Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Why pin runtime dependencies so tightly?

See original GitHub issue

Hi,

Looking at the setup.py file, it looks like the following are all required runtime dependencies, all of which need to be pinned very precisely:

requirements = [    "Cython==0.29.23",    "cvxpy==1.1.12",    "fbprophet==0.5",    "holidays==0.9.10",  # 0.10.2,    "ipykernel==4.8.2",    "ipython==7.1.1",    "ipywidgets==7.2.1",    "jupyter==1.0.0",    "jupyter-client==6.1.5",    "jupyter-console==6.",  # used version 6 to avoid conflict with ipython version    "jupyter-core==4.7.1",    "matplotlib==3.4.1",    "nbformat==5.1.3",    "notebook==5.4.1",    "numpy==1.20.2",    "osqp==0.6.1",    "overrides==2.8.0",    "pandas==1.1.3",    "patsy==0.5.1",    "Pillow==8.0.1",    "plotly==3.10.0",    "pystan==2.18.0.0",    "pyzmq==22.0.3",    "scipy==1.5.4",    "seaborn==0.9.0",    "six==1.15.0",    "scikit-learn==0.24.1",    "Sphinx==3.2.1",    "sphinx-gallery==0.6.1",    "sphinx-rtd-theme==0.4.2",    "statsmodels==0.12.2",    "testfixtures==6.14.2",    "tornado==5.1.1",    "tqdm==4.52.0"]

My question is - why pin them so tightly, and are all of them really necessary? E.g. do I really need sphinx-gallery? Such tight pins make it very difficult to integrate into any existing project. Why not just require a lower bound for many/most of these?

Issue Analytics

State:
Created 2 years ago
Reactions:4
Comments:15 (6 by maintainers)

Top GitHub Comments

4reactions

wilfreddesertcommented, Jun 2, 2021

I am not sure whether it’s related, but trying to do pip install greykite broke my Jupyter installation for me

3reactions

Reza1317commented, Jun 4, 2021

Yes, I think most of these issues are related to prophet installation. We are working on a solution and it should be resolved in the next release which we hope to publish in a timely fashion. Please stay tuned for an update.

Top Results From Across the Web

How should you pin dependencies and why? – The Guild

By freezing the dependencies we want to achieve repeatable deployment and make sure that every developer is testing on the very same codebase....

Understanding the npm dependency model - Alexis King

Indeed, it is often safe for a library author to pin a dependency to a specific version without affecting dependent packages or applications...

Dependencies - Adopting Erlang

Erlang's open source dependencies are just OTP applications, like every other library in a release. As such, all that's required to use an...

Should you Pin your JavaScript Dependencies?

The pros and cons of dependency pinning for JavaScript/npm. ... For projects of any type, the main reason to use ranges is so...

NVIDIA CUDA Installation Guide for Linux

The CUDA development environment relies on tight integration with the host development environment, including the host compiler and C runtime libraries, ...