I 'm reading the 12-factor-app manifesto and I'm at the dependencies section right now. Dependency Isolation is something I cannot get my head around, though.

Unfortunately no actual definition as to what that is is given, aside from that 12-factor-apps should "use a dependency isolation tool during execution to ensure that no implicit dependencies “leak in” from the surrounding system".

Searching for answers to that, I 'm only finding questions about how to achieve dependency isolation in a specific language/framework.

Maybe it is just a limitation in my understanding of english, but could someone enlighten me on this?

Lets assume you are building an app with Python. You decide to use Django web-framework. As you are starting you install Django using pip install django. Django 3.1 is installed on your local system.

After two months you decide to host the Django project on server. You install django by pip install django. This time Django 3.3 is installed. Because of version upgrade your code might break.

To avoid such scenarios it is recommended to note the version of Django and Python. You can add the Django version in requirement.txt or piplock file.

Application dependencies should be managed by application build itself, but not manage from outside or separately. Tools can be used like maven pom.xml or gradle.build or package.json or Gemfile etc

I think that other answers are more about dependencies management (pinning, tracking, etc.), rather than isolation.

Isolation in software engineering is often treated as an ability to replace something (some dependency) at low cost.

This can be achieved by surrounding dependencies (classes, functions) with your own functions, classes, adapters, etc. With some your custom API that you own and control.

For example, if you make some Repository classes that wrap Django models API in your Django project, then you would be able to replace Django ORM with SQLAlchemy or raw SQL, whatever, at lower cost, by changing your Repository implementation. If Django models are used everywhere in your project, are directly imported into each of your module, then it would be more difficult to drop Django ORM from your project. You will have to change every model that imports Django model(-s).

You can read more about this in Robert Martins' books. Clean Code and Clean Architecture.

The other answers seem to mix two things. The 12-factor app's second factor called "dependencies" is about doing two things: (1) declaring dependencies, and (2) isolating dependencies.

You declare your dependencies using tools like Maven or Gradle for Java. This allows a developer to explicitly identify the libraries and their version that the developer's code depends on and needs at compile time. Dependency declaration is used at compile time.

Dependency isolation is taking it further to the runtime environment. The way I understand it, dependency isolation is enforcement at runtime that prevents your software from using a third party library if you did not declare it. That dependency could exist in the runtime environment, but if you did not declare it then it would prevent you from using it, even if it is there. This is to protect yourself from when you try to run it in an environment that does not have that dependency.