How do I know which versions of dependencies my application supports?

Question

So when developing an app, it's considered good practice to specify the minimal (least restrictive) needed dependency versions in setup.py's, install_requires. Well, how do I know which versions of my dependencies my project actually depends on?

Is there any way to automatically determine this? If not, is there maybe a nice way to test the upper and lower bounds of the dependency ranges I specify?

Ideally, I'd like to focus on actual development more than manually tracking every new version of my dependencies and sifting through release histories to find out when the features I used were first introduced.

Answer 1

You don't need to specify the minimum versions but you should be focusing on the better performing dependencies. Always keep this in mind.

If minimal means the number of dependencies, you can use a package such as pipdeptree which shows the dependency tree of installed libraries in your environment. You can just list the top level libraries in your requirements and the other dependencies will be installed alongside with those top libraries.

When you install that library and just type pipdeptree you will see a similar output as below:

python-gitlab==1.8.0
  - requests [required: >=2.4.2, installed: 2.22.0]
    - certifi [required: >=2017.4.17, installed: 2019.6.16]
    - chardet [required: >=3.0.2,<3.1.0, installed: 3.0.4]
    - idna [required: >=2.5,<2.9, installed: 2.8]
    - urllib3 [required: >=1.21.1,<1.26,!=1.25.1,!=1.25.0, installed: 1.25.3]
  - six [required: Any, installed: 1.11.0]
python-jenkins==1.7.0
  - multi-key-dict [required: Any, installed: 2.0.3]
  - pbr [required: >=0.8.2, installed: 1.10.0]
  - requests [required: Any, installed: 2.22.0]
    - certifi [required: >=2017.4.17, installed: 2019.6.16]
    - chardet [required: >=3.0.2,<3.1.0, installed: 3.0.4]
    - idna [required: >=2.5,<2.9, installed: 2.8]
    - urllib3 [required: >=1.21.1,<1.26,!=1.25.1,!=1.25.0, installed: 1.25.3]
  - six [required: >=1.3.0, installed: 1.11.0]

So your requirements can be something like:

python-gitlab==1.8.0
python-jenkins==1.7.0

If you meant to specify the minimum possible versions then I don't know.

Answer 2

The "Correct" way would just be to keep track of what features you use in each dependency, and then the minimum versions for each would be the minimum version that has those features, or has some important update (security, speed, etc).

The "If it works, it works" way would be to write a script that brute forces the versions for each individual dependency to get a range for each by installing it and seeing if it works. You could probably do this easily using github actions (Although you'd have to pay if your repo is private)