Pip-tools: Idea: have a tool to check your requirements.in file for outdated dependencies, without installing them.

Created on 16 Oct 2017  ·  7Comments  ·  Source: jazzband/pip-tools

Idea: have a tool to check your requirements.in file for outdated dependencies, without installing them.

Similar to #63 but without installing any packages.

picture graingert

All 7 comments

add an option to check for vulnerabilities... https://pyup.io/safety/

jerzyk picture jerzyk on 16 Oct 2017

The suggestion to integrate pyup.io has been discussed and denied in #486. My recommendation would be to create an independent tool that checks requirements files for outdated dependencies, and then use that as part of your workflow. This tool could be used with or without pip-tools. eg,

Users of pip-tools would have a workflow of:
write requirements.in > modify w/ safety > pip-compile

Those who don't use pip-tools would then just do:
write requirements.txt > modify w/ safety

Or a similar workflow. My point is that I don't think it's necessary or beneficial to actually integrate pyup.io into pip-tools

rpkilby picture rpkilby on 16 Oct 2017
👍1

Let's continue to only use free (freedom) network services, and chastise
those that use promote or create non-free network services.

On 16 Oct 2017 21:26, "Ryan P Kilby" notifications@github.com wrote:

The suggestion to integrate pyup.io has been discussed and denied in #486
https://github.com/jazzband/pip-tools/issues/486. My recommendation
would be to create an independent tool that checks requirements files for
outdated dependencies, and then use that as part of your workflow. This
tool could be used with or without pip-tools. eg,

Users of pip-tools would have a workflow of:
write requirements.in > check w/ safety > pip-compile

Those who don't use pip-tools would then just do:
write requirements.txt > check w/ safety


You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/jazzband/pip-tools/issues/579#issuecomment-337028840,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAZQTKle8iduOiIumJ5k8BE2Qhd-k0Lfks5ss7vygaJpZM4P6eZ1
.

graingert picture graingert on 16 Oct 2017

Related: pip list --outdated, pip check (seems undocumented and at early stages, see https://github.com/pypa/pip/issues/4738), pipenv check, pipenv update.

I wonder if the implementation from pipenv could be moved into pip-tools, which pipenv uses internally anyway...(?)

tuukkamustonen picture tuukkamustonen on 23 Oct 2017

Without installing the dependencies, right now you can:

  • run pip-compile --upgrade
  • Diff your requirements.txt using your source control (or do a diff of a previously made copy of your requirements.txt)

This is a sensible way to do it IMO that does not require additional work or feature in pip-tools.
You can stay fresh and keep an eye out for risky package upgrades.
If anyone thinks that pip-tools really needs a new command for this, come have a talk!

Closing, thank you for using pip-tools 👍

vphilippon picture vphilippon on 25 Nov 2017
👍1

pip-compile --upgrade doesn't unpin deps pinned in requirements.in

graingert picture graingert on 9 Jan 2018

@vphilippon

graingert picture graingert on 9 Jan 2018
👀1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

touilleMan picture touilleMan  ·  4Comments
atugushev picture atugushev  ·  4Comments
atugushev picture atugushev  ·  5Comments
mosesontheweb picture mosesontheweb  ·  3Comments
kmontag picture kmontag  ·  4Comments