Skip to content

Dependency management issue: hard-pinned dependencies limit library usability #107

Description

@sagostinho-nvidia

Hello

I'd like to report a usability issue related to how the project specifies its dependencies in pyproject.toml + requirements.txt.

Problem:

The library hard-pins exact versions for all its dependencies (e.g., opencv-python==4.10.0.84, numpy==1.26.4, etc.). This makes it very difficult to integrate the library into a broader Python project that has other dependencies requiring more flexibility in versions, and produce a compatible python environment, via tools like uv, Poetry or pip-compile.

This practice treats abstract requirements (version ranges that describe API/behavior compatibility) as if they were concrete requirements (exact versions needed to reproduce an environment). The former is appropriate for libraries; the latter is appropriate for applications. For more discussion on the matter see https://packaging.python.org/en/latest/discussions/install-requires-vs-requirements/

Why this matters:

Hard-pinning dependencies in a library leads to:

  • Dependency conflicts for downstream users
  • Inflexibility in environments with shared or layered dependencies
  • Increased maintenance burden for users who must override or manually patch requirements

Expected behavior:

Library dependencies should be declared using version ranges (e.g., requests>=2.25.0,<3.0.0), not exact pins. Exact pins, if needed, should be used in lockfiles (e.g., requirements.txt) for development or CI environments, not in the installable package metadata. These concepts are conflated in this project when in general they should be kept separate.

Suggested fix:

  • Update [project.dependencies] to use appropriate version ranges.
  • Retain hard pins only in dev/testing lockfiles (in this caserequirements.txt) as needed.

This would greatly improve compatibility and usability for anyone integrating the library into larger projects.

Thank you.

Metadata

Metadata

Labels

P1High prioritydocumentationImprovements or additions to documentation

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions