It's important to keep your package versions up to date. It's not just that your dependencies might have security concerns, it's also that sometimes you need to upgrade to keep things compatible. Upgrades can be painful if you don't do them regularily, so it's a good habbit to do often.
If you're curious about security concerns, you may use tools like [security] or [pip-audit] to check if you need to upgrade. But when it's time to upgrade it can be a painful, manual process to update all the dependencies in your requirements file.
This is where pur can help! Pur stands for "pip update requirements" and it can upgrade a requirements file with a single command.
Example
You'll need to make sure pur
is installed first.
python -m pip install pur
Suppose this is your requirements.txt
file.
click==7.0
Jinja2==2.10.3
PyYAML==5.2
mistune==0.8.4
requests==2.22.0
Then you can simple run:
pur -r requirements.txt
And with no further action on your part, the file will have updated requirements. At the time of recording this video, that means we have an updated file that contains:
click==8.0.3
Jinja2==3.0.3
PyYAML==6.0
mistune==2.0.2
requests==2.27.1
Next steps
From here you'd still need to actually install the packages and run pytest to confirm that nothing broke.
python -m pip install -r requirements.txt
pytest
You could also choose to create a Github actions job that checks the
version numbers every month. You can get a signal of a failure by
adding the --nonzero-exit-code
flag to the command.
pur -r requirements --nonzero-exit-code
Back to main.