-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support requirements files from pip-compile #256
Comments
The main problem with pip-compile (and with Python dependencies in general) is that you have to install the package in order to resolve the dependency tree. In a lot of cases this means running its But, there's currently a lot going on in Python packaging in general that might be able to resolve this issue.
This looks like a bug :). The bot tries to keep the original whitespace between the version and the comment as it was prior to the update: https://github.com/pyupio/dparse/blob/master/dparse/updater.py#L31-L37 I've opened a new issue here: pyupio/dparse#15 |
That's the problem - if the version goes from (also, the whitespace string gets reversed, which matters for mixed tabs-and-spaces, and just above you could
You'll probably have to do this eventually - Hypothesis has had at least one incompatible update of a transitive dependency - but I'm certainly sympathetic. Better slow and careful than pwned! |
Closing as stale; these days I use |
pip-compile
is a lovely tool for managing pinned dependencies, similar to a Pipfile (see #197), with the advantage that it works with standard tooling. We check thatpip-compile
is a no-op in CI, meaning that our pinned requirements are always consistent and up-to-date.Unfortunately, this can break in several ways (HypothesisWorks/hypothesis#747):
If the requirements files pins
A
andB
, such thatA
depends onB
up to a certain version, (egB>=1,<2
) Pyup will updateB
beyond the acceptable range anyway. This is related to Support version ranges natively #203 and possibly Pin packages with >= ranges? #50, albeit with very different motivation - we want to pin everything to a specific version, but understanding downstream dependency ranges is required to do so correctly.pip-compile
output files have a specific format (and header), including fixed-column comments identifying the source(s) of transitive dependencies. This is very useful, but means that compiling is not a no-op when the length of the version string changes, because the amount of whitespace changes.It would be great for Hypothesis if Pyup supported a "use pip-tools" option, or simply if these two pain points could be fixed.
The text was updated successfully, but these errors were encountered: