search

jazzband / pip-tools

A set of tools to keep your pinned Python dependencies fresh.
https://pip-tools.rtfd.io
BSD 3-Clause "New" or "Revised" License
7.69k stars 610 forks source link

Handy requirements.in packages overview - current, latest, latest obeying freeze rules #2010

Open LukasJerabek opened 10 months ago

LukasJerabek commented 10 months ago

What's the problem this feature will solve?

When I want to update packages that I have in requirements.in I need to run pip-compile, override my requirements.txt and then carefully look up packages from requirements.in there, which have their version changed. Thats because I need to read changelogs for breaking changes for those. Or I do all of this (or with different approach) with a script, but then, I think this could be part of pip-tools.

Describe the solution you'd like

It would be nice to supply pip-compile with some attribute to get an output with only packages stated in requirements.in and their current version, highest available version and highest available version obeying freeze rules (like with pydantic<2)

Alternative Solutions

We have our custom script, that searches these information, but we have found out few times that the parsing was imperfect and had to update it, that made me think, that it would be nice if pip-tools provided the info by itself instead of maintaining some script, which many might have for the same purpose.

LukasJerabek commented 10 months ago

I guess it might be a little bit troublesome with displaying the current version, since I have a feeling, that pip-tools doesnt care about current versions and simply outputs the latest for the rules in requirements.in... However even latest and latest obeying freeze rules would be helpful.

WhyNotHugo commented 10 months ago

It would be nice to supply pip-compile with some attribute to get an output with only packages stated in requirements.in and their current version, highest available version and highest available version obeying freeze rules (like with pydantic<2)

This is already implemented. Define your input requirements with an aproximate or final version. Some read examples:

"Django~=4.2.0",
"django-stubs[compatible-mypy]>=4.2.4",
LukasJerabek commented 10 months ago

It would be nice to supply pip-compile with some attribute to get an output with only packages stated in requirements.in and their current version, highest available version and highest available version obeying freeze rules (like with pydantic<2)

This is already implemented. Define your input requirements with an aproximate or final version. Some read examples:

"Django~=4.2.0",
"django-stubs[compatible-mypy]>=4.2.4",

I think you misunderstood. I know you can specify rules on packages versions. I try to come up with better example. requirements.in

pydantic<2

requiremnts.txt

pydantic==1.10.13
    # via
    #   -r requirements.in
typing-extensions==4.8.0
    # via
    #   pydantic

Now I want to do an update of pydantic.

So I do have to pip-compile, see that pydantic number has risen and typing-extensions has risen. With one package it is easy to see that pydantic is in requirements.in and that is has risen its version number and I can check its changelog.

However, with many packages I would like to do this:

pip-compile --some_attribute outputs something like this: | package | current_version | latest_version | latest_version obeying freeze | | pydantic | 1.10.13 | 2.x.x | 1.10.14|

Notice that there is no typing-extensions in the table even though its version has also risen.

WhyNotHugo commented 10 months ago

pip-compile compiles requirements into pinned versions. What you're trying to do is find outdated dependencies. I don't think that this falls in scope for pip-compile.

Maybe https://pypi.org/project/pip-outdated/ is what you're looking for?

WhyNotHugo commented 10 months ago

Oh, actually, you can use:

pip list --outdated

It does exactly what you want.

LukasJerabek commented 10 months ago

It does not... We use pip list --outdated in our script, but the point is not to have to filter whole requirements.txt, but getting outdated requirements from requirements.IN ONLY. Version rules are also in requirements.IN - thats needed to be able to show outdated packages and outdated packages obeying version rules.

pip-outdated also does not work with requirements.in. Thats why I am thinking it would be good to have this functionality in pip-tools, because requirements.IN is pip-tools think.

I dont insist on updating pip-compile exactly, Id just like to see that in pip-tools somwhere...

WhyNotHugo commented 10 months ago

Oh, you want to ignore outdated dependencies, that makes sense.

LukasJerabek commented 10 months ago

Yes and also to show the latest version that complies with the version rules (which I may have badly called freeze rules earlier) in requirements.in. Because thats something I also dont get from pure pip list --outdated, requirements.in version rules need to be applied to.

AndydeCleyre commented 10 months ago

Related: #1167