With the recent change in pip having it upgrading packages only-if-needed by default (or using --upgrade-strategy eager) I would like to have pip listing only security updates of my packages in order to avoid upgrading modules for new features but to keep my system up-to-date regarding security.

1 Answers

1
phd On Best Solutions

There is no way to do it. pip doesn't know what updates are what — security, bug fixes, feature releases. pip simply doesn't distinguish them.

You have to track release notes for all installed packages. There is no other way. I've heard there are commercial services that track security updates and notify you.