Skip to content

feat: add dependency-range bump utility (scripts/bump_deps.py)#382

Draft
mkitti wants to merge 3 commits into
JaneliaSciComp:mainfrom
mkitti:add-bump-deps-script
Draft

feat: add dependency-range bump utility (scripts/bump_deps.py)#382
mkitti wants to merge 3 commits into
JaneliaSciComp:mainfrom
mkitti:add-bump-deps-script

Conversation

@mkitti

@mkitti mkitti commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds scripts/bump_deps.py, a utility that automates bumping Python dependency
version ranges in pyproject.toml to include the latest released versions —
the manual process used in #381. Implements docs/dependency-update-spec.md.

What it does:

  • Reads the in-scope tables ([project].dependencies,
    [tool.pixi.dependencies], [tool.pixi.feature.*.dependencies],
    [dependency-groups].*), classifying each package as synced / conda / pypi-only.
  • Resolves "latest" via pixi search (conda-forge, binding for the lock) and the
    PyPI JSON API (PyPI-only first-party deps like x2s3, py-cluster-api, build).
  • Rewrites specs to >=LATEST,<NEXT (0ver-aware), preserving each spec's shape and
    keeping [project] / [tool.pixi] byte-identical, via anchored,
    formatting-preserving edits.
  • Caps synced packages at the conda-available version when conda-forge lags PyPI,
    and reports the divergence.
  • Flags major bumps loudly; can regenerate pixi.lock (--lock) and run the
    backend suite (--test).
  • --dry-run (default), --write, --exclude/--only, --bump-open-floors,
    --allow-prerelease, --json.

Run it with pixi run bump-deps (added as a pixi task).

Validation: exact reproduction of #381

Run against the pre-#381 manifest, the script proposes 17 of 17 changes
identical to #381's hand-edited result, including the three major bumps
(cachetools 6→7, pandas 2→3, pytest 8→9). It also independently reproduced #381's
uvicorn judgment call — capping at conda-forge 0.48.0 while noting
"PyPI 0.49.0 ahead of conda-forge 0.48.0".

Tests

tests/test_bump_deps.py — 35 unit tests covering spec parsing, NEXT computation
(0ver vs semver + per-package overrides), shape preservation, name/extras
stripping, rewrite disambiguation/idempotence, and version resolution with mocked
registries. All pass.

Notes

  • Edit + lock + test only; git/PR creation is intentionally left to a wrapper/CI
    (spec §10 option A).
  • The backend --test step should run on a clean checkout — suite collection can
    break on stray untracked test files (spec §9).

🤖 Generated with Claude Code

mkitti and others added 3 commits June 4, 2026 04:16
@mkitti @claude
feat: add dependency-range bump utility
bf3a07e 
Add scripts/bump_deps.py, a CLI that bumps Python dependency version
ranges in pyproject.toml to include the latest released versions,
following the repo's >=LATEST,<NEXT convention and keeping the PyPI
([project]) and conda ([tool.pixi]) specs in sync. Resolves versions
via `pixi search` (conda-forge) and the PyPI JSON API, rewrites specs
with anchored formatting-preserving edits, and can regenerate pixi.lock
and run the backend tests. Implements docs/dependency-update-spec.md.

Includes tests/test_bump_deps.py covering the pure logic (spec parsing,
NEXT computation, shape preservation, rewrite disambiguation/idempotence)
and version resolution with mocked registries.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@mkitti @claude
chore: add bump-deps pixi task
78f8fbb 
Wire scripts/bump_deps.py into pixi as `pixi run bump-deps`.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@mkitti @claude
docs: add dependency-range update spec
faa5b3e 
The design spec for scripts/bump_deps.py (origin: manual process in PR JaneliaSciComp#381).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mkitti