Add an upgrade-all command

[pradyunsg]

Ref: #59
Blocked by: #988

Moving the discussion of upgrade-the-world functionality to a separate issue. It doesn't make sense to start this discussion until there's a dependency resolver added.

[RonnyPfannschmidt]

it doesnt make sense to add an upgrade_all command until there is a curated package repository

[nschloe]

https://github.com/nschloe/pipdate does something like a makeshift global upgrade. Be aware though that upgrading can break things.

[sebma]

@nschloe

https://github.com/nschloe/pipdate does something like a makeshift global upgrade. Be aware though that upgrading can break things.

You're absolutely right, it can break things ! 👍

[achillesrasquinha]

Here is my attempt of an "almost" robust solution - pipupgrade. Also handles packages that break change.

[nlhkabu]

As this ticket is blocked by the development of the dependency resolver (#988), I thought I would mention here that the team is looking for help from the community to move forward on that subject.

We need to better understand the circumstances under which the new resolver fails, so are asking for pip users with complex dependencies to:

1. Try the new resolver (use version 20.1, run --unstable-feature=resolver)
2. Break it :P
3. File an issue

You can find more information and more detailed instructions here

[techtanic]

I think this issue can now progress

[uranusjr]

Well said, now we need someone to actually progress things. Any volunteers?

[JensTimmerman]

@uranusjr I volunteer, any tips on getting started?

[Bengt]

Basic workflow might be something like this:

python -m venv venv
venv/bin/python -m pip list --format freeze | \
    grep --invert-match "pkg-resources" | \
    cut  --delimiter "=" --fields 1 | \
    xargs pip install --upgrade

Note that this installs / upgrades all the packages of the virtual environment in one pip install command. If I understand correctly, pip should therefore resolve all their dependencies and upgrade only to versions without conflicts. An upgrade-all command could thus be a wrapper like this around the pip list and pip install subcommands. Can somebody more knowledgeable about pip please confirm?

[JensTimmerman]

I would filter with the --outdated argument in the pip list ;)
And for the concern with the virtual env not updating global packages, probably also with the --local filter?

or would we let this up to the user, who can suply --local and --user and --path ?

[Bengt]

Hi, @JensTimmerman. I did not use the --outdated flag on purpose. The pip install command resolves the dependencies only of those packages being (re-)installed or upgraded (at least to my knowledge).

[JensTimmerman]

@Bengt got it! we'll leave the filtering up to the user!

However, I'm not seeing the difference in practice, if the packages are not outdated, and not new dependencies of packages that are outdated, they don't need to be considered?

If a package has a dependency that is outdated, the dependency will show up in the list of outdated packages right?
If it's a new dependency, then the package has to be outdated, otherwise there couldn't be a version with a new dependency?

Or am I missing something?

[Bengt]

@JensTimmerman I am not sure that I get what you are saying. However, an issue can arise if a current package depends on an outdated dependency: pip list --outdated would list the dependency, but not the dependent package. Thus, pip install --upgrade on only the outdated package would install a version of the dependency package which is incompatible with the dependent package. Only when we run pip install on all the packages, these kinds of issues can be avoided.

[JensTimmerman]

I made a new attempt at implementing a upgrade-all command. in #10491
All feedback is welcome.

[kdeldycke]

FWIW, my Meta Package Manager project can emulate the missing upgrade-all command for pip with:

$ mpm --pip upgrade --all

[rdbreak]

Until an --upgrade-all option is officially supported, this did the trick for me:

pip list --outdated | grep -Ev "Package|^-" | awk '{print $1}'| while IFS= read -r line ; do pip install "$line" -U ; done

[sbaack]

Until an --upgrade-all option is officially supported, this did the trick for me:

pip list --outdated | grep -Ev "Package|^-" | awk '{print $1}'| while IFS= read -r line ; do pip install "$line" -U ; done

I think there are enough shell scripts doing this already. The problem is that this might cause compatibility issues.

But, I wonder if there is already a 'safe' way to do an upgrade all command by now? If we take the output of pip list --not-required(to only get top-level dependencies) and pass it to pip install --upgrade-strategy=eager, this would use pip's dependency resolver? Meaning it would update both top level and transitive dependencies to the latest versions that don't create version conflicts in the current environment?

[ttc0419]

Folks, let's keep the discussion about managing system packages separate from this request. That's a different problem related to interaction of lots of tools. It's being tackled separately, and there's likely going to be a PEP and a bunch of process changes in various communities to properly solve that problem.

This feature request is purely a pip-specific feature, about "I have a bunch of packages in an environment, and I want to bump them to the current latest version". That's a different thing from "is pip supposed to manage packages in an environment".

Hi, it seems the blocker is resolved, what's the current state of this feature? Are there any plans to implement it?

[pfmoore]

#10491 seems to have stalled, and no-one else is working on it as far as I am aware.

[sublimeclemency]

okay. when can this command be added? it has been 6 years

[uranusjr]

Feel free to submit a pull request.

[JensTimmerman]

Feel free to submit a pull request.

#10491 is open for feedback

[mcp292]

Bump.

[utkonos]

Linux/macOS with jq:

pip list -o --format json | jq -r '.[].name' | xargs -n 1 pip install -U

Windows with jq:

for /F %i in ('pip list -o --format json ^| jq -r ".[].name"') do pip install -U %i

jq, if not already installed:
https://jqlang.github.io/jq/download/

[vbrozik]

@utkonos It is better not to use -n 1 with xargs. This allows pip avoid breaking version dependencies among packages being upgraded. Unfortunately this still fails if the dependent package is not being upgraded. To allow this dependency check I think it is better to simply upgrade all the installed packages instead of just old ones:

pip list --format json | jq -r '.[].name' | xargs pip install -U

pip will just show notifications for packages which are already at the latest version:

Requirement already satisfied: attrs in ./.venv/lib/python3.10/site-packages (24.2.0)

Code in PowerShell (quickly tested in Windows and Linux):

python -m pip install -U (pip list --format json | ConvertFrom-Json | ForEach-Object { $_.name })

[utkonos]

pip list -o --format json | jq -r '.[].name' | grep -v urllib3 | xargs -n 1 pip install -U

I have found this one useful as well for when a particular library lags behind or for any other reason needs to be skipped no matter what.

[frbelotto]

This might not be the purpose of the discussion, but I started to use poetry as package manager and I am enjoying it a lot . Maybe a very google alternative to handle with pip limitations

[notatallshaw]

Yes, higher level environment managers like poetry (and rye, pdm, conda, uv, pip-tools, etc.) are better suited to doing an upgrade all.

They can remove or downgrade transitive dependencies, because they have some understanding of what packages are required or requested by the user, whereas pip only understands what's in the environment now.

Pip, alas, only focuses on installing, it doesn't try to manage the environment itself. Users with those needs should look at those packages (I'm personally following uv as it supports features like constraints that were not as simple in poetry). Or look at writing their own scripts that wraps pip commands.

[JensTimmerman]

@notatallshaw I have this exact problem with uv, it refused to install or update some packages because it claims it cannot satisfy the dependencies, I don't want it to satisfy the dependencies, I want it to update all packages to the latest versions.
This is something pip can do, because it knows of all the packages, and it can look up their latest versions.

[notatallshaw]

I don't want it to satisfy the dependencies, I want it to update all packages to the latest versions. This is something pip can do, because it knows of all the packages, and it can look up their latest versions.

If you don't mind likely breaking your environment you can do it with pip like this:

$ python -m pip freeze --quiet --exclude-editable | sed 's/==/>=/g' > upgrade-all.txt
$ python -m pip install --no-deps --upgrade -r upgrade-all.txt

But to be clear, because pip is just getting the latest version of each package and not resolving dependencies:

• If new versions of packages have new dependencies they won't be downloaded and functionality will likely break
• If the latest version of existing packages conflict with each other they will be installed anyway and functionality will likely break

Pip is not going to provide that as standard functionality.

[vbrozik]

@notatallshaw

because pip is just getting the latest version of each package and not resolving dependencies

The solution taking into account dependencies is already here, just few messages above yours:

2024-09-03

# Unix shell:
pip list --format json | jq -r '.[].name' | xargs pip install -U

# PowerShell:
python -m pip install -U (pip list --format json | ConvertFrom-Json | ForEach-Object { $_.name })

I am not sure if I tested the solution with editable installs but I think it will work with them.

Just a thought about discussions here

Why do we have discussions if older communication gets ignored? 🤔

[notatallshaw]

The solution taking into account dependencies is already here

Yes, I was replying to a request that specifically said they did not want to resolve dependencies, they just wanted the latest version of every package. As soon as you do take into account of dependencies you might not get the latest version of every package and you might get an error if your environment already has conflicting dependencies.

It's obviously not a good idea, but that was the request.

[JensTimmerman]

@notatallshaw oh I know it's possible, I'm using my own solution now, (#10491)