Name | bumpdeps JSON |
Version |
0.2.0
JSON |
| download |
home_page | |
Summary | Utility for bumping dependency versions specified in pyproject.toml files |
upload_time | 2023-01-24 15:06:49 |
maintainer | |
docs_url | None |
author | |
requires_python | >=3.7 |
license | MPLv2.0 |
keywords |
bump
dependency
dependencies
versions
extras
|
VCS |
|
bugtrack_url |
|
requirements |
No requirements were recorded.
|
Travis-CI |
No Travis.
|
coveralls test coverage |
No coveralls.
|
.. start-badges
| |gh_actions| |pypi|
.. |gh_actions| image:: https://img.shields.io/github/actions/workflow/status/Rockhopper-Technologies/bumpdeps/tests.yml?event=push&logo=github-actions&style=plastic
:target: https://github.com/Rockhopper-Technologies/bumpdeps/actions/workflows/tests.yml
:alt: GitHub Actions Status
.. |pypi| image:: https://img.shields.io/pypi/v/bumpdeps.svg?style=plastic&logo=pypi
:alt: PyPI Package latest release
:target: https://pypi.python.org/pypi/bumpdeps
.. end-badges
Overview
========
BumpDeps is a utility for bumping dependency versions specified in `pyproject.toml`_ files.
It attempts to adhere to specifications outlined in `PEP 440`_ and `PEP 508`_.
BumpDeps can be used as part of a release process or CI workflow to ensure pinned
dependencies do not become outdated.
.. _pyproject.toml: https://pip.pypa.io/en/stable/reference/build-system/pyproject-toml/
.. _PEP 440: https://peps.python.org/pep-0440/
.. _PEP 508: https://peps.python.org/pep-0508/
Background
==========
Typically, dependency versions should not have upper-bound pinning because this is a deployment
activity. Pinning dependencies moves the implicit security contract from the user to the maintainer.
Instead, automated CI testing should run regularly against the latest versions of dependencies with
any issues resolved quickly. Upper-bound pinning, if required, should be temporary and tied to an
issue or task.
So why does this tool exist? There may be cases where pinning is still done. Whether this is for
valid reasons or not, the dependencies in these cases can quickly become outdated. This tool is
intended to simplify the process of updating those dependencies.
Usage
=====
For the most basic usage, run bumpdeps in the root of a project.
This will bump the base dependencies found in pyproject.toml.
.. code-block:: console
$ bumpdeps
To bump optional dependencies, simplify provide the name of the extra.
.. code-block:: console
$ bumpdeps some_extra some_cooler_extra
To bump all dependencies, use ``--all`` or ``-a``
.. code-block:: console
$ bumpdeps --all
For more granular options, see below.
Customizing
===========
BumpDeps behavior can be customized though the use of in-line comments.
If ``# bumpdeps: ignore`` is found after a dependency,
BumpDeps will skip updates for that dependency.
If ``# bumpdeps: ignore-until=YYYY-MM-DD`` is found after a dependency,
BumpDeps will skip updates for that dependency until the date provided.
CLI Arguments
=============
usage: bumpdeps [-h] [-a] [-b] [-i REGEX] [-e REGEX] [-f FILE] [--dry-run] [--pkg-index URL] [-d] [EXTRAS ...]
| **-a**
| **--all**
Update dependencies for base and all extras
| **-b**
| **--base**
Update base dependencies.
This is the default when no extras are provided.
Typically used in combination with specific extras.
| **-n**
| **--no-base**
Do not update base dependencies.
This is intended for use with `--all` when one want to update all optional
dependencies without updating the base dependencies.
| **-i REGEX**
| **--include REGEX**
Regular expression filter. Only dependencies matching the filter will be updated.
| **-e REGEX**
| **--exclude REGEX**
Regular expression filter. Dependencies matching the filter will be skipped.
| **-f FILE**
| **--file FILE**
Path to TOML file. Defaults to pyproject.toml in the current directory.
This file is expected to compatible with the pyproject.toml format.
| **--dry-run**
Show what changes would be made without making any changes.
| **--pkg-index DIR**
URL of package index. Defaults to https://pypi.org.
If using a custom URL, it must have an API compatible with PyPI.
| **-d**
| **--debug**
Show debug output
| **-h**
| **--help**
Show help message and exit
Raw data
{
"_id": null,
"home_page": "",
"name": "bumpdeps",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": "",
"keywords": "bump,dependency,dependencies,versions,extras",
"author": "",
"author_email": "Avram Lubkin <avylove@rockhopper.net>",
"download_url": "https://files.pythonhosted.org/packages/a6/bc/a58d6dc8b62a4f44f77b5d60df1e66cebde5a33124b2f977f5f89c5224b8/bumpdeps-0.2.0.tar.gz",
"platform": null,
"description": ".. start-badges\n\n| |gh_actions| |pypi|\n\n.. |gh_actions| image:: https://img.shields.io/github/actions/workflow/status/Rockhopper-Technologies/bumpdeps/tests.yml?event=push&logo=github-actions&style=plastic\n :target: https://github.com/Rockhopper-Technologies/bumpdeps/actions/workflows/tests.yml\n :alt: GitHub Actions Status\n\n.. |pypi| image:: https://img.shields.io/pypi/v/bumpdeps.svg?style=plastic&logo=pypi\n :alt: PyPI Package latest release\n :target: https://pypi.python.org/pypi/bumpdeps\n\n\n.. end-badges\n\n\nOverview\n========\n\nBumpDeps is a utility for bumping dependency versions specified in `pyproject.toml`_ files.\nIt attempts to adhere to specifications outlined in `PEP 440`_ and `PEP 508`_.\n\nBumpDeps can be used as part of a release process or CI workflow to ensure pinned\ndependencies do not become outdated.\n\n\n.. _pyproject.toml: https://pip.pypa.io/en/stable/reference/build-system/pyproject-toml/\n.. _PEP 440: https://peps.python.org/pep-0440/\n.. _PEP 508: https://peps.python.org/pep-0508/\n\n\nBackground\n==========\n\nTypically, dependency versions should not have upper-bound pinning because this is a deployment\nactivity. Pinning dependencies moves the implicit security contract from the user to the maintainer.\nInstead, automated CI testing should run regularly against the latest versions of dependencies with\nany issues resolved quickly. Upper-bound pinning, if required, should be temporary and tied to an\nissue or task.\n\nSo why does this tool exist? There may be cases where pinning is still done. Whether this is for\nvalid reasons or not, the dependencies in these cases can quickly become outdated. This tool is\nintended to simplify the process of updating those dependencies.\n\n\nUsage\n=====\n\nFor the most basic usage, run bumpdeps in the root of a project.\nThis will bump the base dependencies found in pyproject.toml.\n\n.. code-block:: console\n\n $ bumpdeps\n\nTo bump optional dependencies, simplify provide the name of the extra.\n\n.. code-block:: console\n\n $ bumpdeps some_extra some_cooler_extra\n\nTo bump all dependencies, use ``--all`` or ``-a``\n\n.. code-block:: console\n\n $ bumpdeps --all\n\n\nFor more granular options, see below.\n\n\nCustomizing\n===========\n\nBumpDeps behavior can be customized though the use of in-line comments.\n\nIf ``# bumpdeps: ignore`` is found after a dependency,\nBumpDeps will skip updates for that dependency.\n\nIf ``# bumpdeps: ignore-until=YYYY-MM-DD`` is found after a dependency,\nBumpDeps will skip updates for that dependency until the date provided.\n\n\nCLI Arguments\n=============\n\nusage: bumpdeps [-h] [-a] [-b] [-i REGEX] [-e REGEX] [-f FILE] [--dry-run] [--pkg-index URL] [-d] [EXTRAS ...]\n\n| **-a**\n| **--all**\n\n Update dependencies for base and all extras\n\n| **-b**\n| **--base**\n\n Update base dependencies.\n\n This is the default when no extras are provided.\n Typically used in combination with specific extras.\n\n| **-n**\n| **--no-base**\n\n Do not update base dependencies.\n\n This is intended for use with `--all` when one want to update all optional\n dependencies without updating the base dependencies.\n\n| **-i REGEX**\n| **--include REGEX**\n\n Regular expression filter. Only dependencies matching the filter will be updated.\n\n| **-e REGEX**\n| **--exclude REGEX**\n\n Regular expression filter. Dependencies matching the filter will be skipped.\n\n| **-f FILE**\n| **--file FILE**\n\n Path to TOML file. Defaults to pyproject.toml in the current directory.\n\n This file is expected to compatible with the pyproject.toml format.\n\n| **--dry-run**\n\n Show what changes would be made without making any changes.\n\n| **--pkg-index DIR**\n\n URL of package index. Defaults to https://pypi.org.\n\n If using a custom URL, it must have an API compatible with PyPI.\n\n| **-d**\n| **--debug**\n\n Show debug output\n\n| **-h**\n| **--help**\n\n Show help message and exit\n",
"bugtrack_url": null,
"license": "MPLv2.0",
"summary": "Utility for bumping dependency versions specified in pyproject.toml files",
"version": "0.2.0",
"split_keywords": [
"bump",
"dependency",
"dependencies",
"versions",
"extras"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "70f66bd9167515e03838c1ed1339bfdf6a6c2217ca34b6e0ffa78913bf88ca83",
"md5": "e4fb984a48a14875ba677b705eb5cb05",
"sha256": "9f74f114649f1685081a4b6b5f24e967b6238b574e30502c50b915d51bea0347"
},
"downloads": -1,
"filename": "bumpdeps-0.2.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "e4fb984a48a14875ba677b705eb5cb05",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 13271,
"upload_time": "2023-01-24T15:06:47",
"upload_time_iso_8601": "2023-01-24T15:06:47.969649Z",
"url": "https://files.pythonhosted.org/packages/70/f6/6bd9167515e03838c1ed1339bfdf6a6c2217ca34b6e0ffa78913bf88ca83/bumpdeps-0.2.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "a6bca58d6dc8b62a4f44f77b5d60df1e66cebde5a33124b2f977f5f89c5224b8",
"md5": "dca5456d77c9e0dd544ff7bb30302fe6",
"sha256": "399c5f77c75feb4e3fb4d225327927acccbf1639575f9bf3c59b896a6a3a88c4"
},
"downloads": -1,
"filename": "bumpdeps-0.2.0.tar.gz",
"has_sig": false,
"md5_digest": "dca5456d77c9e0dd544ff7bb30302fe6",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 18254,
"upload_time": "2023-01-24T15:06:49",
"upload_time_iso_8601": "2023-01-24T15:06:49.477839Z",
"url": "https://files.pythonhosted.org/packages/a6/bc/a58d6dc8b62a4f44f77b5d60df1e66cebde5a33124b2f977f5f89c5224b8/bumpdeps-0.2.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-01-24 15:06:49",
"github": false,
"gitlab": false,
"bitbucket": false,
"lcname": "bumpdeps"
}