[Feature Request] new rule that enforces expressing dependencies as ~= or == (no >=)

[alainsanguinetti]

Hi there, thanks a lot of for this tool! Something I've discussed with a colleague. What are your thoughts on this?

Is your feature request related to a problem? Please describe.

When a project uses >= to express dependencies, this can lead to unpredictable outcomes far in the future, for example when used in combination with a docker image, that would after a while be regenerated, and then would take in a new major release of a dependency, that breaks the system actually

Describe the solution you would like

a new rule that checks that in the dependencies, only == or ~= is used, and no >=

Additional context

I can help with the code

[timofey-ai71]

Chiming in with detailed https://iscinumpy.dev/post/bound-version-constraints/ arguing for exact opposite approach, proposing >= over pins and upper bounds as a default.

[alainsanguinetti]

Interesting comment!The point i think is to have a single strategy .. and to enforce it ! On 9 Aug 2025, at 21:08, Timofey Urbanovich ***@***.***> wrote:timofey-ai71 left a comment (fpgmaas/deptry#1164) Chiming in with detailed https://iscinumpy.dev/post/bound-version-constraints/ arguing for exact opposite approach, proposing >= over pins and upper bounds as a default. —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>