What's new in pip 26.1 - lockfiles and dependency cooldowns!

What's new in pip 26.1 - lockfiles and dependency cooldowns!

[Simon Willison’s Weblog](http://simonwillison.net/)

Subscribe

**Sponsored by:** Sonar — Now with SAST + SCA for secure, dependency-aware Agentic Engineering. SonarQube Advanced Security

28th April 2026 - Link Blog

**What's new in pip 26.1 - lockfiles and dependency cooldowns!** ([via](https://lobste.rs/s/w2oiaq/what_s_new_pip_26_1_lockfiles_dependency "Lobste.rs")) Richard Si describes an excellent set of upgrades to Python's default `pip` tool for installing dependencies.

This version drops support for Python 3.9 - fair enough, since it's been EOL since October. macOS still ships with `python3` as a default Python 3.9, so I tried out the new Python version against Python 3.14 like this:

uv python install 3.14
mkdir /tmp/experiment
cd /tmp/experiment
python3.14 -m venv venv
source venv/bin/activate
pip install -U pip
pip --version

This confirmed I had `pip 26.1` - then I tried out the new lock files:

pip lock datasette llm

This installs Datasette and LLM and all of their dependencies and writes the whole lot to a 519 line `pylock.toml` file - here's the result.

The new release also supports dependency cooldowns, discussed here previously, via the new `--uploaded-prior-to PXD` option where X is a number of days. The format is `P-number-of-days-D`, following ISO duration format but only supporting days.

I shipped a new release of LLM, version 0.31, three days ago. Here's how to use the new `--uploaded-prior-to P4D` option to ask for a version that is at least 4 days old.

pip install llm --uploaded-prior-to P4D
venv/bin/llm --version

This gave me version 0.30.

Posted 28th April 2026 at 5:23 am

Recent articles

• Tracking the history of the now-deceased OpenAI Microsoft AGI clause - 27th April 2026
• DeepSeek V4 - almost on the frontier, a fraction of the price - 24th April 2026
• Extract PDF text in your browser with LiteParse for the web - 23rd April 2026

This is a **link post** by Simon Willison, posted on 28th April 2026.

packaging 48pip 17python 1247security 599supply-chain 18

Monthly briefing

Sponsor me for **$10/month** and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe

• Disclosures
• Colophon
• ©
• 2002
• 2003
• 2004
• 2005
• 2006
• 2007
• 2008
• 2009
• 2010
• 2011
• 2012
• 2013
• 2014
• 2015
• 2016
• 2017
• 2018
• 2019
• 2020
• 2021
• 2022
• 2023
• 2024
• 2025
• 2026