show outdated constraints

[jstriebel]

• I have searched the issues of this repo and believe that this is not a duplicate.
• I have searched the documentation and believe that my question is not covered.

Feature Request

The version constraints in pyproject.toml are often used to prevent backwards-incompatible upgrades, e.g. the caret-notation for packages that follow semantic versioning. It would be helpful to get an overview of all constraints that prevent to install the newest available version of the package. An example:
I installed some_package with the ^3.4.2 constraint in the pyproject.toml, since that was the newest version at that point. Now I want to know if a version >= 4.x was published, so I can check if I want to upgrade to it and possibly see the changelog for upgrade instructions.
Being able to check this for all constraints at once, e.g. via poetry show --outdated-constraints, would be very helpful. This is similar to poetry show --outdated, but just operates on the entries in the pyproject.toml and not all sub-dependencies, and does not include updates that might possibly work with poetry update (if cross-dependencies do not forbid them).

This is a small POC that implements such an overview:

#!/usr/bin/env python3
from typing import cast, Dict
import toml
import urllib.request, json 
from poetry.core.semver import parse_constraint, Version


def get_json(url: str):
    with urllib.request.urlopen(url) as url_request:
        data = json.loads(url_request.read().decode())
        return data


def update(deps: Dict) -> None:
    for key, val in deps.items():
        if key == "python":
            continue

        if isinstance(val, str):
            current_version = val
        elif isinstance(val, dict) and "version" in val:
            current_version = val["version"]
        else:
            raise ValueError()

        newest_version = get_json(f"https://pypi.org/pypi/{key}/json")["info"]["version"]
        if not parse_constraint(current_version).allows(Version.parse(newest_version)):
            print(f"{key:18} | {current_version:8} | {newest_version:8}")


with open('./pyproject.toml', 'r') as f:
    t = cast(Dict, toml.loads(f.read()))
    print(f"{'dependency':18} | {'current':8} | {'newest':8}")
    print("–" * 40)
    update(t['tool']['poetry']['dependencies'])
    update(t['tool']['poetry']['dev-dependencies'])

Thanks for considering this! And thanks for your awesome work on poetry!

[dimbleby]

cf #4342

[KotlinIsland]

I think poetry show --outdated should not show transitive dependencies.

[pySilver]

I agree. Its a pain to lookup what direct deps are outdated or not.

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.