“Removing upper version bounds is important when publishing libraries.”
That makes total sense! The article however was written as someone creating websites, not libraries. And when I consume dependencies in my web project, I do want those upper bounds to prevent breaking changes (assuming the dependencies respect SemVer of course).
Thanks for pointing out that config, I’ve updated the article.
What you’re saying makes sense for library authors. But when I make a website and I depend on a bunch of packages, that’s where I want to be safe when upgrading and I want that upper bound. The —-bound flag really helps, but is one more thing to type and remember.
Maybe when uv knows the project isn’t a library it could default to upper bounds?
The lack of an upper bound in pyproject.toml isn’t the real problem. The real problem is that `uv lock —-upgrade` does a wholesale upgrade of everything without an upper bound. If there was a way to upgrade packages without updating the major version, this command would be a lot safer to run.
Author of the article here. Sorry it comes across as “clickbait style” when actually it’s simply Dutch bluntness and honesty
poetry update also updates the lockfile. I really think the way the uv cli is organized makes it quite annoying to work with. It’s designed for correctness, for machines, not for user-friendliness.
Yeah, you'd have to outsource the payment processing completely to a third party, which handles everything like updating payment methods etc. Stripe payment links might work well, although I have no experience with them.
I wouldn't want to give my credit card info to a CLI. When it's on the web I can see if the connection is encrypted, I can (usually) see who the payment processor is (like Stripe). What happens with my credit card number that I enter into the CLI? How is it sent, where does it get stored, etc.
You also wouldn't be able to support Apple Pay or Google Pay, or international payment methods (like iDEAL in The Netherlands).
Payments seem like a huge problem to go pure CLI without a web UI.
Though this makes me wonder why are there 2 ways of viewing outdated packages, with wildly different output? The UX is mess...