PEP 735 – Dependency Groups in pyproject.toml | peps.python.org
peps.python.org
This PEP specifies a mechanism for storing package requirements in pyproject.toml files such that they are not included in any built distribution of the project.

PEP 735 what is it’s goal? Does it solve our dependency hell issue?

A deep dive and out comes this limitation

The mutual compatibility of Dependency Groups is not guaranteed.

https://peps.python.org/pep-0735/#lockfile-generation

Huh?! Why not?

mutual compatibility or go pound sand!

pip install -r requirements/dev.lock
pip install -r requirements/kit.lock -r requirements/manage.lock

The above code, purposefully, does not afford pip a fighting chance. If there are incompatibilities, it’ll come out when trying randomized combinations.

Without a means to test for and guarantee mutual compatibility, end users will always find themselves in dependency hell.

Any combination of requirement files (or dependency groups), intended for the same venv, MUST always work!

What if this is scaled further, instead of one package, a chain of packages?!

  • Eager Eagle@lemmy.worldEnglish
    0·
    14 days ago

    additional layer to abstract away from pip

    reqs.txt files are not standardized and pip can read from a pyproject.toml - which is - using pip install .

    there are still many unresolved matters with dependency resolution, but we need to leave requirements.txt files behind.

    • logging_strict@programming.devOP
      0·
      14 days ago

      Throwing out an alternative. Not making the assumption that more TOML is better. Cuz the contents of those requirements.txt files are rw, not ro. I see pyproject.toml as a ro configuration file.

      Do you agree or should pyproject.toml be rw?

      Another option, strictly validated YAML.

      For the configuration section, before parsing occurs, strict validation occurs against a schema.

      TOML vs strictyaml – https://hitchdev.com/strictyaml/why-not/toml/

      • Eager Eagle@lemmy.worldEnglish
        0·
        14 days ago

        I didn’t know about StrictYAML, we’re really going in circles lol

        TOML is already RW by Poetry, PDM, and uv.

        • logging_strict@programming.devOP
          0·
          14 days ago

          Yeah, but should it be (rw)?

          If it’s rw, it’s a database, not a config file.

          No software designer thinks … postgreSQL, sqlite, mariadb, duckdb, … nah TOML

          Or at least yaml turns out to be not a strange suggestion

          • FooBarrington@lemmy.world
            0·
            14 days ago

            You have a strange definition of “database”. Almost every language I touch on a daily basis (JS, Rust, C#) uses their package meta file to declare dependencies as well, yet none of those languages treat it as a “database”.