undefined | Better HN

0 pointscrdoconnor9y ago0 comments

>One things is a good dependency management. Right now if you want to upgrade your Python version, or one of your packages, it's a mountain of manual work. There is nothing in the stack helping you with the dependency graph.

There's pip-tools.

0 comments

sametmax9y ago

pip-tools doesn't solve the problem at all. It will update things to the last up to date version, cascading from package to package.

That doesn't guaranty your setup will work.

Dependency management suppose to create a graph of all requirements, lower and upper versions bound for the runtime and the libs, and find the most up to date combination of those.

If a combination can't be found, it should let you know that either you can't upgrade, or suggest alternative upgrade paths.

pip-tools will just happily upgrade your package and let you with something broken, because it's based on pip which does that. They don't check mutually exclusive dependencies versions, deprecation, runtime compatibility and such. And they don't build a graph of their relations.

ProblemFactory9y ago

It would be even better if the tool ran your project's tests when checking upgrade combinations.

Something that would say: "You can safely upgrade to Django 1.9.12. Upgrading to latest Django 1.10.5 breaks 20 tests."

StavrosK9y ago

How can you have an upper bound on compatibility? When a library is released, it knows that it works with version 1.3.2 with its dependency, but how can it ever know it doesn't work with 1.4, unless the developer goes back and re-releases the app?

AgentME9y ago

If the library follows semantic versioning, then you can always declare that you work with everything from the current version to before the next major version.

StavrosK9y ago

That's what I usually do (although I pin minor, because you never know). I should also be better about following semver, but it just feels wrong to have your library be at version 5.43.55 :/

sametmax9y ago

Python 2.7 <=> Python 3

crdoconnorOP9y ago

>That doesn't guaranty your setup will work.

Nothing guarantees your setup will work.

j / k navigate · click thread line to collapse

0 comments

sametmax9y ago

pip-tools doesn't solve the problem at all. It will update things to the last up to date version, cascading from package to package.

That doesn't guaranty your setup will work.

Dependency management suppose to create a graph of all requirements, lower and upper versions bound for the runtime and the libs, and find the most up to date combination of those.

If a combination can't be found, it should let you know that either you can't upgrade, or suggest alternative upgrade paths.

ProblemFactory9y ago

It would be even better if the tool ran your project's tests when checking upgrade combinations.

Something that would say: "You can safely upgrade to Django 1.9.12. Upgrading to latest Django 1.10.5 breaks 20 tests."

StavrosK9y ago

AgentME9y ago

If the library follows semantic versioning, then you can always declare that you work with everything from the current version to before the next major version.

StavrosK9y ago

That's what I usually do (although I pin minor, because you never know). I should also be better about following semver, but it just feels wrong to have your library be at version 5.43.55 :/

sametmax9y ago

Python 2.7 <=> Python 3

crdoconnorOP9y ago

>That doesn't guaranty your setup will work.

Nothing guarantees your setup will work.

j / k navigate · click thread line to collapse