Jannis Gebauer

Valid points @bloodearnest. The thing is, to make this really useful, pyup has to know about the full dependency tree. What if one of your transitive dependencies still relies on...

The more I think about it, I'm in favor of ditching this behaviour. It has it's use case but is confusing. Problems like this happen, but the updater shouldn't make...

> Perhaps by deleting the repo from my pyup account page and re-adding? Exactly. Since the page is currently 500ing, this will probably have to wait a bit ;). Have...

Hey @vdboor :wave: Do you have a requirements file I can take a look at to feed the debugger?

Ah! The bot isn't taking these ranges into account. It always pins the given dependency to make the build deterministic. This way you are able to know exactly what release...

That's an interesting problem, indeed. It looks like PyPi is storing the corresponding Python version and the package type alongside the hash. This should be possible to implement: https://pypi.org/pypi/gevent/json

> But that would require rewriting all ranged requirements. Would there be a downside to natively recognizing? Yes. You would no longer receive update pull requests for the range. Requests...

Ah, that makes sense. With the transition from Python 2 to 3, more and more libraries will probably be Python 3 only. That'd be a great feature to have. For...

> If the requirements files pins A and B, such that A depends on B up to a certain version, (eg B>=1,

I'd love to add support for a feature like this, but it would require to resolve transitive dependencies on the server side. That's something I want to avoid at all...