Ergonomic, hermetic, user-friendly software build system for Python, Go, Java, Kotlin, Protobuf, Scala, Shell. Pants lets you fearlessly scale up your codebase!

Pants

Soo....with "proper lockfiles", it's desirable for us to keep using `--constraints`, rather than the current plan to use `pex -r lockfile.txt --no-transitive`.

A major motivation is that it allows us to handle the problem of when it's not safe to use `[python-setup].resolve_all_constraints` and the repository PEX feature. For example, w/ a `pex_binary` using `platforms`, the subset of reqs might be valid, but the superset of all your reqs might include deps without wheels, so the superset fails to resolve. This was a real problem hit this month and now fixed to not use repository PEXes when platforms are used. But, we do still want to use a constraints file to lock down all versions

I've been claiming constraints files can't be used because a) they don't support extras like `requests[security]` and b) they don't handle URL requirements. a) is an invalid reason, the lockfile should already have expanded `[security]`. b) was true, but is fixed by Pip 21.1

Only gotcha: Pip 21 dropped support for Python 2. Iiuc, this would mean that Pants 2.7+ no longer works with Python 2, which may be reasonable given that pip and rest of Python ecosystem has dropped support a while ago?