Make it possible to avoid yanked versions of packages in the compiled requirements

barseghyanartur commented 6 months ago

What's the problem this feature will solve?

For instance, Django 4.2.12 was marked as yanked, but appears in the compiled requirements. Not good.

Describe the solution you'd like

At least to have an option to opt-out from yanked versions. It would be better though to have that as a default (and have an optional argument for opting-in).

Alternative Solutions

None

Additional context

https://pypi.org/project/Django/4.2.12/

AndydeCleyre commented 6 months ago

$ pip-compile --version
pip-compile, version 7.4.1
$ pip -V
pip 24.0 from /.../pip (python 3.10)
$ echo 'django<4.2.13' >reqs.in
$ pip-compile --no-header --strip-extras --annotation-style=line reqs.in
asgiref==3.8.1            # via django
django==4.2.11            # via -r reqs.in
sqlparse==0.5.0           # via django
typing-extensions==4.11.0  # via asgiref
$ echo 'django>4.2.11' >>reqs.in
$ pip-compile --no-header --strip-extras --annotation-style=line reqs.in
  ERROR: Cannot install django<4.2.13 and django>4.2.11 because these package versions have conflicting dependencies.

What input file and command are giving you django 4.2.12 in the output?

barseghyanartur commented 6 months ago

It might be that you already do that. In that case, maybe I was unlucky, and my requirements were compiled after the release has been marked as yanked. In that case, sorry for the buzz.

jazzband / pip-tools