+-----------------------------------------------+ |The views and thoughts below are purely my own.| +-----------------------------------------------+
This post was written 2025-07-31
pip-tools v7.5.0
Yesterday we released pip-tools v7.5.0!
This is the first release for pip-tools in over a year.
A large amount of the effort for this release was focused on fixing
infrastructure to make the release possible at all.
The Changes
The best way to understand changes as a user is to look at the changelog.
In this post, I’ll try to go a little bit deeper to share what has changed in the project.
Our changelog lists only 14 changes, and 7 contributors, but in fact there’s a lot this doesn’t cover. Many contributions are deemed internal to the project, and don’t appear in the changelog. And even for those which do appear, we are often indebted to users and members of the Python community who come forward with reports, MREs, workarounds, and key insights.
How can we understand the size and scope of the changes? Lines of change, number of contributors, and number of PRs merged are all incomplete views. I think we can break down the changes into one wholly new feature and a lot of fixes.
Statically Parsing pyproject.toml
Way back in December 2023, @hauntsaninja
contributed a changeset
which parses pyproject.toml data (e.g., project.dependencies) without doing a build.
It finally got merged in March 2024.
The static parsing path is faster, for some projects by a lot! It’s a nice improvement, and shows the value of having standards for these data.
When static parsing can’t be done, we failover to doing a build step to collect metadata.
Improvements to the Output Writer
pip-compile output is a type of requirements.txt data, a format specific to
pip but understood by a variety of tools (often by invoking pip).
But pip-compile output is actually enriched in a lot of ways via the
structured comments which are placed throughout the file, and we have a strong
expectation of stable outputs which make the results of pip-compile
auditable, understandable, and consistent.
The output flows through an internal component called the Output Writer, and it got several tweaks over the past year of activity.
In March 2024, @mjsir911
fixed a bug which produced
bad header data in the pip-compile output, containing options like
--no-reuse-hashes which are meant to be omitted.
A month later, in late April, @sethmlarson
contributed a patch which
fixes the ordering of --only-binary and --no-binary options.
In early May, @macro1 made
some changes to ensure that relative paths are preserved for editable (-e)
paths.
In November of 2023, @AndydeCleyre started work on an improvement to ensure that package extras are normalized to lowercase and hyphenated, and it finally merged in May of 2024.
As data passes back and forth between pip-tools and pip’s internal
(non-public API) components, maintaining stable output becomes difficult.
When I came into the project in 2025, focused on fixing incompatiiblities, the
Output Writer’s behavior was one of the main areas impacted by
the latest pip versions.
As noted in a few of these PR, this isn’t purely a formatting problem:
pip-tools needs to keep track of data about the initial user requirements,
and use that data to format good output.
CI, Maintenance, and Compatibility
A large part of the activity over the past year was focused on testing and maintaining the project. In fact, there’s so much to cover here that it’s hard to choose where to focus.
A large slew of changes bumped and tweaked versions of testing tools and requirements – including automated bumps via dependabot and pre-commit-ci.
In particular, @chrysle deserves a shoutout for several changes like this small tweak to keep the testsuite working with pip versions 24.1+, and this bit of cleanup to out-of-spec test data. Other contributors chipped in on this front as well. @WhyNotHugo worked on some improvements to type annotations and @macro1 fixed lint failures
Behind the scenes, @webknjaz worked steadily on necessary infrastructural work like this multi-fix combination PR.
And when I got involved in mid-2025, the main order of business was to pull together improvements like this combination of fixes to get things into good condition.
The People
I’ve written down a lot of detail about what changed, but equally importantly
there’s been a major shift in who is working on pip-tools.
A lot of the past maintainers have moved on from the project. And in late-2024 to early-2025, it didn’t seem that we were in a good position to drive fixes and releases.
@webknjaz was one of the only active maintainers, but he wasn’t in the lead role on the project.
We met up at PyCon US in late May, and started tinkering together on CI cleanup
for pip-tools.
We also spent a few minutes with @jezdez,
and are now back on track with
one active lead on pip-tools
and likely another to be added.
This is an Open Source community at work. We talk together, we meet, we discuss, and we solve the problems that need solving.
Personal Note & the Future of pip-tools
I initially got involved as part of my quest to make [dependency-groups] a
first-class part of the Python development experience.
My first PR against the project – still unfinished – was only this past year,
in April,
to add support for a --group flag.
I’d like to circle back to that work, but it’s not my top priority for the
project now that I’m a maintainer.
We have a decent sized backlog and several outstanding PRs to review. I’ll be spending the coming months on issue triage and necessary fixes. I’d like to revisit some of our very old issues to see which ones are still relevant.
Moving forward, pip-tools is not going to get away from depending directly on
pip internals anytime soon.
Maybe not ever (though you never know!).
But I’ll be looking for ways of making things less fragile.
And since working on pip-tools requires familiarity with pip components, I
hope that means I can grow as a pip contributor as well.
Getting involved in this project has been incredibly gratifying. Thanks to everyone who helped make this work possible! And especially, a huge shoutout to @webknjaz who made my onboarding possible, has provided tremendous technical insights and guidance, and made my PyCon US experience this past year so welcoming and enjoyable!