Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change default dependency constraint from ^ to >= #3427

Closed
hhoeflin opened this issue Nov 29, 2020 · 4 comments
Closed

Change default dependency constraint from ^ to >= #3427

hhoeflin opened this issue Nov 29, 2020 · 4 comments

Comments

@hhoeflin
Copy link

hhoeflin commented Nov 29, 2020

I wanted to request that the default dependency constraint when doing a poetry add mydep is >= and not ^.

The reason for this is forward looking in order to avoid future issues for dependency resolution in the future when many packages use poetry.

Assume the following. A package creator creates package A and uses scikit-image. When A is first created, scikit-image has version 0.16.1, so a poetry add scikit-image results in a dependency of ^0.16.1.

A new package by someone else is created later, let's call it package B. That packages also uses poetry and at the time of writing scikit-image was at version 0.17.1, resulting a dependency of ^0.17.1.

Now - if another package C wanted to use both packages A and B as dependencies, this would not be possible as the version constraints ^0.16.1 and ^0.17.1 are mutually exclusive.

Scitkit-image has been in 'development' mode for a long time and is unlikely to emerge from it soon (similar to what pandas did as well until they switched to 1.0). Also, scikit-image brings out minor version updates regularly, sometimes even more than one per year.

The current default version constraint for dependencies in poetry is bound to cause issues in the future, requiring package mantainers to manually change them to >= in order not to cause issues later.

Other languages use ^ much easier as they allow several versions of the same package to be installed. For python this is not the case, so the ^ constraint that is normal in other languages is problematic here.

@n8sty
Copy link
Contributor

n8sty commented Nov 30, 2020

There's the alternative example that's equally frustrating in my experience: When a package undergoes a major version upgrade and an API changes, that change can be breaking in a project that I'm working on, which then forces me to restrain my dependency specification. I don't think there's a ubiquitous solution that works for everyone here, but, for better or worse (I think better because it's more conservative), Poetry seems to have adopted the ^ convention. Changing that now would be surprising to a few people. In general, package owners should be responsible enough to appropriately define their dependencies, and be responsive to any issues that arise. If they aren't, I would try and avoid that package.

@finswimmer
Copy link
Member

Poetry believes in SemVer. This is why ^ is the default. There are plenty of discussions out there whether SemVer is good or not and if setting an upper bound is suitable. Each of the arguments have its value. At the end every author have to weight the arguments by itself. So I 100% agree with @n8sty:

In general, package owners should be responsible enough to appropriately define their dependencies, and be responsive to any issues that arise. If they aren't, I would try and avoid that package.

One is free to change the constraint in the pyproject.toml. Letting the user decide, which is the default, is maybe something for a poetry plugin?

@zanieb
Copy link
Contributor

zanieb commented Sep 20, 2022

Hi! I took finswimmer's advice and wrote a plugin that helps automate relaxing upper constraints: https://github.com/madkinsz/poetry-relax — it does not directly address this issue yet but it does allow you to easily relax constraints during testing or publishing.

Copy link

github-actions bot commented Mar 1, 2024

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants