Closed jxrossel closed 1 month ago
IMHO, the latest version should be sought, even in direct_minimal_versions strategy, since that strategy specifies how the lock file consistency with the pyproject file is enforced, not how the pyproject file is specified
I think, on the contrary, the lowest version should be locked.
- Another issue is what
pdm add
should do with respect to what is already specified in the pyproject file.
It means to "overwrite" what is stored in the pyproject.toml
- When reading the documentation, it is not obvious how to reliably increase the lower bounds of the dependencies specified in the pyproject file with PDM.
pdm update --unconstrained
for this. It is to "ignore" the version ranges in the pyproject.toml
temporarily and update the pinned version, then recalculate the version ranges based on the save strategy and write it back to pyproject.toml
Hi @frostming ,
Thanks for having speedily fixed this and taken the time to answer my comments!
Regarding your "lowest version" policy for pdm add <new>
under the direct_minimal_versions strategy, I might be using PDM wrong but it looks like it will make it harder to use. We use direct_minimal_versions to ensure that the lower version bounds in pyproject.toml
are tested, and therefore meaningful. When adding a new dependency in development, we do want to take the last stable version, since we will use the last features and documentation for new developments with that dependency. With this "lowest version" policy, I guess we will have to set the version we want explicitly with pdm add new_dep>=last_ver
. Am I correct?
You should probably use two lock files, one with latest versions (the default one), one with lowest versions (only used in CI, or maybe also when running tests locally).
Yes, basically you add dependencies to the default lock file which prefers latest and run pdm lock -L pdm.min.lock -S direct_minimal_versions
(The -S ...
can be omitted for subsequent runs) to produce another lock with minimal versions.
Hi @pawamoy @frostming , thank you both for your feedback. I didn't think of using two lock files. I have to give it some thoughts.
Have a nice day!
Steps to reproduce
pdm lock --strategy direct_minimal_versions
to activate the locking strategypdm add django
. This will modify the pyproject file to install the latest compatible django package (->django>=4.2.11
for python 3.9)pdm add django
. The pyproject file will now be modified to install the earliest compatible django package (->django>=1.1.3
)Expected behavior
pdm add
a second time should have no effectEnvironment Information
Discussion
pdm add
should look for the latest or earliest compatible version on its first call. IMHO, the latest version should be sought, even in direct_minimal_versions strategy, since that strategy specifies how the lock file consistency with the pyproject file is enforced, not how the pyproject file is specifiedpdm add
should do with respect to what is already specified in the pyproject file. The documentation doesn't say much about the policies followed by PDM ifpdm add
is called for an already-specified dependencypdm install
?Thanks for the awesome work done on PDM!