I am using pip-tools 5.4.0, pip 20.3.1, and python3. I have looked at pip-tools source code and the pip blog post about the new resolver. I do not see an explicit answer to my question. If I run:
pipdeptree
flake8==3.8.4
- mccabe [required: >=0.6.0,<0.7.0, installed: 0.6.1]
- pycodestyle [required: >=2.6.0a1,<2.7.0, installed: 2.6.0]
- pyflakes [required: >=2.2.0,<2.3.0, installed: 2.2.0
...
If I run pip-compile --upgrade, are there internal constraints in pip-tools or dependency-checking in the new pip resolver that will prevent subdependencies from upgrading beyond their constraints, e.g., mccabe upgrading to 0.7.0?
Original pip-tools author here (although today's maintenance is now happening by the JazzBand collective)
Yes, all top-level constraints (the constraints you put in your
requirements.infile yourself), as well as any secondary constraints (the constraints required by each concrete package version that gets subsequently resolved) all form one big "constraint space". pip-tools' resolver will always resolve versions within that constraint space, or throw an error.In your example, the version of
mccabethatflake8==3.8.4requires will thus be respected and as a result the version ofmccabethat gets resolved will never be0.7or higher. (That's the very purpose ofpip-tools.)At the time of writing this post, 3.8.4 is flake8's highest version. If, however, you specified
flake8(without any version constraints) in yourrequirements.infile, then it may get upgraded to, say, 3.9.0 in the future. That future version may specify a wider range formccabe, likemccabe>=0.6,<0.8or something. In that case, the result ofpip-compile --upgrademay upgrademccabeto 0.7.0 of course.