The entire field of Python import statements, their rules and programmatic application, Python dependency management and Python packaging is a horror show that has been going wrong for decades. It's a big part of the reason I left Python for NodeJS ten years ago.
"""However, there is no lock file. You could manually generate a kind of lock file using something like pip freeze >> environment.lock, as this will look at all the packages currently installed in your environment and write them to a file. However, such a manual process is error prone and most people prefer to use a dedicated tool to manage lock files.
"""
"error prone", ok pal, ok -- undermine your entire article with this.
Keep the output of "pip freeze" in version control and you're good to go. When you want to upgrade you need to diff the old to the new. Do the work and stop complaining.
reply