this post was submitted on 17 Jan 2025

13 points (84.2% liked)

Python

6580 readers

66 users here now

Welcome to the Python community on the programming.dev Lemmy instance!

📅 Events

Past

November 2023

PyCon Ireland 2023, 11-12th
PyData Tel Aviv 2023 14th

October 2023

PyConES Canarias 2023, 6-8th
DjangoCon US 2023, 16-20th (!django 💬)

July 2023

PyDelhi Meetup, 2nd
PyCon Israel, 4-5th
DFW Pythoneers, 6th
Django Girls Abraka, 6-7th
SciPy 2023 10-16th, Austin
IndyPy, 11th
Leipzig Python User Group, 11th
Austin Python, 12th
EuroPython 2023, 17-23rd
Austin Python: Evening of Coding, 18th
PyHEP.dev 2023 - "Python in HEP" Developer's Workshop, 25th

August 2023

PyLadies Dublin, 15th
EuroSciPy 2023, 14-18th

September 2023

PyData Amsterdam, 14-16th
PyCon UK, 22nd - 25th

🐍 Python project:

💓 Python Community:

#python IRC for general questions
#python-dev IRC for CPython developers
PySlackers Slack channel
Python Discord server
Python Weekly newsletters
Mailing lists
Forum

✨ Python Ecosystem:

🌌 Fediverse

Communities

#python on Mastodon
c/django on programming.dev
c/pythorhead on lemmy.dbzer0.com

Projects

Pythörhead: a Python library for interacting with Lemmy
Plemmy: a Python package for accessing the Lemmy API
pylemmy pylemmy enables simple access to Lemmy's API with Python
mastodon.py, a Python wrapper for the Mastodon API

Feeds

founded 2 years ago

MODERATORS

jnovinger

erlingur

norambna

PEP 735 does dependency group solve anything? (peps.python.org)

submitted 2 weeks ago by logging_strict to c/python

28 comments fedilink hide all child comments

PEP 735 what is it's goal? Does it solve our dependency hell issue?

A deep dive and out comes this limitation

The mutual compatibility of Dependency Groups is not guaranteed.

-- https://peps.python.org/pep-0735/#lockfile-generation

Huh?! Why not?

mutual compatibility or go pound sand!

pip install -r requirements/dev.lock
pip install -r requirements/kit.lock -r requirements/manage.lock

The above code, purposefully, does not afford pip a fighting chance. If there are incompatibilities, it'll come out when trying randomized combinations.

Without a means to test for and guarantee mutual compatibility, end users will always find themselves in dependency hell.

Any combination of requirement files (or dependency groups), intended for the same venv, MUST always work!

What if this is scaled further, instead of one package, a chain of packages?!

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 2 weeks ago* (last edited 2 weeks ago) (24 children)

additional layer to abstract away from pip

reqs.txt files are not standardized and pip can read from a pyproject.toml - which is - using pip install .

there are still many unresolved matters with dependency resolution, but we need to leave requirements.txt files behind.

[–] logging_strict 1 points 2 weeks ago (23 children)

Throwing out an alternative. Not making the assumption that more TOML is better. Cuz the contents of those requirements.txt files are rw, not ro. I see pyproject.toml as a ro configuration file.

Do you agree or should pyproject.toml be rw?

Another option, strictly validated YAML.

For the configuration section, before parsing occurs, strict validation occurs against a schema.

TOML vs strictyaml -- https://hitchdev.com/strictyaml/why-not/toml/

[–] [email protected] 2 points 2 weeks ago (22 children)

I didn't know about StrictYAML, we're really going in circles lol

TOML is already RW by Poetry, PDM, and uv.

[–] logging_strict 1 points 1 week ago* (last edited 1 week ago)

Highly suggest reading the strictyaml docs

The author lays out both

Why
Why not

Should be required reading for anyone dealing with config files, especially those encountering yaml.

Warning: After reading these, and confirming the examples yourself, seeing packages using pyyaml will come off as lessor

load more comments (21 replies)