ssbarnea
commented
2 months ago I someone wants to raise a PR for implementing this, i will be more than happy to review it.
Open ssbarnea opened 3 years ago
ssbarnea
commented
2 months ago I someone wants to raise a PR for implementing this, i will be more than happy to review it.
dscorbett
commented
2 months ago I have written a script that does something like this. Maybe you can use it as the basis for something in pip-tools. I can relicense it if necessary.
What's the problem this feature will solve?
Verify if project requirements are not outdated and allowing versions that are not really compatible.
Describe the solution you'd like
While pip-compile is great for producing pin lists, it does this by preferring the latest versions published. That is good as for validating the upper bounds.
Still, for library that do need to support a wide range of dependency this approach does detection of code changes that may make use of features that were introduce in newer versions of the dependencies, mainly the advertised dependencies may get out of sync.
We need a feature that would allow us to build a lower-constraints.txt file and used that for validating the worst-case of outdated but supported dependencies.
Alternative Solutions
Additional context
Obviously that this feature needs and optional switch and that users would need to created separated test environments for this particular case. Still, this is very easy to implement once pip-compile would be able to run using prefer oldest instead of prefer-newest.