Suppose you have python project
project-a with a
Now if you pip install
project-a’s dependencies using something like
install -r requirements.txt, you will be very sad to find that the
python-dateutil library you have installed for
project-a is actually the
newest released version of
python-dateutil, and not necessarily
Why is this?
If a transitive dependency is not explicitly specified in a project’s
requirements.txt, pip will grab the version of the required library specified
in the project’s
install_requires section (of
setup.py). If this section
does not explicitly pin a version, you end up getting the latest version of
What should I do?
If your application needs a specific version of a transitive dependency, pin it
yourself in your application’s
requirements.txt file. Then pip will do the
right thing. You do also have the option of pinning the version in
itself, but this is considered bad form.
This was more of a reminder to myself rather an a TIL. Hopefully useful to you too!