Dependency version control [closed]

2

Usage python , Django on a server with CloudFoundry installed. There, I keep my requirements.txt with all dependencies of my application and, for security, I always keep the exact name of the version of each plugin to avoid unexpected crashes due to incompatibility with new versions.

Werkzeug==1.0.0.2
Django==1.11

What are the best practices to keep my dependency versions in a "serious" (large) application? I subscribe to the e-mail distribution lists of each plugin to receive updates information but they do not always exist.

I imagine this question applies to other frameworks.

    
asked by anonymous 14.08.2017 / 18:53

1 answer

2

I've seen some projects using external service badges like the link

They have a free plan for open source projects and paid plans.

You can also run pip list -o which will list the packages that have update available, you can put this command running once a day in your CI and have an alert if the command has some output.

    
15.08.2017 / 17:16