Allow pip list --outdated to take a requirements file

[ggreer]

Sometimes, I'm not on the latest release of a Python package. For example, I haven't upgraded to Django 1.9 yet. But is there a bug fix or security release for 1.8? With pip, I can't tell:

% pip list --outdated
Django (Current: 1.8.6 Latest: 1.9 [wheel])
requests (Current: 2.8.0 Latest: 2.9.1 [wheel])

To fix this, it would be nice if I could pass my normal requirements.txt to pip list --outdated. In other words, given a requirements.txt like this...

Django>=1.8,<1.9
requests>=2.8,<2.9

...I'd like to do this:

% pip list --outdated -r requirements.txt 
Django (Current: 1.8.6 Wanted: 1.8.7 Latest: 1.9 [wheel])
requests (Current: 2.8.0 Wanted: 2.8.1 Latest: 2.9.1 [wheel])

(I'm not dead-set on that output format, just giving it as an example.)

I searched around for similar issues, but the closest I could find was #2982. That's not so much a functional change as a stylistic one.

[jacobsvante]

Sounds like a great idea. Sign me up!

[Herst]

With this you could also tell whether there is an update for your packages directly listed in your requirements file and not packages that are just dependencies and which you might not be able to update without possibly breaking something.

[pradyunsg]

I think I can pick this up at some point in the near future. Self-assigning this on that assumption. I'd still be working on this in volunteered time, so, no promises on that.

[juanjsebgarcia]

Anyone finding this through search:
https://pypi.org/project/pip-upgrade
I've been using the above package to help manage the situation.

Having it native would be super

[pradyunsg]

@juanjsebgarcia I think you're asking for #4551?

[juanjsebgarcia]

I think it applies to both :)

The above package lists all the expired requirements in a given requirements.txt so I think it helps alleviate this issue too.

I still think having it natively in pip would be great though, something less interactive...

[cristianoccazinsp]

Would love it, would bring pip closer to "npm" somehow. It's pointless to list ALL outdated packages (even the ones not in your requirements file) since most of them are dependencies you don't even control or can't update directly.

[bhrutledge]

FWIW, I wrote up a way to do this if you're using pip-tools, by leveraging one of several other tools that operate on requirements files: https://github.com/bhrutledge/pip-tools-outdated.

See also jazzband/pip-tools#1167.

[Shivansh-007]

I would like to work on this issue 👍🏻. Do I get assigned or I can just come up with PR directly?

[PhrozenByte]

Just a quick note for other people searching for a solution to this: The following will list outdated packages from a requirements.txt:

pip install --upgrade -r requirements.txt --dry-run --quiet --report - 2> /dev/null \
    | jq -r '.install[] | "\(.metadata.name)  \(.metadata.version)"'

Since pip install --report is printing a JSON report, you'll also need jq. There's no formatted output and we don't include the currently installed versions, but it might be good enough to learn which packages can be upgraded with a requirements.txt in mind.

Please note that this won't edit requirements.txt (like many proposed solutions elsewhere), i.e. if you freeze all versions in your requirements.txt you won't ever see outdated packages, simply because no other version will ever meet the version constraint.