63 update all

[peterbe]

Fixes #63

The challenge here is whether to call it "update" or "upgrade".
The truth is that hashin doesn't upgrade any packages, it just updates the requirements.

I created a requirements file with some packages I know are "updateable".

▶ python hashin.py -r /tmp/reqs.txt -u --dry-run

--- Old
+++ New
@@ -1,9 +1,9 @@
 requests[security]==2.20.0 \
     --hash=sha256:99dcfdaaeb17caf6e526f32b6a7b780461512ab3f1d992187801694cba42770c \
     --hash=sha256:a84b8c9ab6239b578f22d1c21d51b696dcfe004032bb80ea832398d6909d7279
-kinto-attachment==5.0.0 \
-    --hash=sha256:4444e3c225d30cecdd5abd59afc9cc3b2412045b8b515a73e5b81a89638f3243 \
-    --hash=sha256:c54fd4d8a40498218c7b78f61fc5ce3eedead00a441af58fc12a12644e64410c
+kinto-attachment==6.0.0 \
+    --hash=sha256:12ce5c2ef718e7e31cef2e2a3bde771d9216f2cb014efba963e69cb709bcbbd1 \
+    --hash=sha256:fd54e979d3747be638f59de44a7f6523bed56d81961a438462b1346f49be5fe4
 boto3==1.9.16 \
     --hash=sha256:7d2ae0a759ede09474387dae246d8fe9c1f07e98fa3366ebffd0536571558261 \
     --hash=sha256:abc08c826c0628cb22fee2a2a5a21bad6a7f261042c652e4f994f376333cf52c

--- Old
+++ New
@@ -4,9 +4,9 @@
 kinto-attachment==5.0.0 \
     --hash=sha256:4444e3c225d30cecdd5abd59afc9cc3b2412045b8b515a73e5b81a89638f3243 \
     --hash=sha256:c54fd4d8a40498218c7b78f61fc5ce3eedead00a441af58fc12a12644e64410c
-boto3==1.9.16 \
-    --hash=sha256:7d2ae0a759ede09474387dae246d8fe9c1f07e98fa3366ebffd0536571558261 \
-    --hash=sha256:abc08c826c0628cb22fee2a2a5a21bad6a7f261042c652e4f994f376333cf52c
+boto3==1.9.31 \
+    --hash=sha256:03bdbd5bfc8c9f603877edf208a947b9e9d3d29268e3c3c46c3a8ee3d64ccda8 \
+    --hash=sha256:bc7b8e65b9612ee7ff03f71e765d0f380c8db096d898213bb4ead5b389c31cde
 botocore==1.12.31 \
     --hash=sha256:409edb0651313a04e93f2bfff2663ef84f742034f2099478d07b0c508b921c02 \
     --hash=sha256:dea459bfa0418689f2dfd8241739e7bb071d1cc944ffcc9cce0c19ecaf3612f3

This time, without the -u shortcut but with the full --update-all:

▶ python hashin.py -r /tmp/reqs.txt --update-all
▶ diff /tmp/reqs.txt /tmp/reqs.txt.backup
4,9c4,9
< kinto-attachment==6.0.0 \
<     --hash=sha256:12ce5c2ef718e7e31cef2e2a3bde771d9216f2cb014efba963e69cb709bcbbd1 \
<     --hash=sha256:fd54e979d3747be638f59de44a7f6523bed56d81961a438462b1346f49be5fe4
< boto3==1.9.31 \
<     --hash=sha256:03bdbd5bfc8c9f603877edf208a947b9e9d3d29268e3c3c46c3a8ee3d64ccda8 \
<     --hash=sha256:bc7b8e65b9612ee7ff03f71e765d0f380c8db096d898213bb4ead5b389c31cde
---
> kinto-attachment==5.0.0 \
>     --hash=sha256:4444e3c225d30cecdd5abd59afc9cc3b2412045b8b515a73e5b81a89638f3243 \
>     --hash=sha256:c54fd4d8a40498218c7b78f61fc5ce3eedead00a441af58fc12a12644e64410c
> boto3==1.9.16 \
>     --hash=sha256:7d2ae0a759ede09474387dae246d8fe9c1f07e98fa3366ebffd0536571558261 \
>     --hash=sha256:abc08c826c0628cb22fee2a2a5a21bad6a7f261042c652e4f994f376333cf52c

[peterbe]

Hey @jotes check it out! I deliberately left out the idea of --interactive which would ask the user input("Wanna upgrade 'foo' to version 1.2.3 (from 1.2.2)?") but that feature can easily be added after and separately.

Please take a look at the patch and see if you can test it locally.

Note, that if you use hashin -u --dry-run it'll just print to stdout and not update anything.

What do you think about the idea of calling it "update" instead of "upgrade"?