DP003: DependencyFreshnessCheck
Overview
| Property | Value |
|---|---|
| ID | DP003 |
| Name | DependencyFreshnessCheck |
| Group | dependencies |
| Severity | NOTE |
Description
Checks for outdated packages in project dependencies.
Outdated dependencies can cause:
- Missing security patches
- Lack of bug fixes
- Incompatibility with newer Python versions
- Missing performance improvements
What it checks
The check compares installed package versions against the latest available versions on PyPI:
- Direct dependencies from
pyproject.toml - Packages that are significantly behind (major versions)
- Packages with available security updates
Result states
- PASSED: All dependencies are reasonably up-to-date
- WARNING: Some dependencies are outdated (minor versions behind)
- FAILED: Dependencies are severely outdated (major versions behind)
- SKIPPED: Unable to check PyPI for latest versions
How to fix
Check for outdated packages
# Using pip
pip list --outdated
# Using uv
uv pip list --outdated
# Using pip-tools
pip-compile --upgradeUpdate specific packages
# Using pip
pip install --upgrade requests
# Using uv
uv add requests@latest
# Using poetry
poetry update requestsUpdate all packages
# Using pip
pip install --upgrade -r requirements.txt
# Using uv
uv lock --upgrade
# Using poetry
poetry updateReview changes before updating
Always review changelogs before major upgrades:
# Check what would be updated
pip list --outdated --format=json
# Review package changelog
pip show requests # Check homepage for changelogFreshness thresholds
| Status | Condition |
|---|---|
| Up-to-date | Within latest minor version |
| Slightly outdated | 1-2 minor versions behind |
| Outdated | 3+ minor versions or 1 major version behind |
| Severely outdated | 2+ major versions behind |
Why NOTE severity?
This check is a NOTE because:
- Newer isn’t always better; stability matters
- Some projects intentionally pin older versions
- Updates should be deliberate, not automatic
- Breaking changes require careful migration
However, regularly reviewing dependencies is good practice.
Configuration
Skip this check
[tool.pycmdcheck]
skip = ["DP003"]CLI
pycmdcheck --skip DP003