Check if requirements are up to date

2019-02-02 02:36发布

I'm using pip requirements files for keeping my dependency list.

I also try to follow best practices for managing dependencies and provide precise package versions inside the requirements file. For example:

Django==1.5.1
lxml==3.0

The question is: Is there a way to tell that there are any newer package versions available in the Python Package Index for packages listed inside requirements.txt?

For this particular example, currently latest available versions are 1.6.2 and 3.3.4 for Django and lxml respectively.

I've tried pip install --upgrade -r requirements.txt, but it says that all is up-to-date:

$ pip install --upgrade -r requirements.txt 
Requirement already up-to-date: Django==1.5.1 ...

Note that at this point I don't want to run an actual upgrade - I just want to see if there are any updates available.

4条回答
爷、活的狠高调
2楼-- · 2019-02-02 02:38

You can just simply do something like this in your env (virtual or non virtual):

pip freeze | cut -d = -f 1 | xargs -n 1 pip search | grep -B2 'LATEST:'
查看更多
劫难
3楼-- · 2019-02-02 02:39

Just found a python package specifically for the task - piprot, with the following slogan:

How rotten are your requirements?

It's very straightforward to work with:

$ piprot requirements.txt 
Django (1.5.1) is 315 days out of date. Latest is 1.6.2
lxml (3.0) is 542 days out of date. Latest is 3.3.4
Your requirements are 857 days out of date

Also you can "pipe" pip freeze to piprot command, so it can actually inspect how rotten are the packages installed in your sandbox/virtual environment:

pip freeze | piprot

Hope that will help somebody in the future.

查看更多
Bombasti
4楼-- · 2019-02-02 02:58

Pip has this functionality built-in. Assuming that you're inside your virtualenv type:

$ pip list --outdated
psycopg2 (Current: 2.5.1 Latest: 2.5.2)
requests (Current: 2.2.0 Latest: 2.2.1)

$ pip install -U psycopg2 requests

After that new versions of psycopg2 and requests will be downloaded and installed. Then:

$ pip freeze > requirements.txt

And you are done. This is not one command but the advantage is that you don't need any external dependencies.

查看更多
Deceive 欺骗
5楼-- · 2019-02-02 03:03

Since you mentioned you like to follow best practices, I am guessing you are using virtualenv too, correct? Assuming that is the case, and since you are already pinning your packages, there is a tool called pip-tools that you can run against your virtualenv to check for updates.

There is a down side, and why I mentioned the use of virtualenv though.

[the tool] checks PyPI and reports available updates. It uses the list of currently installed packages to check for updates, it does not use any requirements.txt

If you run it in your virtualenv, you can easily see which packages have updates available for your current active environment. If you aren't using virtualenv, though, it's probably not best to run it against the system as your other projects may depend on different versions (or may not work well with updated version even if they all currently work).

From the documentation provided, usage is simple. The pip-review shows you what updates are available, but does not install them.

$ pip-review
requests==0.13.4 available (you have 0.13.2)
redis==2.4.13 available (you have 2.4.9)
rq==0.3.2 available (you have 0.3.0)

If you want to automatically install as well, the tool can handle that too: $ pip-review --auto. There is also an --interactive switch that you can use to selectively update packages.

Once all of this is done, pip-tools provides a way to update your requirements.txt with the newest versions: pip-dump. Again, this runs against the currently active environment, so it is recommended for use within a virtualenv.

Installation of the project can be accomplished via pip install pip-tools.

Author's note: I've used this for small Django projects and been very pleased with it. One note, though, if you install pip-tools into your virtual environment, when you run pip-dump you'll find that it gets added to your requirements.txt file. Since my projects are small, I've always just manually removed that line. If you have a build script of some kind, you may want to automatically strip it out before you deploy.

查看更多
登录 后发表回答