I'm using pip
requirements files for keeping my dependency list.
I also try to follow best practices for managing dependencies and provide precise package versions inside the requirements file. For example:
Django==1.5.1
lxml==3.0
The question is: Is there a way to tell that there are any newer package versions available in the Python Package Index for packages listed inside requirements.txt
?
For this particular example, currently latest available versions are 1.6.2 and 3.3.4 for Django and lxml respectively.
I've tried pip install --upgrade -r requirements.txt
, but it says that all is up-to-date:
$ pip install --upgrade -r requirements.txt
Requirement already up-to-date: Django==1.5.1 ...
Note that at this point I don't want to run an actual upgrade - I just want to see if there are any updates available.
You can just simply do something like this in your env (virtual or non virtual):
Just found a python package specifically for the task - piprot, with the following slogan:
It's very straightforward to work with:
Also you can "pipe"
pip freeze
topiprot
command, so it can actually inspect how rotten are the packages installed in your sandbox/virtual environment:Hope that will help somebody in the future.
Pip has this functionality built-in. Assuming that you're inside your virtualenv type:
After that new versions of psycopg2 and requests will be downloaded and installed. Then:
And you are done. This is not one command but the advantage is that you don't need any external dependencies.
Since you mentioned you like to follow best practices, I am guessing you are using virtualenv too, correct? Assuming that is the case, and since you are already pinning your packages, there is a tool called pip-tools that you can run against your virtualenv to check for updates.
There is a down side, and why I mentioned the use of virtualenv though.
If you run it in your virtualenv, you can easily see which packages have updates available for your current active environment. If you aren't using virtualenv, though, it's probably not best to run it against the system as your other projects may depend on different versions (or may not work well with updated version even if they all currently work).
From the documentation provided, usage is simple. The
pip-review
shows you what updates are available, but does not install them.If you want to automatically install as well, the tool can handle that too:
$ pip-review --auto
. There is also an--interactive
switch that you can use to selectively update packages.Once all of this is done,
pip-tools
provides a way to update your requirements.txt with the newest versions:pip-dump
. Again, this runs against the currently active environment, so it is recommended for use within a virtualenv.Installation of the project can be accomplished via
pip install pip-tools
.Author's note: I've used this for small Django projects and been very pleased with it. One note, though, if you install
pip-tools
into your virtual environment, when you runpip-dump
you'll find that it gets added to your requirements.txt file. Since my projects are small, I've always just manually removed that line. If you have a build script of some kind, you may want to automatically strip it out before you deploy.