Library dependency versions too strict

[ghost]

A library should not pin specific dependency versions using "==" in setup.py.

I see that this was done based on https://github.com/testdevlab/Py-TestUI/pull/40, but I think that the solution is far from optimal.

There are a couple of issues if a user wants to integrate the framework into his project which also has other dependencies:

• pip will have a tough time resolving the versions leading to long install times and possibly fail to resolve some deps
• if there is another dependency with pinned versions, it's inevitable that the installation will fail with an unresolvable version conflict

In general, the "best practice" is to make library dependency versions as "loose" as possible so that the library can be easily integrated with other projects. If it's known that the library doesn't work on newer/older versions of some dependency, use ">=" and "<=" to handle that, instead of "==". Or it's also possible to exclude a specific version.

Here are some resources which share this view:

• Python packaing guide states that pinning "is not considered best practice": https://packaging.python.org/en/latest/discussions/install-requires-vs-requirements/
• Some stack overflow discussion with good points: https://stackoverflow.com/questions/28509481/should-i-pin-my-python-dependencies-versions
• Example in another open source framework - https://github.com/behave/behave/blob/main/setup.py

[alvarolaserna]

yes, I agree, we should change that towards that direction, let me create a branch for this

[alvarolaserna]

I would still want to lock the dependencies for geckodriver-autoinstaller and appium (selenium could be removed as it is included in Appium), as having different versions might affect the behaviour, mostly if new release happens.

For the others Im not sure about which version to put as minimun, but probably something like:

pytest<=7.4.3 Appium-Python-Client==3.1.1 opencv-python<=4.8.1.78 geckodriver-autoinstaller==0.1.0 pytest-xdist<=2.5.0 pytest-testrail<=2.9.0 pure-python-adb==0.3.0.dev0 webdriver-manager<=4.0.1 numpy<=1.24.0 imutils<=0.5.4

[ghost]

I think the == can still be loosened up a bit by using ~=.

For example Appium-Python-Client~=3.1.1 would mean version 3.1.* that is above or equal to 3.1.1. The patch version should never contain breaking changes, just fixes, for example security updates so it would be good to support such updates.

Also ~= can be used to ensure that major version doesn't change. For example numpy~=1.24 means 1.*.* if I am not mistaken.

https://packaging.python.org/en/latest/specifications/version-specifiers/#id5

[alvarolaserna]

Ive made them most of them ~= I think that makes more sense https://github.com/testdevlab/Py-TestUI/pull/76

[alvarolaserna]

closed with #76