[thefreeman]

the problem poetry.lock solves that requirements.txt doesn't is that if one of the dependencies you use has an unrestrictive version in their requirements.txt you can end up with unexpected upgrades in the dependencies of your dependencies. if you are only ever developing against a prebuilt docker container and that exact container is what gets shipped to prod then you won't have this issue, but if you have a CI system anywhere along the line that rebuilds the container you can still be bit by this.

[awaythrowact]

Doesn’t pip freeze > requirements.txt capture exact versions of dependencies of dependencies?

[smitty1e]

> dependencies you use has an unrestrictive version in their requirements.txt

It's the other guy causing the ruckus.

[awaythrowact]

I pip install foo, and foo depends on bar. I pip freeze > lock.txt. My lock file has foo v1 and bar v1, right? Later bar upgrades to v2. I then try to rebuild the container image from lock.txt. My pip freeze lock file will still keep me on foo v1 and bar v1, even though foo has unpinned dependency on bar and bar has new version.

Is pip freeze not solving this scenario? Or is poetry solving a different scenario?

Not trying to flame war, just not sure I’m grokking.