On 2023-11-02, Chris Green <c...@isbd.net> wrote:
> Jon Ribbens <jon+use...@unequivocal.eu> wrote:
>> On 2023-11-02, Dieter Maurer <die...@handshake.de> wrote:
>> > Chris Green wrote at 2023-11-2 10:58 +0000:
>> >> ...
>> >>So, going on from this, how do I do the equivalent of "apt update; apt
>> >>upgrade" for my globally installed pip packages?
>> >
>> > `pip list -o` will tell you for which packages there are upgrades
>> > available.
>> > `pip install -U ...` will upgrade packages.
>> >
>> > Be careful, though.
>> > With `apt`, you usually have (`apt`) sources representing a consistent
>> > package universe. Someone tests that package upgrades in this
>> > universe do not break other packages (in this universe).
>> > Because of this, upgrading poses low risk.
>> >
>> > `PyPI` does not guarantes consistency. A new package version
>> > may be incompatible to a previous one -- and with other
>> > package you have installed.
>> >
>> > I do not think that you would want to auto-upgrade all installed
>> > packages.
>>
>> Indeed. What you're describing is a very unfortunate failing of pip.
>> 'Upgrade' doesn't even follow requirements when you tell it what to
>> upgrade - e.g. if you do "pip install foo" and foo requires "bar<2"
>> so you end up with:
>>
>> Package Version
>> ---------------------- ---------
>> foo 1.0.0
>> bar 1.2.0
>>
>> and then a new version 1.3.0 of bar comes out and you do
>> "pip install -U foo", pip will not upgrade bar even though it could
>> and should, because foo is already at the latest version so pip won't
>> even look at its dependencies.
>>
>> Indeed there is no way of knowing that you should upgrade bar without
>> manually following all the dependency graphs. ("pip list -o" will tell
>> you there's a newer version, but that isn't the same - e.g. if the new
>> version of bar was 2.0.0 then "pip list -o" will list it, but you should
>> not upgrade to it.)
>>
>> You can do "pip install -I foo", which will pointlessly reinstall foo
>> and then presumably upgrade bar as well, thus probably getting to the
>> right result via a rather roundabout route, but I'm not sure if that
>> does indeed work properly and if it is a reliable and recommended way
>> of doing things.
>
> It is a bit of a minefield isn't it. I try to minimise my use of
> packages installed using pip for this very reason. Maybe the safest
> route would simply be to uninstall everything and then re-install it.
That is literally what I do quite often - completely erase the
virtual env and then re-create it from scratch - because it seems
to be the only / easiest way to upgrade the packages to the latest
versions consistent with given dependencies.
--
https://mail.python.org/mailman/listinfo/python-list
