- Skip type checking blocks whether future annotations are used (#662)
https://github.com/fpgmaas/deptry/compare/0.16.0...0.16.1
Imports guarded by typing.TYPE_CHECKING when using from __future__ import annotations are now skipped. For instance:
from __future__ import annotations
from typing import TYPE_CHECKING
if TYPE_CHECKING:
# This import will not be extracted as it is guarded by `TYPE_CHECKING` and `from __future__ import annotations`
# is used. This means the import should only be evaluated by type checkers, and should not be evaluated during runtime.
import mypy_boto3_s3See https://deptry.com/usage/#imports-extraction for more information.
On projects using pip requirements format for defining dependencies, if requirements_files option is not overridden,
deptry will first search for a requirements.in file before requirements.txt, to better support projects using
pip-tools and the like (which includes uv and Rye) out of the box. If you use requirements.in and want deptry to
use requirements.txt, you can either pass --requirements-files requirements.txt when invoking deptry, or set the
option in pyproject.toml:
[tool.deptry]
requirements_files = ["requirements.txt"]- Skip type checking blocks when parsing imports (#652)
- Search for
requirements.inbeforerequirements.txton projects usingpiprequirements format for dependencies (#641)
- Show module name instead of library name when reporting DEP003 (#644
- Better support for notebooks by handling magic commands and line continuations (#656)
https://github.com/fpgmaas/deptry/compare/0.15.0...0.16.0
-
In release 0.12.0, we announced the deprecation of the following flags:
--ignore-unused--ignore-obsolete--ignore-missing--ignore-misplaced-dev--ignore-transitive--skip-unused--skip-obsolete--skip-missing--skip-misplaced-dev--skip-transitive
These flags are now no longer supported. If you are still using these flags and are planning to upgrade to this release, please refer to the release notes of 0.12.0 for instructions on how to migrate to the new method of configuration. (#596)
- The options
requirements-txtandrequirements-txt-devare replaced withrequirements-filesandrequirements-files-dev, respectively, to provide better support for projects that use both arequirements.inand arequirements.txt. The legacy options will still be usable for the time being, with a warning being shown in the terminal, but they will be removed in a future release, so you are advised to migrate to the new ones. (#609)
- Implement the collection of all Python files to be scanned by deptry in Rust (#591)
- Implement import extraction for notebooks in Rust (#606)
- Use ruff's AST parser for import extraction from Python files. This also adds support for files with Python 3.12 f-string syntax, see PEP 701. (#615)
- Improved logging of the detected imports and their locations when deptry is run in verbose mode (#627)
- Introduce the
--pep621-dev-dependency-groupsflag that allows users to specify which groups under[project.optional-dependencies]are considered development dependencies (#628)
- Add back the license classifier, which was lost during the transition from Poetry to PDM in (#624)
- Remove upper bound on
requires-python(#621) - Moved the documentation to deptry.com (#630)
https://github.com/fpgmaas/deptry/compare/0.14.2...0.15.0
This release adds back MIT license classifier in package metadata, that was lost when changing the build backend (#623).
https://github.com/fpgmaas/deptry/compare/0.14.1...0.14.2
This release improves runtime performance of built wheels by about 5%, and reduces their size (#594).
PyPy wheels are now also published on PyPI (#612).
- Improve handling of comments in
requirements.txtfiles (#588) - Avoid process hanging on error when parsing Python files (#619)
https://github.com/fpgmaas/deptry/compare/0.14.0...0.14.1
This release significantly improves the speed of deptry, particularly for large projects, by utilizing Rust to manage the parsing of Abstract Syntax Trees (AST) from .py files and to extract the import statements. For some benchmarks, see below:
Since the changes are all in the back-end, little has changed for the user other than the execution speed. The two minor notable changes are:
- Improved identification of
columnidentifier in imports detection. Where earlier the column identifier for an imported modulefooin the lineimport foowould be0, it now points to column8.
Where earlier releases published a single .whl file to PyPI, with the move to Rust we now build and publish wheels for a variety of platforms and architectures. More specifically, wheel files for the following combinations are now available on PyPI:
- Linux: ABI3 wheels for
x86_64andaarch64architectures. - Windows: ABI3 wheels for the
x64architecture. - macOS: ABI3 wheels for
x86_64andaarch64(Apple Silicon) architectures.
Alongside the ABI3 wheels, we provide a source distribution (sdist) package.
https://github.com/fpgmaas/deptry/compare/0.13.0...0.14.0
- deptry will now report invalid configuration options defined in
pyproject.toml(#571)
- Stricten URL detection to avoid flagging libraries like
httpxas URLs (#570)
https://github.com/fpgmaas/deptry/compare/0.12.0...0.13.0
This release introduces a significant change to the command-line flags and configuration options to make use of the error codes introduced in release 0.10.0.
| Code | Issue |
|---|---|
| DEP001 | Missing dependency |
| DEP002 | Unused/obsolete dependency |
| DEP003 | Transitive dependency |
| DEP004 | Misplaced development dependency |
- Replaced --skip-unused, --skip-obsolete, --skip-missing, --skip-misplaced-dev flags: We have replaced the currently existing flags with the more generalized
--ignoreflag. Now, instead of skipping types of checks, you can specify the exact error codes to ignore using the--ignoreflag (e.g.,deptry . --ignore "DEP001,DEP002"to ignore checking for missing and unused dependencies).
The changes are also reflected in pyproject.toml. For example,
[tool.deptry]
skip_missing = true
skip_unused = trueis superseded by
[tool.deptry]
ignore = ["DEP001", "DEP002"]- Replaced --ignore-unused, --ignore-obsolete, --ignore-missing, --ignore-misplaced-dev flags: Previously, specific checks for spefific dependencies/modules could be ingored using the
--ignore-<code>flags. We are replacing these flags with the more generalized--per-rule-ignoresflag. This flag allows you to specify dependencies that should be ignored for specific error codes, offering granular control over which errors are ignored for which dependencies. For instance,deptry . --per-rule-ignores DEP001=matplotlib,DEP002=pandas|numpymeansDEP001will be ignored formatplotlib, whileDEP002will be ignored for bothpandasandnumpy.
The changes are also reflected in pyproject.toml. For example,
[tool.deptry]
ignore_missing = ["matplotlib"]
ignore_unused = ["pandas", "numpy"]is superseded by
[tool.deptry.per_rule_ignores]
DEP001 = ["matplotlib"]
DEP002 = ["pandas", "numpy"]Please note that while the legacy arguments are still functional as of Deptry 0.12.0, we do plan to remove them in a future 1.0.0 release.
- Consider all groups for dev dependencies (#392)
- Handle
SyntaxErrorraised byast.parse(#426)
https://github.com/fpgmaas/deptry/compare/0.11.0...0.12.0
--skip-obsoleteCLI option and itsskip_obsoletecouterpart inpyproject.tomlare being replaced with--skip-unusedandskip_unused, respectively--ignore-obsoleteCLI option and itsignore_obsoletecounterpart inpyproject.tomlare being replaced with--ignore-unusedandignore_unused, respectively
This is done to account for a wording change, as we are replacing "obsolete" with "unused", since it has a clearer meaning for users.
The legacy options will still be usable for the time being, with a warning being shown in the terminal, but they will be removed in a future release, so you are advised to migrate to the new ones.
- Load gitignore from where CLI is invoked (#380)
https://github.com/fpgmaas/deptry/compare/0.10.1...0.11.0
- Fix terminal output when only a single file is scanned (#372)
- Fix issue with
DEP004being raised incorrectly when a dependency is defined both as a dev one and non-dev one (#376)
Release 0.10.0 of deptry brings a significant improvement to the way in which issues are reported. Previously, issues were reported in a summarized format, making it difficult for users to pinpoint exactly where in the code the issue was occurring. This is resolved by fpgmaas#357, which adds location information to the detected issues.
fpgmaas#367 adds error codes to identify the different issue types:
| Code | Issue |
|---|---|
| DEP001 | Missing dependency |
| DEP002 | Obsolete dependency |
| DEP003 | Transitive dependency |
| DEP004 | Misplaced development dependency |
Here's an example of how issues are now reported in release 0.10.0:
foo/bar.py:11:11: DEP002 'an_import' imported but missing from the dependencies
foo/bar.py:12:11: DEP002 'another_import' imported but missing from the dependencies
foo/baz.py:13:11: DEP003 'cfgv' imported but it is a transitive dependency
pyproject.toml: DEP001 'pandas' defined as a dependency but not used in the codebaseThe json output generated by using the -o or --json-output is also modified to include the new error codes and location information:
{
"error": {
"code": "DEP001",
"message": "'seven' imported but missing from the dependency definitions"
},
"module": "seven",
"location": {
"file": "foo/bar.py",
"line": 2,
"column": 0
}
}Support for Python 3.7 has been dropped in fpgmaas#352, given that it will reach end of life soon, and that PyPI stats show a really low usage of it. If you are using deptry on Python 3.7, consider upgrading to 3.8, or staying on <0.9.0.
In case packages don't provide the Python modules they expose, deptry tries to guess the package name by converting - to _, as a best effort, and warns about it in the logs. Before fpgmaas#337, deptry always guessed the module name, regardless of if the package provided the necessary information or not. Now, it will only guess the module name if the package does not provide the information and no mapping has been provided using the new --package-module-name-map flag (or package_module_name_map option in pyproject.toml).
With fpgmaas#285, deptry will now consider the following things as local modules:
- directories without
__init__.py(and at least one Python file) - single Python files
Previously, deptry only considered directories as local modules if an __init__.py was present, and did not account for cases where a single Python file could also be a local module, alongside directories.
- Drop support for Python 3.7 (#352)
- Only try to guess module associated to a dependency as a fallback for when the package doesn't provide such information (#337)
- Handle local modules without
__init__.py(#285) - Ability to configure a map of package names to module names (#333)
- Run tests on macOS and Windows on CI (#342)
- Don't filter out
setuptools(#262) - Use
sys.stdlib_module_namesto get stdlibs in Python >= 3.10 (#275)
- Drop
flake8to only useruff(#268) - Use more
ruffrules and replacepyupgradeandpygrep-hooksusages (#276)
Previously, deptry always searched for a pyproject.toml file in the root directory passed as a positional argument to the deptry command. Since this is not in line with what most other tools in the ecosystem do, this is changed in release 0.7.0.
In previous releases, when running:
deptry srcdeptry would search for both a pyproject.toml and for Python files to scan in the src directory.
Since this release, when running:
deptry srcdeptry will search for pyproject.toml in the location it is run from, and for Python files to scan in the src directory.
The downside of the changes outlined above, is that this could break some projects that did explicitly want to find pyproject.toml in a directory other than the positional argument specified as root. For this purpose, release 0.7.0 adds a --config argument that can be used to explicitly pass the location of pyproject.toml.
- Separate
pyproject.tomllocation fromrootargument (#244) - Expose and handle
--configargument (#245)
- Add .direnv to default exclude argument (#197)
- Add logic to
NotebookImportExtractorto guess the encoding on initialUnicodeDecodeError(#216)
- Decrease lower bound of
chardetdependency to4.0.0(#205)
No user facing change.
- Add support for PEP 621 (#166)
- Remove obsolete duplicated local import detection (#172)
- Add hook for usage with
pre-commit(#157)
- Solve issue with importing from local files (#163)
- Add support for PEP621 with PDM (#155)
- Add support for Python 3.11 (#152)
- Accept multiple
requirements.txt(#141)
- Remove dependency on
isort(#140)
No user facing change.
- Fix issue with logging if no
[tool.deptry]section was found inpyproject.toml(#134)
No user facing change.
- Add option to write output to JSON file (#125)
- Replace
tomlwithtomli/tomllibfor parsing TOML (#123)
- Rename
DIRECTORYargument toROOT(#121)
- Add a summary line to the logging (#120)
- Set Python version upper range to
<4.0(#117)
- Extract top level module names from
RECORD(#116)
- Parse
egg=...in urls forrequirements.txt(#115)
- Support regexes for file exclusions (#111)
- Only decode files if initial decoding failed (#105)
- Detect file encoding with
chardetbefore parsing Python files (#103)
No user facing change.
- Add support for reading dependencies form urls in
requirements.txt(#100)
- Solve an issue where missing dev dependencies were added to the list as
None(#99)
- Add a warning to not install
deptryglobally, but within virtual environment (#)
- Fix an issue with
requirements.txtnot being found if not in root dir (#94)
- Ignore
setuptoolsandsetup.pyby default (#88)
- Add support for
requirements.txt(#87)
No user facing change.
- Use commas to separate items in CLI arguments (#87)
- Add
--extend-excludeoption (#76)
No user facing change.
- Guess top level name of modules by replacing
-with_(#73)
- Handle conditional dependencies (#65)
- Decrease lower bound of
clickdependency to8.0.0(#205)
No user facing change.
No user facing change.
No user facing change.
No user facing change.
- Fix issue with relative imports (#54)
- Add check for misplaced development dependencies (#51)
No user facing change.
- Add
--versionargument to the CLI to displaydeptry's version (#47)
- Add check for missing and transitive dependencies (#43)
No user facing change.
- Add support for Python 3.7 (#27)
- Improve logging statements (#25)
- Improve logging when package name is not found (#25)
- Parse imports within
if/elsestatements (#23)
No use facing change.
- Replace
deptry checkcommand withdeptry(#21)
- Add ability to specify the root directory (#13)
- Add support for Jupyter Notebooks (#11)
- Add mapping for common packages without metadata (#1)
Initial release