Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Optional automatic upgrade of pip on new releases

See original GitHub issue

What’s the problem this feature will solve?

Whenever there is a new pip release, I get a message like this the next time I run pip install in one of my virtualenvs:

[notice] A new release of pip available: 22.3 -> 22.3.1
[notice] To update, run: pip install --upgrade pip

Because I have never suffered any negative consequences from upgrading (thank you for that) and also because I don’t want to see the message again, I nearly always run the upgrade immediately. However, it does not feel very productive to do this manually.

Describe the solution you’d like

Instead of telling me how to upgrade pip, pip could just do the upgrade.

Here is some brainstorming how this could work. Instead of --disable-pip-version-check, there could be a new option, something like --pip-version-upgraded-action=, with different actions:

disable would be the same as --disable-pip-version-check
notice prints the notice (current behavior)
ask prompts interactively whether to do an upgrade
upgrade does the upgrade without prompting

Maybe this is going too far, but I could even imagine that ask could become the default 1) if the prompt is only shown when input is a terminal and 2) if the options are not only “yes” and “no”, but also “no, and don’t ask again for this virtual environment”.

Alternative Solutions

Perhaps an argument could be made that no upgrade notice should be shown by default. They are not shown for other packages in the virtual environment, so why single out pip?

I am aware of --disable-pip-version-check, but as long as consensus is that pip is important enough to be upgraded as soon as a new release comes out (hence notices are shown), I would prefer to do the upgrade.

Code of Conduct

I agree to follow the PSF Code of Conduct.

Issue Analytics

State:
Created 10 months ago
Reactions:1
Comments:14 (9 by maintainers)

Top GitHub Comments

3reactions

pfmoorecommented, Nov 18, 2022

Finally, I should mention that removing the update notices altogether would also solve the problem for me …

Well, the --disable-pip-version-check option (which can be set in the config file) does that, but you said originally that wasn’t a suitable solution for you.

pip gives the impression that it is important to update

It’s important to upgrade for two main reasons:

We don’t support any versions of pip other than the latest, so if you don’t upgrade regularly, you’ll be unsupported. That may be fine for you, of course.
If you don’t use an up to date version of pip, you won’t get the benefit of new standards that get developed. For example, you could get known-problematic packages installed if your pip doesn’t support the “yanked” flag on PyPI. Or packages that are not compatible with your Python if you have a version of pip without support for the “requires_python” metadata. Too many people using out of date versions of pip would significantly increase the risk of breakage when we deploy new standards like this.

You can, of course, make your own choice around upgrading. But the upgrade notice does reflect our advice on whether you should or not.

The reasons we don’t automatically upgrade, but just let the user know, are basically:

It’s impolite to upgrade someone’s software without giving them a choice. OS-level upgrades are a different matter, and there’s typically a lot of infrastructure to allow people (typically IT departments) to customise the process. A command line tool like pip doesn’t have that infrastructure, and people don’t expect automatic updates.
It’s technically extremely tricky to do right (or even to detect when it’s possible to do it safely). A failed automatic update is the worst possible outcome, as you’ve now just broken the user’s ability to fix the issue as well.
People should be managing the upgrades. Even though we say “there’s a new version, you should upgrade” that doesn’t mean that we expect people to immediately deploy the new pip to production[^1]. Testing the new release and deploying it once you’re sure it works for you should be how you respond to that notification, and no automatic update can do that for you.

[^1]: Even though sadly, a lot of people do 🙁

2reactions

marcelmcommented, Nov 18, 2022

Thanks all for your time engaging with me. I don’t think I have managed particularly well to convey that I don’t want to force an auto-update on anyone – my favorite option would be to prompt, and then it would be fully under the user’s control. However, it also appears to be more complicated than I thought (as always) and enthusiasm seems to be pretty low for the idea in general. I would not be able to submit a PR for this myself anyway, so I will let this go. It’s good to have your stance on the idea documented here. (Feel free to close.)

Top Results From Across the Web

Options that control the installation process - PIP documentation

This option controls what other packages can be upgraded: eager - all packages will be upgraded to the latest possible version. It should...

How to use pip (Install, update, uninstall packages) - nkmk note

To update installed packages to the latest version, run pip install with the --upgrade or -U option. $ pip install --upgrade <package-name> $ ......

Upgrade python packages from requirements.txt using pip ...

Give pur your requirements.txt file and it will auto update all your high-level packages to the latest versions, keeping your original formatting and ......

realiti4/pip-upgrade - GitHub

Upgrade your pip packages with one line. A fast, reliable and easy tool for upgrading all of your packages while not breaking any...

pip 0.6.2 - PyPI

The old version of the package is automatically restored if the new version fails to download ... Did you have to install a...