pyup

pyup copied to clipboard

I have flake8 and pycodestyle in my requirements.txt (generated from a requirements.in containing flake8 but not pycodestyle using pip-compile)

I got a PR this morning for pycodestyle==2.4.0 but flake8 depends on pycodestyle >= 2.3.0, < 2.4.0, so flake8 doesn't work after installing the new requirements.

Is there anyway for pyup to guarantee the consistency of packages that depend on each other? And what is the recommended work around for this?

We run pip check in our Travis run so CI fails in this case, see: https://github.com/PyCQA/pycodestyle/issues/741#issuecomment-380261935

I guess pyup could do the same (run pip check), however I wonder what's the desired UX in this case?

Not opening a PR at all seems wrong, since otherwise we'd never know to file issues against the other package. And if the first PR was for a security fix I'd rather know and if necessary force the incompatible versions / switch to another package / ....

It's only a problem for me because I get daily PRs, not one for each package. For PRs-per-package, I don't think anything needs to change. If using daily PRs, it'd be nice if it were somehow excluded so I could merge the other updates of the day.

@dschep have you looked at filters? https://pyup.io/docs/bot/filter/

Thanks for those docs @jayfk, I'll use that as a workaround so I can still merge the PRs for now.

I use weekly PR, and Pyup has been of great use, but requiring to revert pycodestyle and pyflakes upgrade every week is going to be painful.

Adding a pyup filter means that I won't be updated when the flake8 finally resolve the original compatibility issue.

The compatibility between packages would be a new feature request.

In regards to ignoring requirements, as a workaround, you could ask the bot to ignore such lines like this:

package-a>=1.0.2  # pyup:ignore
package-b>=2.4.5  # pyup:ignore