Open maximlt opened 1 year ago
Noting as I just saw that that develop_install
has a --pin-deps
flag (or --no-pin-deps
). It will apparently parse the setup.cfg
file and look for such setting:
[tool:pyctdev]
pins =
holoviews = 1.10.0
hypothesis = 3.56.0
It actually looks like this could be an alternative to the suggestion I've made. In particular when a pin is of the greater than type, there should be a way to manually set what is the minimum version to actually install. This mechanism can do that, its drawback being that it means duplicating the listing of the runtime dependencies between two files (currently setup.py
and setup.cfg
).
The solution I suggested in the first post implies that none of the pins is of the type greater than.
The HoloViz packages declare their Python runtime dependencies in the
install_requires
parameter of theirsetup.py
file. In most cases these dependencies are pinned, e.g.bokeh >= 1.1
. Pins are usually set at a point in time when they're known to be valid. For instance, the package relies on a new API made available in Bokeh 1.1, so the pin has to bebokeh >= 1.1
to prevent the package to be installed with older versions of Bokeh. However, these minimum pins are only tested for a short while. Each new release of the pinned dependency (e.g. Bokeh1.2
,2.0
,2.1
, etc.) makes the pin more likely to be invalid, as it might well be that the package relies on new API that would have required a minimum version bump, which could easily be missed. As the dependencies installed part of a test suite are generally the latest one available (or close to that), there's simply no way to detect this sort of issue.A parameter could be added to the
develop_install
command, that when set would force the installation of the minimum declared dependency versions (e.g.bokeh==1.1
).Some packages don't pin all their dependencies:
https://github.com/holoviz/hvplot/blob/master/setup.py#L34
I believe that in practice it is pretty unlikely for a package to work with any version of one of its dependencies. I would suggest that
doit develop_install --new-flag
should raise an error when it finds an unpinned runtime dependency.