Check if requirements are up to date

Solution 1

Pip has this functionality built-in. Assuming that you're inside your virtualenv type:

$ pip list --outdated
psycopg2 (Current: 2.5.1 Latest: 2.5.2)
requests (Current: 2.2.0 Latest: 2.2.1)

$ pip install -U psycopg2 requests

After that new versions of psycopg2 and requests will be downloaded and installed. Then:

$ pip freeze > requirements.txt

And you are done. This is not one command but the advantage is that you don't need any external dependencies.

Solution 2

Just found a python package specifically for the task - piprot, with the following slogan:

How rotten are your requirements?

It's very straightforward to work with:

$ piprot requirements.txt 
Django (1.5.1) is 315 days out of date. Latest is 1.6.2
lxml (3.0) is 542 days out of date. Latest is 3.3.4
Your requirements are 857 days out of date

Also you can "pipe" pip freeze to piprot command, so it can actually inspect how rotten are the packages installed in your sandbox/virtual environment:

pip freeze | piprot

Hope that will help somebody in the future.

Solution 3

Since you mentioned you like to follow best practices, I am guessing you are using virtualenv too, correct? Assuming that is the case, and since you are already pinning your packages, there is a tool called pip-tools that you can run against your virtualenv to check for updates.

There is a down side, and why I mentioned the use of virtualenv though.

[the tool] checks PyPI and reports available updates. It uses the list of currently installed packages to check for updates, it does not use any requirements.txt

If you run it in your virtualenv, you can easily see which packages have updates available for your current active environment. If you aren't using virtualenv, though, it's probably not best to run it against the system as your other projects may depend on different versions (or may not work well with updated version even if they all currently work).

From the documentation provided, usage is simple. The pip-review shows you what updates are available, but does not install them.

$ pip-review
requests==0.13.4 available (you have 0.13.2)
redis==2.4.13 available (you have 2.4.9)
rq==0.3.2 available (you have 0.3.0)

If you want to automatically install as well, the tool can handle that too: $ pip-review --auto. There is also an --interactive switch that you can use to selectively update packages.

Once all of this is done, pip-tools provides a way to update your requirements.txt with the newest versions: pip-dump. Again, this runs against the currently active environment, so it is recommended for use within a virtualenv.

Installation of the project can be accomplished via pip install pip-tools.

Author's note: I've used this for small Django projects and been very pleased with it. One note, though, if you install pip-tools into your virtual environment, when you run pip-dump you'll find that it gets added to your requirements.txt file. Since my projects are small, I've always just manually removed that line. If you have a build script of some kind, you may want to automatically strip it out before you deploy.

pip freeze | cut -d = -f 1 | xargs -n 1 pip search | grep -B2 'LATEST:'

Author by

alecxe

"I am a soldier, at war with entropy itself" I am a Software Developer and generalist who is in love with the Python language and community. I greatly value clean and maintainable code, great software, but I know when I need to be a perfectionist and when it stands in a way of product delivery. I like to break things, to find new ways to break things, to solve hard problems, to put things under test and stress, and to have my mind blown by an interesting question. Some of my interests: Learning, Productivity, AI, Space Exploration, Internet of Things. "If you change the way you look at things, the things you look at change." - Wayne Dyer If you are looking for a different way to say "Thank you": Amazon wish list Pragmatic wish list Today I left my phone at home And went down to the sea. The sand was soft, the ocean glass, But I was still just me. Then pelicans in threes and fours, Glided by like dinosaurs, An otter basked upon its back, And dived to find another snack. The sun corpuscular and bright, Cast down a piercing shaft, And conjured an inspiring sight On glinting, bobbing craft. Two mermaids rose up from the reef, Out of the breaking waves. Their siren song was opium grief, Their faces from the grave. The mermaids asked a princely kiss To free them from their spell. I said to try a poet’s bliss. They shrugged and bid farewell. The sun grew dark and sinister, In unscheduled eclipse. As two eight-headed aliens Descended in their ships. They said the World was nice enough But didn’t like our star. And asked the way to Betelgeuse, If it wouldn’t be too far. Two whales breached far out to sea, And flew up to the sky, The crowd was busy frolicking, And didn’t ask me why. Today I left my phone at home, On the worst day, you’ll agree. If only I had pictures, If only you could see. Not everything was really there, I’m happy to confess, But I still have the memories, Worth more than tweets and stress. Today I left my phone at home, I had no shakes or sorrow. If that is what my mind can do, It stays at home tomorrow. Gavin Miller

Updated on June 19, 2022