PEP 735 what is it’s goal? Does it solve our dependency hell issue?
A deep dive and out comes this limitation
The mutual compatibility of Dependency Groups is not guaranteed.
– https://peps.python.org/pep-0735/#lockfile-generation
Huh?! Why not?
mutual compatibility or go pound sand!
pip install -r requirements/dev.lock
pip install -r requirements/kit.lock -r requirements/manage.lock
The above code, purposefully, does not afford pip a fighting chance. If there are incompatibilities, it’ll come out when trying randomized combinations.
Without a means to test for and guarantee mutual compatibility, end users will always find themselves in dependency hell.
Any combination of requirement files (or dependency groups), intended for the same venv, MUST always work!
What if this is scaled further, instead of one package, a chain of packages?!
It seems you’re describing a lock file. No one is proposing to use or currently using pyproject.toml as a lock file. And even lock files have well defined schemas, not just an arbitrary JSON-like object.
There’s a few edge cases on parsing dependency urls. So it’s not completely black and white.
just have to read over to pip-compile-multi to see that. (i have high praise for that project don’t get me wrong)
then i’m misunderstanding what data
dependencies groupsare supposed to be storing. Just the equivalent of requirements.in files and mapping that to a target? And no-c(constraints) support?!Feels like tying one of hands behind our back.
see https://packaging.python.org/en/latest/specifications/dependency-groups/#dependency-groups