[anacoluthe]

What if the depedencies you pinned have non-pinned depedencies?

packageA==1.0.0 depends itself on packageB

Therefore, you can find yourself with a different set of deps. Had a bug like this once.

[im3w1l]

Pip freeze will pin explicit as well as transitive dependencies

[fnord123]

It's a hassle to do this correctly and upgrade the dependencies. Use poetry.

[robertlagrant]

pip freeze > requirements.txt

[fnord123]

That only generates a lock file. When you want to upgrade some of your dependencies and recalculate the correct versions, it doesn't help.

[robertlagrant]

How's that an issue? Here's an example of what happens: https://gist.github.com/robertlagrant/23489d8970ef6b49960307...

[tomrod]

Someone else already responded. It's a one-line command.

I never could get poetry to work right; it's configs are sort of messy. pip freeze > requirements is built in. The only thing it doesn't pin is the python version itself.

[fnord123]

As explained elsewhere in this thread, the one line command only generates a lock file. This doesn't manage the dependencies so if you want to upgrade cool-lib and recalculate all the transient dependencies so they fit with the rest of your libraries, you cannot afaik.

Bad non-solutions being built in are a bad thing.

[earthboundkid]

This is not actually true. :-) Pip will install transitive deps from a requirements file unless you add the “no deps” flag. Pip freeze doesn’t pin anything. It just dumps stuff into a text file. If it’s a complete list, it has the side effect of pinning, but that’s not guaranteed by pip freeze in any way.

[japanuspus]

You just pin the sub-dependency. This is builtin functionality for all the python environment managers.