Opened 5 months ago

Closed 5 months ago

Last modified 5 months ago

#5595 closed defect (fixed)

Pin current Python 2 dependencies at <= latest working version

Reported by: Ben Sturmfels Owned by:
Priority: minor Milestone: 0.10.0
Component: programming Keywords:
Cc: Boris Bobrov, aleph Parent Tickets:


Our dependencies are rapidly dropping Python 2 support which, due to our loose specification of versions in, means Python 2 installation may break at any time. For some reason, Pip doesn't seem to figure this out properly in my experience.

I suggest that for 0.10.0, the likely last Python 2 release, we pin the highest version for those dependencies to the latest Python 2 working versions, including dependencies of dependencies.


Change History (4)

comment:1 Changed 5 months ago by Ben Sturmfels

I've now tested the Python 2 install process as per the deployment docs and fixed all the broken dependencies by pinning them in This fixes the installation process *right now* on Python 2. The problem is that packages are dropping Python 2 support all over the place and due to our (deliberate) loose dependency version specifications and the loose sub-dependency version specifications, it's one horrible mess. But it works right now.

Next up I'll be pinning all the currently installed Python 2 packages and all dependencies.

comment:2 Changed 5 months ago by Ben Sturmfels

Cc: Boris Bobrov aleph added
Resolution: fixed
Status: newclosed

I've now run bin/pip freeze --local on the working Python 2 install and copied all those dependencies into the Python 2 conditional in It's pretty horrible, but should prevent unpredictable Python 2 breakages at a later date.

The downside is that using == pinning will stop people getting security updates.

I think it's a necessary tradeoff though.

comment:3 Changed 5 months ago by Boris Bobrov

Can we do <= for current major versions? I mean if we have nicepackage version 1.2.3 now, maybe we could pin nicepackage <= 1.2.999

comment:4 Changed 5 months ago by Ben Sturmfels

Excellent idea! I was thinking about like nicepackage<1.3 but feeling too lazy to do the work. Your approach is much easier. A quick keyboard macro and ... done. A couple like pytz don't follow semantic versioning, but should work nonetheless.

I've just tested that in a Dockerfile modified to run similarly to the install docs and works nicely.

Note: See TracTickets for help on using tickets.