Is there a simple way to lock the versions of all the packages of a given project? Something like ]pin X for all (direct and indirect) dependencies of its environment.
The Manifest.toml file is a very nice way of ensuring that a project is reproducible — until I or someone else mess it up by adding or updating packages when that project is activated. If this happens without a careful record of the project’s history, such an accident may be a pain.
I think it would be nice to have a command — e.g. ]lock that protects the Manifest.toml from being changed by other Pkg commands (and ]unlock for the opposite).
And maybe, also allow ]pin without arguments, such that all the direct dependencies are fixed in the current version.
Not sure but I think you can already do this (not as easily as what you are suggesting though) as you can already pin individual packages. So you could probably just do that for all of the packages in the project.
Starting julia with JULIA_DEPOT_PATH=/depot/path/ julia --project=/project/dir to specify your own depot path and the path of the project. Something like this should work:
using Pkg
proj = Pkg.project()
deps = proj.dependencies
topin = [ Pkg.PackageSpec(k,deps[k]) for k in keys(deps) ]
for pkg in topin
Pkg.pin(pkg)
end
And to free packages you just have to change the for loop by