from Hacker News

Python Pip 20.3 Released with new resolver

by groodt on 11/30/20, 12:53 PM with 223 comments

  • by dalemyers on 11/30/20, 4:23 PM

    If anyone hasn't seen it, now is a good time to look at https://python-poetry.org/ It is rapidly becoming _the_ package manager to use. I've used it in a bunch of personal and professional projects with zero issues. It's been rock solid so far, and I'm definitely a massive fan.

  • by st1x7 on 11/30/20, 1:46 PM

    It's impressive how my pip version seems to always be out of date.

  • by tgb on 11/30/20, 1:37 PM

    The release notes are here [1] and I assume the reason this is being posted is because of:

    > The new resolver now resolves packages in a deterministic order. (https://github.com/pypa/pip/pull/9100)

    [1] https://pip.pypa.io/en/stable/news/#id1

  • by muglug on 11/30/20, 2:04 PM

    Here's a longer article about the resolver: https://pyfound.blogspot.com/2020/03/new-pip-resolver-to-rol...

  • by Chico75 on 11/30/20, 2:13 PM

    So if I understand correctly, pip will now install the list of packages in the same order instead of choosing randomly, so that when there are version conflicts, you always get the same result?

    I'm surprised I never ran into the issue, but I suppose it mainly show up if you have a large number of dependencies?

  • by cosmic_quanta on 11/30/20, 2:16 PM

    It's not super relevant, but I was poking around their CI infrastructure, and I noted the use of a temporary RAM disk to speed-up tests:

    https://github.com/pypa/pip/blob/master/.azure-pipelines/scr...

    I'm very surprised. Is this common?

  • by mhxion on 11/30/20, 4:46 PM

    Also maybe worth mentioning the PyPI team has 1-to-1 UX feedback/study for `pip` https://www.ei8fdb.org/thoughts/2020/03/pip-ux-study-recruit.... I'd be more interested opting in for open web survey (question and answer field) though. Nevertheless, great to see they're open to user feedback in forms other than Git issues.

  • by colechristensen on 11/30/20, 4:21 PM

    Your package manager should be boring, extremely backward and forward compatible, and never broken. Experience has shown this not to be true for python. Several times over the years i’ve found myself, pinning, upgrading, downgrading, or otherwise juggling versions of setuptools and pip in order to work around some bug. Historically I have had far more problems with the machinery to install python packages I have had with all of the other python packages being installed combined, and that is absurd.

  • by misnome on 11/30/20, 1:37 PM

    Since this pull isn’t very helpful, the NEWS file with what’s changed is at https://github.com/pypa/pip/blob/master/NEWS.rst#203-2020-11...

  • by groodt on 11/30/20, 8:17 PM

    Seen a few mentions of poetry. Not many for pip-tools which has been around longer, is less opinionated and has many of the same benefits https://github.com/jazzband/pip-tools

  • by Mlller on 11/30/20, 4:01 PM

    IME, pip and its inclusion in python installations made a great and very positive difference for using Python on Windows: before, third-party installations mostly (sic) didn’t succeed; after, they almost always succeed. I’m grateful.

  • by devy on 12/1/20, 12:16 AM

    Hynek, a CPython committer, had written a blog post[1] the state of Python application dependencies in 2018, updated in 2019 (no change in 2020, I asked). It was also surfaced on HN 3 times but did not get much attention[2]

    [1]: https://hynek.me/articles/python-app-deps-2018/#petry

    [2]: https://hn.algolia.com/?q=python-app-deps-2018

  • by jdeibele on 11/30/20, 8:33 PM

    pip-review works great for keeping packages up to date.

    https://pypi.org/project/pip-review/

    > pip-review Faker==4.18.0 is available (you have 4.17.1) pip==20.3 is available (you have 20.2.4)

    > pip-review --auto --verbose Collecting Faker==4.18.0 Downloading Faker-4.18.0-py3-none-any.whl (1.1 MB) || 1.1 MB 730 kB/s Collecting pip==20.3 Downloading pip-20.3-py2.py3-none-any.whl (1.5 MB) || 1.5 MB 2.0 MB/s Requirement already satisfied: python-dateutil>=2.4 in /usr/local/lib/python3.8/site-packages (from Faker==4.18.0) (2.8.1) Requirement already satisfied: text-unidecode==1.3 in /usr/local/lib/python3.8/site-packages (from Faker==4.18.0) (1.3) Requirement already satisfied: six>=1.5 in /usr/local/lib/python3.8/site-packages (from python-dateutil>=2.4->Faker==4.18.0) (1.15.0) Installing collected packages: Faker, pip Attempting uninstall: Faker Found existing installation: Faker 4.17.1 Uninstalling Faker-4.17.1: Successfully uninstalled Faker-4.17.1 Attempting uninstall: pip Found existing installation: pip 20.2.4 Uninstalling pip-20.2.4: Successfully uninstalled pip-20.2.4 ERROR: After October 2020 you may experience errors when installing or updating packages. This is because pip will change the way that it resolves dependency conflicts.

    We recommend you use --use-feature=2020-resolver to test your packages with the new resolver before it becomes the default.

    lektor 3.2.0 requires Werkzeug<1, but you'll have werkzeug 1.0.1 which is incompatible. Successfully installed Faker-4.18.0 pip-20.3

  • by wokwokwok on 11/30/20, 2:40 PM

    new version of rust comes out.

    me: ooo... new shiny toys.

    new version of pip comes out. again.

    me: :( this will probably break something. again.

    I now just tell people to use conda.

  • by thijsvandien on 11/30/20, 4:55 PM

    Yay! I already got tired of typing --use-feature=2020-resolver.

    With this, it's a lot easier to upgrade everything without getting conflicts: pip freeze | cut -d= -f1 | xargs pip install --upgrade.

  • by dang on 11/30/20, 6:56 PM

    We changed the URL from https://github.com/pypa/pip/pull/9177 to the first link that the main comment there (https://github.com/pypa/pip/pull/9177#issuecomment-735830828) is pointing HN readers to. I presume that's the most informative one.

  • by iverjo on 12/4/20, 10:24 AM

    Sadly, pip 20.3 seems to have broken docker builds in one of my projects. The symptom is that the pip install seems to hang indefinitely (>40000 seconds). I switched back to 20.2 for now.

  • by zests on 11/30/20, 3:33 PM

    I prefer this resolver to `pip freeze` type pinning for dependency pull safety. Pip freeze makes it a nightmare to remove old packages if you have hundreds of packages frozen.

  • by economusty on 11/30/20, 9:20 PM

    I just switched to pipes, ugh

  • by saiadarsh99 on 11/30/20, 5:41 PM

    Oh, wow

  • by optimalsolver on 11/30/20, 6:10 PM

    Get on Poetry, people.

    Most Python devs don't seem to realize that the packaging problem is now solved:

    https://python-poetry.org/