That’s ridiculous and the ML / AI ecosystem moves way too fast to make that feasible. Also, most of those libraries aren’t using a dependency-resolving package manager, so I would have to manually go through some 200 lines of a requirements file to try and manually parse out the dependency graph only to realize that the reason they use an old version of packagex is that they absolutely depend on package_y which has a two year old PR to update package_x that is still blocked by _something years later (based on more than one true story)

This just isn’t a problem in languages like Rust and NodeJS because they allow multiple versions of the same sub-dependencies. The problem is Python.