Motivation
Using >=
specifier when adding a dependency is the most common way in Python standardized package managing.
When a dependency released a version that is incompatible in our package, it is recommended for our package to release a patch version with pinned incompatible version(s) of dependency (e.g. using <
).
When that dependency resolved incompatibility in next versions, what we do is keep pinned incompatible versions with new specifiers (e.g. using !
and *
).
We keep this incompatibility pinning until our minimum needed version exceed them.
Is there any way to pin versions without learning complex version specifiers
without too much maintaining costs?
Minimum Supported Version (MSV) with Conflict strategy.
In this strategy we put minimum tested-and-working version of dependency with optional conflicted versions may happen in middle of dependency’s release history:
[project]
dependencies = [
"dependency MSV [CONFLICT]"
]
(Syntax should be more discussed)
MSV
only accepts version schemes (specifiers not acceptable!)
CONFLICT
(optional) accepts version schemes with limited comma-separated specifiers (“>= <= > <”)
NOTE: When bracket found, legacy strategy should be omitted, so syntaxes wider than above is not acceptable!
Examples
Empty conflicts, means all versions greater or equal to “2.0.0” intended to be work:
[project]
dependencies = [
"mypkg 2.0.0 [ ]"
]
Since MSV doesn’t accept any specifier, you can omit the bracket (same behavior in above):
[project]
dependencies = [
"mypkg 2.0.0"
]
Specified versions put in bracket intended to NOT be acceptable by our package:
[project]
dependencies = [
"mypkg 2.0.0 [ >=2.3.4, <2.5.0 ]"
]
Show the differences
Assume mypkg
release history is:
"2.0.0", "2.1.0", "2.2.0", "2.3.0", "2.3.1", "2.3.2", "2.3.3",
"2.3.4", "2.3.5", "2.3.6", "2.3.7", "2.4.0", "2.4.1", "2.4.2",
"2.4.3", "2.5.0", "2.6.0", "2.7.0", "3.0.0", "4.0.0", "5.0.0"
And the incompatibility started at “2.3.4” and resolved at “2.5.0”.
- With today’s version specifiers:
[project]
dependencies = [
"mypkg >=2.0.0, !=2.3.4, !=2.3.5, !=2.3.6, !=2.3.7, !=2.4.*"
]
- Incorrect to use: (it also excludes
2.3.0
until2.3.3
while are compatible!)
[project]
dependencies = [
"mypkg >=2.0.0, !=2.3.*, !=2.4.*"
]
- With MSV:
[project]
dependencies = [
"mypkg 2.0.0 [ >=2.3.4, <2.5.0 ]"
]