Back to main.

Calmcode Shorts

It's important to keep your package versions up to date. It's not just that your dependencies might have security concerns, it's also that sometimes you need to upgrade to keep things compatible. Upgrades can be painful if you don't do them regularily, so it's a good habbit to do often.

If you're curious about security concerns, you may use tools like [security] or [pip-audit] to check if you need to upgrade. But when it's time to upgrade it can be a painful, manual process to update all the dependencies in your requirements file.

This is where pur can help! Pur stands for "pip update requirements" and it can upgrade a requirements file with a single command.


You'll need to make sure pur is installed first.

python -m pip install pur

Suppose this is your requirements.txt file.


Then you can simple run:

pur -r requirements.txt

And with no further action on your part, the file will have updated requirements. At the time of recording this video, that means we have an updated file that contains:


Next steps

From here you'd still need to actually install the packages and run pytest to confirm that nothing broke.

python -m pip install -r requirements.txt

You could also choose to create a Github actions job that checks the version numbers every month. You can get a signal of a failure by adding the --nonzero-exit-code flag to the command.

pur -r requirements --nonzero-exit-code

Back to main.