DEV Community

RockAndNull
RockAndNull

Posted on • Originally published at rockandnull.com on

How to keep your requirements.txt updated

How to keep your requirements.txt updated

Package management in Python is considered excellent, compared to other programming languages. And I agree with this popular opinion.

The problem that these package managers solve is the dependencies issue. What they don't solve though is how to keep those dependencies updated regularly. While developing your web app, when you decide that you will use a new library you will most probably install the latest version at the time. But over the app's lifetime, those libraries you decided to use must remain updated to ensure that the web app is working properly and securely.

Most Python apps, keep a requirements.txt file to keep track of all the dependencies. This is a good practice in general. The next step is to keep the dependencies mentioned in requiements.txt to their latest version.

The manual way

The most obvious way is to go through each one of your dependencies and check PyPI for the latest version. This is a slow process but gives you complete control over what is updated and what stays the same (for instance libraries that have a high risk of breaking the app).

An alternative way in case you using an IDE is if they have a built-in mechanism to indicate which libraries are outdated. For instance, in PyCharm you can update to the latest version using a one-click (per library) approach.

How to keep your requirements.txt updated
In PyCharm you can update to the latest version using a one-click (per library) approach.

The automated way

There's a Python utility, called Pur, that offers to bring all the dependencies listed in requirements.txt to their latest version. Just pip install pur and you are ready to get started!

After installing, just run:

pur -r requirements.txt
Enter fullscreen mode Exit fullscreen mode

The utility will list the changes that have been made for you to review:

Updated whitenoise: 5.1.0 -> 6.3.0
Updated stripe: 2.50.0 -> 5.0.0
Updated sentry-sdk: 1.5.12 -> 1.13.0
All requirements up-to-date.
Enter fullscreen mode Exit fullscreen mode

The utility offers a few more interesting options for common use cases. For instance, if you use an LTS (long-term support) version of a package, you can use the --minor MY_PACKAGE argument to ensure that only the minor version will be updated. Additionally, you can use the --interactive argument for the utility to ask for each dependency whether to update to the latest version (instead of reviewing the changes afterward). Check the official website for a full list of arguments available.

Now there's no excuse to keep your Python web app out-of-date. With a single command, you can use the latest versions of your dependencies. Of course, whether the app breaks due to the usage of a newer library is a different story. Having excellent test coverage mitigates this issue but discussing this is outside of the scope of this post.

Hopefully, you can now easily and quickly keep your Python projects fresh.

Happy coding!

Top comments (0)