Lack of a comprehensive official standard tool. "Comprehensive" being the key word here.
virtualenvvenvpipenvpoetrypdm- (
ana)conda mambapyenv
Some of those can only maintain package dependencies, some manage Python runtime and standard library versions, some try to do both. All of them can run into version conflicts at any time.
Others have done a vastly superior job to solve this. Here are my personal favorites.
Use deps.ts to list all dependencies of your module. Use dev_deps.ts to list the dependencies that are specific to the development environment (e.g. testing tools).
You can also use the --import-map CLI flag or importMap option in a config file (deno.json by default) to specify an import map (e.g. imports.json) and alias the versioned dependency paths (URLs) to more wieldy module names.
Specify exact version numbers to get the exact versions. Use deno cache to download the (recursive) dependencies to a centralized local storage.
Every module is completely isolated from any other module dependency-wise: e.g., if your module requires foo@1 and bar@2, but foo@1 depends on bar@1, it does not affect your module in any way. Every unique dependency is cached globally once and reused as required by modules.
Builds are guaranteed to be reproducible.
It is even possible to simultaneously use multiple different versions of a dependency in the same module, given that each is aliased to a different identifier.
Use the built-in automated tools (e.g. go get, go install, go mod) to maintain go.mod of your module, or do it manually.
Go will resolve the dependencies of your module to the lowest common denominator semantic version, and cache to a centralized local storage. New releases do not affect your builds, unless you explicitly update a dependency to a newer version.
Builds are guaranteed to be reproducible.
Very large (read, humongous) projects run a slight risk of a major-version conflict among transitive dependencies, which may require downgrading a direct dependency to an inferior version.