Not able to upgrade version for transitive Dependency #2058
Comments
|
Thanks! Can you provide the file contents, so I can try to reproduce? |
|
I may not be able to share the entire content of the file due to confidentiality. requirements.in file: requirements.txt file: Now upgrading flower==2.0.1, but it does not change tornado version after pip-compile, but only flower version to 2.0.1 in txt file. |
|
I can either add tornado lib in .in file and pip-compile if it is not updated via flower. |
|
Did you forget to use |
|
What is that for? Should it be used in pip-compile commands? |
|
Yep |
|
I am not sure what it does and how it is used. I can try. |
|
The pip-compile command does not have a -p flag. It did no change for me. |
|
Oh wow! I used To avoid any miss in upgrading any required lib, I deleted requirements.txt file and generated a fresh one from scratch and it updated versions for a lot of libs, which may not even be required. |
|
Would you please guide me how to update a lib version using transitive dependency, or the way I have done it is also acceptable? |
|
requirements.in file: sentry-sdk==1.5.8 requirements.txt file: certifi==2021.10.8 |
|
Yes, use this CLI flag for any package in the tree. |
|
If your project is on GitHub, you can also enable Dependant — it is able to update pairs of files with the name base name, but different extensions — |
|
I am not much clear about this solution, could you please elaborate on this? I think I would not want to enable Dependant in Github repo before proper analysis about what it does and how it will work. For now, I think I can upgrade required libs only. If I upgrade version of one lib and it does not give conflicting dependency error, am I good to proceed or I need to make sure txt file is freshly generated every time? |
|
Yes, the output is always correct. As for dependabot, here's and example of what PRs it sends: #2043. |
|
Thanks @webknjaz so much for your inputs. :) Appreciated! |
|
I have one more question. I did not change anything in requirements.in file at all. Why is that? |
|
Because it doesn't upgrade the deps that don't necessarily need it, unless you ask. |
|
Thanks. |
|
One more query that I am facing for a week now. |
|
If no upgrade flag was passed, it could be that some locked version got revoked on PyPI, so new versions were needed. Other than that, I'm not sure what happened without seeing the initial |
|
Could be that you're running it under a different Python version / OS / arch, I suppose. Or it could be coming from the config file. We can only fortune-tell having the entire context, by logs and other info 🔮 |
|
I was earlier using Python 3.7 version but now it is 3.8. It is intermittent for me as well. For once, I did not see any txt file changes. What other info can I share here for your reference? |
Only a full reproducer. With versions of pip-tools, requirements input and output file, versions of the OS/distro, python version, version of pip. Ideally, in a form of a (docker) container that clearly shows the problem.
I only now realized that you seem to be using this ancient version of pip-tools. We don't support old versions. Neither do we support an old pip. That version doesn't even have a backtracking resolver and the legacy one can yield less stable behavior. |
|
versions of the OS/distro: macOS Monterey Unfortunately, I won't be able to share requirements input and output file. I understand that the above info is insufficient, but I can try to upgrade the version of pip-tools. |
|
Don't forget to upgrade pip. |
I hope this is correct forum for this issue.
Environment Versions
$ python -V- 3.8$ pip --version- 24.0$ pip-compile --version- 2.0.2Steps to replicate
I am not sure what steps or process I am missing here. I have tried using force cmd, cleared cache, re-installed virtual env.
I appreciate the help, Thanks.
Expected result
Lib version should get changed in requirements.txt.
Actual result
Lib versions are still old ones.
The text was updated successfully, but these errors were encountered: