Dependency Upgrade Advisor: scan and safely upgrade Python project dependencies.
Project description
depup โ Dependency Upgrade Advisor
Depup is a modern Python CLI tool that helps developers keep their project dependencies up-to-date, safe, and maintainable. It automatically:
- Scans for declared dependencies
- Detects updates on PyPI
- Classifies semantic versioning impact (patch/minor/major)
- Prepares upgrade paths
- (Future) Provides AI-assisted upgrade analysis and code fixes
This tool is built for modern development workflows and future integration with AI agents (Cursor, Windsurf, Continue) via MCP.
๐ Features
โ Current Features
- Parse
requirements.txt,pyproject.toml, andPipfile - Display declared package versions
- Fetch latest versions from PyPI (
depup scan --latest) - Categorize updates by semantic version (patch/minor/major)
- Clean, colorized CLI output via Typer + Rich
๐งญ Roadmap (Planned)
- Automated safe upgrades via
depup upgrade - Dependency file rewriting after upgrades
- Post-upgrade code scanning
- Markdown/HTML upgrade reports
- LLM-powered changelog summarization
- MCP Agent integration for AI IDEs
Installation
pip install depup
Or with uv:
uv tool install depup
๐ Usage
List declared dependencies
depup scan
Show latest available versions from PyPI
depup scan --latest
Example output:
โโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโ
โ Package Name โ Declared Specโ Latest Versionโ Update Type โ Source File โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ typer โ >=0.12 โ 0.12.3 โ patch โ pyproject.toml
โ packaging โ >=24.0 โ 24.1.0 โ patch โ pyproject.toml
โ rich โ >=13.0 โ 13.7.1 โ patch โ pyproject.toml
โโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโ
๐ Supported Dependency Files
requirements.txtpyproject.toml(PEP 621 and Poetry)Pipfile
๐งช Testing
pytest -q
๐งฑ Project Structure
src/depup/
cli/
core/
reporting/
scanning/
utils/
tests/
pyproject.toml
README.md
CHANGELOG.md
LICENSE
๐ Version Management
We use bump2version to automate versioning:
bump2version patch # 0.1.1 โ 0.1.2
bump2version minor # 0.1.1 โ 0.2.0
bump2version major # 0.1.1 โ 1.0.0
๐ License
This project is licensed under the MIT License โ see the LICENSE file for details.
๐ค Contributing
Contributions are welcome! Feel free to open issues or submit PRs.
โญ Acknowledgements
This project is inspired by modern dependency management workflows and the architecture outlined in the technical design document.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file depup-0.3.1.tar.gz.
File metadata
- Download URL: depup-0.3.1.tar.gz
- Upload date:
- Size: 38.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
17c11776db7a97a4fb87edda1e98501fb9f23dee9251e2ec1f0e546a50ab7eab
|
|
| MD5 |
23cefa10ab700d48c977ec01d5d0646f
|
|
| BLAKE2b-256 |
e1f57df0e81ebb0fc5961864d7342d56ba1d051b548c004fb64a23d3d5aa64db
|
Provenance
The following attestation bundles were made for depup-0.3.1.tar.gz:
Publisher:
python-publish.yml on saran-damm/depup
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
depup-0.3.1.tar.gz -
Subject digest:
17c11776db7a97a4fb87edda1e98501fb9f23dee9251e2ec1f0e546a50ab7eab - Sigstore transparency entry: 759980707
- Sigstore integration time:
-
Permalink:
saran-damm/depup@f1b863757d533061e1afd8ec231af68766288178 -
Branch / Tag:
refs/tags/v0.3.1 - Owner: https://github.com/saran-damm
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
python-publish.yml@f1b863757d533061e1afd8ec231af68766288178 -
Trigger Event:
push
-
Statement type:
File details
Details for the file depup-0.3.1-py3-none-any.whl.
File metadata
- Download URL: depup-0.3.1-py3-none-any.whl
- Upload date:
- Size: 18.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7cdb1c2032ced851d3f1e194548a96c93d418d0ddd635a72b3224891fa3a9128
|
|
| MD5 |
1ca7545043954d5b274bc34b55d3184a
|
|
| BLAKE2b-256 |
9d5770e338180821d1a6d0bf5d6da2e6842723a5c4a1e737d9a4184fe2bc6aa5
|
Provenance
The following attestation bundles were made for depup-0.3.1-py3-none-any.whl:
Publisher:
python-publish.yml on saran-damm/depup
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
depup-0.3.1-py3-none-any.whl -
Subject digest:
7cdb1c2032ced851d3f1e194548a96c93d418d0ddd635a72b3224891fa3a9128 - Sigstore transparency entry: 759980710
- Sigstore integration time:
-
Permalink:
saran-damm/depup@f1b863757d533061e1afd8ec231af68766288178 -
Branch / Tag:
refs/tags/v0.3.1 - Owner: https://github.com/saran-damm
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
python-publish.yml@f1b863757d533061e1afd8ec231af68766288178 -
Trigger Event:
push
-
Statement type:
