its changelog.

However, with many packages I would like to do this:

pip-compile --some_attribute outputs something like this:
| package | current_version | latest_version | latest_version obeying freeze |
| pydantic | 1.10.13 | 2.x.x | 1.10.14|

Notice that there is no typing-extensions in the table even though its version has also risen.

@WhyNotHugo
Copy link
Member

pip-compile compiles requirements into pinned versions. What you're trying to do is find outdated dependencies. I don't think that this falls in scope for pip-compile.

Maybe https://pypi.org/project/pip-outdated/ is what you're looking for?

@WhyNotHugo
Copy link
Member

WhyNotHugo commented Oct 27, 2023
edited

Oh, actually, you can use:

pip list --outdated

It does exactly what you want.

@LukasJerabek
Copy link
Author

It does not... We use pip list --outdated in our script, but the point is not to have to filter whole requirements.txt, but getting outdated requirements from requirements.IN ONLY. Version rules are also in requirements.IN - thats needed to be able to show outdated packages and outdated packages obeying version rules.

pip-outdated also does not work with requirements.in. Thats why I am thinking it would be good to have this functionality in pip-tools, because requirements.IN is pip-tools think.

I dont insist on updating pip-compile exactly, Id just like to see that in pip-tools somwhere...

@WhyNotHugo
Copy link
Member

Oh, you want to ignore outdated dependencies, that makes sense.

@LukasJerabek
Copy link
Author

Yes and also to show the latest version that complies with the version rules (which I may have badly called freeze rules earlier) in requirements.in. Because thats something I also dont get from pure pip list --outdated, requirements.in version rules need to be applied to.

@AndydeCleyre
Copy link
Contributor

Related: #1167

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@WhyNotHugo @AndydeCleyre @LukasJerabek