this post was submitted on 17 Jan 2025
11 points (86.7% liked)

Python

6516 readers
31 users here now

Welcome to the Python community on the programming.dev Lemmy instance!

πŸ“… Events

PastNovember 2023

October 2023

July 2023

August 2023

September 2023

🐍 Python project:
πŸ’“ Python Community:
✨ Python Ecosystem:
🌌 Fediverse
Communities
Projects
Feeds

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
11
PEP 735 does dependency group solve anything? (peps.python.org)
submitted 20 hours ago by [email protected] to c/[email protected]
23 comments fedilink hide all child comments
 

PEP 735 what is it's goal? Does it solve our dependency hell issue?

A deep dive and out comes this limitation

The mutual compatibility of Dependency Groups is not guaranteed.

-- https://peps.python.org/pep-0735/#lockfile-generation

Huh?! Why not?

mutual compatibility or go pound sand!

pip install -r requirements/dev.lock
pip install -r requirements/kit.lock -r requirements/manage.lock

The above code, purposefully, does not afford pip a fighting chance. If there are incompatibilities, it'll come out when trying randomized combinations.

Without a means to test for and guarantee mutual compatibility, end users will always find themselves in dependency hell.

Any combination of requirement files (or dependency groups), intended for the same venv, MUST always work!

What if this is scaled further, instead of one package, a chain of packages?!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 15 hours ago* (last edited 15 hours ago) (14 children)

Yeah, but should it be (rw)?

If it's rw, it's a database, not a config file.

No software designer thinks ... postgreSQL, sqlite, mariadb, duckdb, .... nah TOML

Or at least yaml turns out to be not a strange suggestion

[–] FooBarrington 3 points 14 hours ago (10 children)

You have a strange definition of "database". Almost every language I touch on a daily basis (JS, Rust, C#) uses their package meta file to declare dependencies as well, yet none of those languages treat it as a "database".

[–] [email protected] 1 points 9 hours ago (7 children)

In this super specific case, the data that is being worked with is a many list of dict. A schema-less table. There would be frequent updates to this data. As package versions are upgraded, fixes are made, and security patches are added.

[–] eager_eagle 3 points 8 hours ago (2 children)

It seems you're describing a lock file. No one is proposing to use or currently using pyproject.toml as a lock file. And even lock files have well defined schemas, not just an arbitrary JSON-like object.

[–] [email protected] 1 points 8 hours ago

parsing lock files

There's a few edge cases on parsing dependency urls. So it's not completely black and white.

just have to read over to pip-compile-multi to see that. (i have high praise for that project don't get me wrong)

[–] [email protected] 1 points 8 hours ago (1 children)

then i'm misunderstanding what data dependencies groups are supposed to be storing. Just the equivalent of requirements.in files and mapping that to a target? And no -c (constraints) support?!

Feels like tying one of hands behind our back.

load more comments (4 replies)
load more comments (6 replies)
load more comments (9 replies)