pip/pip3 confusion and keeping up to date
Chris Green
cl at isbd.net
Thu Nov 2 17:19:43 EDT 2023
Jon Ribbens <jon+usenet at unequivocal.eu> wrote:
> On 2023-11-02, Dieter Maurer <dieter at handshake.de> wrote:
> > Chris Green wrote at 2023-11-2 10:58 +0000:
> >> ...
> >>So, going on from this, how do I do the equivalent of "apt update; apt
> >>upgrade" for my globally installed pip packages?
> >
> > `pip list -o` will tell you for which packages there are upgrades
> > available.
> > `pip install -U ...` will upgrade packages.
> >
> > Be careful, though.
> > With `apt`, you usually have (`apt`) sources representing a consistent
> > package universe. Someone tests that package upgrades in this
> > universe do not break other packages (in this universe).
> > Because of this, upgrading poses low risk.
> >
> > `PyPI` does not guarantes consistency. A new package version
> > may be incompatible to a previous one -- and with other
> > package you have installed.
> >
> > I do not think that you would want to auto-upgrade all installed
> > packages.
>
> Indeed. What you're describing is a very unfortunate failing of pip.
> 'Upgrade' doesn't even follow requirements when you tell it what to
> upgrade - e.g. if you do "pip install foo" and foo requires "bar<2"
> so you end up with:
>
> Package Version
> ---------------------- ---------
> foo 1.0.0
> bar 1.2.0
>
> and then a new version 1.3.0 of bar comes out and you do
> "pip install -U foo", pip will not upgrade bar even though it could
> and should, because foo is already at the latest version so pip won't
> even look at its dependencies.
>
> Indeed there is no way of knowing that you should upgrade bar without
> manually following all the dependency graphs. ("pip list -o" will tell
> you there's a newer version, but that isn't the same - e.g. if the new
> version of bar was 2.0.0 then "pip list -o" will list it, but you should
> not upgrade to it.)
>
> You can do "pip install -I foo", which will pointlessly reinstall foo
> and then presumably upgrade bar as well, thus probably getting to the
> right result via a rather roundabout route, but I'm not sure if that
> does indeed work properly and if it is a reliable and recommended way
> of doing things.
It is a bit of a minefield isn't it. I try to minimise my use of
packages installed using pip for this very reason. Maybe the safest
route would simply be to uninstall everything and then re-install it.
ยท
More information about the Python-list
mailing list