Upgrade Poetry to 2.x.x or use uv

[ParthSareen]

No description provided.

[akx]

I would suggest not using Poetry at all, but e.g. uv if you really do need locking (you probably don't; libraries generally don't), and just standard PEP 517 packaging, using e.g. Hatch/Hatchling as the backend.

[ParthSareen]

@akx thanks for the suggestion and I'm a fan of uv. For now, I think having locking just gives a peace of mind to ensure we don't have breaking changes from a random library. I'd rather own that responsibility than give it to the user

[akx]

If dependencies are locked too strictly in the distributed package (I didn't check if that's the case for the sdist/wheel here though), it could prevent downstream users from eg. installing a security update to one of the locked deps.

[akx]

I didn't check if that's the case for the sdist/wheel here though

Okay, I did check now:

$ unzip -p ollama-0.4.6-py3-none-any.whl ollama-0.4.6.dist-info/METADATA | grep Requires
Requires-Python: >=3.8,<4.0
Requires-Dist: httpx (>=0.27.0,<0.28.0)
Requires-Dist: pydantic (>=2.9.0,<3.0.0)

IOW, there are no pinned deps in the distributions other than the loose ranges specified in

ollama-python/pyproject.toml

Lines 13 to 14 in 02495ff

	httpx = "^0.27.0"
	pydantic = "^2.9.0"

so there'd be no change in "owning the responsibility" there.

IOW, the requirements.txt file that is generated/checked in CI with poetry export is not used for anything that I can see. 🤷

[ParthSareen]

...
IOW, the requirements.txt file that is generated/checked in CI with poetry export is not used for anything that I can see. 🤷

Hmm okay, that makes a lot of sense. I think uv makes sense here then and I prefer it anyways. Will probably bump poetry to 2.x.x for now and then move over to uv. Thanks for pointing this out :D