-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependencies #382
Update dependencies #382
Conversation
Packages which are released on PyPI should NOT pin their packages. Say spotdl pins a package to a said version and another application pins the same package to another version, then we have a package conflict. The packaging situation of Python is a mess, I agree. There are a lot of arguments in the about packaging which would be too much to include in this comment. So I think, we should not pin our dependencies but go with the lowest version which is know to work. PS: I'm talking from the knowledge of reading blog posts and issues over at pipenv, so what I'm saying might be a very opinionated pov. |
I'd say that would be rare but I see the potential problem.
How would using NPM for example be different?
That would mean at least regularly updating the version of |
NPM has a very different ideology. Something I have a love and hate relationship with. NPM aims to give deterministic builds for each application. This means every package can have it's own pinned dependencies which won't create problems to other packages. This won't create a problem with npm ecosystem because npm has multiple layers of dependencies (as in there can be more than one version of the same package). This is not the case with python where the dependencies are single layered. Only one version of a package is installed at a given point in time.
This is inevitable.
No. Because the requirement is already satisfied, it won't update. |
Thanks for the explanations. On a side note, you just made me feel like I just started programming a few months ago 😄
And that's why I feel at least using I agree |
I think I'm go for this PR. It has some important updates anyway. (PyYaml 3.12 won't compile with python 3.7, for example.) |
Don't see a problem with merging this. By the way, some good discussion going on in here! |
Update the listed versions of
youtube_dl
,mutagen
,beautifulsoup4
andPyYAML
to their newest versions.IMO we should use
==
instead of>=
insetup.py
, as the former will ensure compatibility of the installed packages with spotdl while the latter would (AFAIK) not update an already existing package to its newest version, which can be important especially with packages likeyoutube_dl
.