dephell deps outdated

Show outdated project dependencies. It compares latest package version on PyPI and version in the lockfile or project environment and shows packages that version is different.

Place to get dependencies from lookup:

  1. If to format is a lockfile (piplock, pipfilelock or poetrylock) dependencies from this file will be used.
  2. If to isn’t specified and from is a lockfile dependencies from this file will be used.
  3. Otherwise it uses common Python environment lookup. TL;DR: project venv, current venv, python from config, python from dependencies file, current interpreter.

Some packages can have different version because their latest version incompatible with some other project dependencies, and DepHell’s dependency resolver has locked their older (compatible) version. These packages also will be listed in the dephell deps outdated command output because explicit better than implicit.

This command returns non-zero code if some vulnerabilities was found, so you can use it on CI.

Usage

Show all outdated packages:

$ dephell deps outdated

[
  {
    "description": "More routines for operating on iterables, beyond itertools",
    "locked": "6.0.0",
    "latest": "7.0.0",
    "name": "more-itertools",
    "updated": "2019-03-28"
  },
  ...
]

Filter only package name and latest release upload time:

$ dephell deps outdated --filter="#.name+updated.each()"
INFO get packages from project environment (path=/home/gram/.local/share/dephell/venvs/dephell-nLn6/main)
[
  {
    "name": "more-itertools",
    "updated": "2019-03-28"
  },
  ...
]

See also

  1. How DepHell choose Python environment.
  2. How to filter commands JSON output.
  3. dephell deps audit to check dependencies for known vulnerabilities.
  4. dephell package list to show information about installed packages.
  5. dephell package show to get information about package.
  6. dephell venv create to create virtual environment for dependencies.
  7. dephell package install to install a single package.