requires.io | Tue 17 February 2015 Alexis Tabary

Over the last few weeks we've released a number of small patches and bugfix improving the overall experience with requires.io, to keep on helping you keep track of Python dependencies.

Handling of prereleases

To figure out if a package is up-to-date, requires.io was using a very simple strategy: take the latest [1] version available on pypi, and match it against the requirement. If it matched, the requirement was up-to-date, otherwise it was outdated.

This strategy falls short for two edge cases: prereleases and private forks.

requests==dev    # Master fetched from GitHub
django==1.7.4.1  # A private fork of Django

These edge cases are now correctly handled, and such dependencies are simply flagged up-to-date.

[1] It was (and still is) a tad more complicated as we distinguish between unstable and stable releases, but this is beyond the scope of this blog post.

Compatible requirements and pull-requests

A lot of projects on GitHub are using requires.io pull-requests. But until now we didn't handle "compatible" requirements correctly.

django>=1.6,<1.7

Such a requirement is now updated to:

django>=1.7,<1.8

Don't forget that you can specify directives in your requirements files to discard updates you don't need. For instance the following requirement would be flagged up-to-date and not yield any pull-request, despite being outdated:

# Outdated bug flagged `up-to-date`
django>=1.6,<1.7  # rq.filter:<1.7

Made with love: Tomotcha