1

PEP508 allows specifying a URL for a dependency, in particular a VCS. This is most useful for private packages that are not on pypi. If I have a package whose setup.py looks like:

from setuptools import setup

setup(name='foo',
      install_requires=['bar @ git+ssh://git@github.com/me/bar@1.2.3']
)

Then when I say pip install foo, it will download and install bar from the github repo. But if I later want to install a new version of foo, (pip install --upgrade foo), which has an updated bar dependency (e.g. tag 2.3.4), pip says that the dependency is already satisfied.

Is there a way to encode version information or something that will force pip to recognize that the dependency is NOT being met? I know I can give pip the --upgrade-strategy eager option, but that would affect ALL dependencies recursively and is too heavy-handed.

This related question PEP508: why either version requirement or URL but not both? asks about not being able to specify a version, but doesn't answer why pip doesn't get the URL when asked to upgrade.

thegreatemu
  • 495
  • 2
  • 11
  • What does `pip install --upgrade foo` do? – John Gordon Jun 01 '20 at 21:06
  • @JohnGordon I should have been more clear, the failure to upgrade the dependency happens when I call `install --upgrade foo`. Edited – thegreatemu Jun 01 '20 at 23:09
  • VCS dependencies are not upgraded automatically as it's impossible to query a list of available versions from a git repo in a reliable way, so this is simply not implemented. – hoefling Jun 04 '20 at 11:39

0 Answers0