pip/pip3 confusion and keeping up to date

Chris Green cl at isbd.net
Thu Nov 2 17:19:43 EDT 2023 

Jon Ribbens <jon+usenet at unequivocal.eu> wrote:
> On 2023-11-02, Dieter Maurer <dieter at handshake.de> wrote:
> > Chris Green wrote at 2023-11-2 10:58 +0000:
> >> ...
> >>So, going on from this, how do I do the equivalent of "apt update; apt
> >>upgrade" for my globally installed pip packages?
> >
> > `pip list -o` will tell you for which packages there are upgrades
> > available.
> > `pip install -U ...` will upgrade packages.
> >
> > Be careful, though.
> > With `apt`, you usually have (`apt`) sources representing a consistent
> > package universe. Someone tests that package upgrades in this
> > universe do not break other packages (in this universe).
> > Because of this, upgrading poses low risk.
> >
> > `PyPI` does not guarantes consistency. A new package version
> > may be incompatible to a previous one -- and with other
> > package you have installed.
> >
> > I do not think that you would want to auto-upgrade all installed
> > packages.
> 
> Indeed. What you're describing is a very unfortunate failing of pip.
> 'Upgrade' doesn't even follow requirements when you tell it what to
> upgrade - e.g. if you do "pip install foo" and foo requires "bar<2"
> so you end up with:
> 
>    Package                Version
>    ---------------------- ---------
>    foo                    1.0.0
>    bar                    1.2.0
> 
> and then a new version 1.3.0 of bar comes out and you do
> "pip install -U foo", pip will not upgrade bar even though it could
> and should, because foo is already at the latest version so pip won't
> even look at its dependencies.
> 
> Indeed there is no way of knowing that you should upgrade bar without
> manually following all the dependency graphs. ("pip list -o" will tell
> you there's a newer version, but that isn't the same - e.g. if the new
> version of bar was 2.0.0 then "pip list -o" will list it, but you should
> not upgrade to it.)
> 
> You can do "pip install -I foo", which will pointlessly reinstall foo
> and then presumably upgrade bar as well, thus probably getting to the
> right result via a rather roundabout route, but I'm not sure if that
> does indeed work properly and if it is a reliable and recommended way
> of doing things.

It is a bit of a minefield isn't it.  I try to minimise my use of
packages installed using pip for this very reason.  Maybe the safest
route would simply be to uninstall everything and then re-install it.
·

More information about the Python-list mailing list