Opened 3 years ago
Closed 3 years ago
Last modified 3 years ago
#5595 closed defect (fixed)
Pin current Python 2 dependencies at <= latest working version
|Reported by:||Ben Sturmfels||Owned by:|
|Cc:||Boris Bobrov, aleph||Parent Tickets:|
Our dependencies are rapidly dropping Python 2 support which, due to our loose specification of versions in setup.py, means Python 2 installation may break at any time. For some reason, Pip doesn't seem to figure this out properly in my experience.
I suggest that for 0.10.0, the likely last Python 2 release, we pin the highest version for those dependencies to the latest Python 2 working versions, including dependencies of dependencies.
Change History (4)
comment:1 by , 3 years ago
comment:2 by , 3 years ago
|Status:||new → closed|
I've now run
bin/pip freeze --local on the working Python 2 install and copied all those dependencies into the Python 2 conditional in
setup.py. It's pretty horrible, but should prevent unpredictable Python 2 breakages at a later date.
The downside is that using
== pinning will stop people getting security updates.
I think it's a necessary tradeoff though.
comment:3 by , 3 years ago
Can we do
<= for current major versions? I mean if we have
1.2.3 now, maybe we could pin
nicepackage <= 1.2.999
comment:4 by , 3 years ago
Excellent idea! I was thinking about like
nicepackage<1.3 but feeling too lazy to do the work. Your approach is much easier. A quick keyboard macro and ... done. A couple like pytz don't follow semantic versioning, but should work nonetheless.
I've just tested that in a Dockerfile modified to run similarly to the install docs and works nicely.
I've now tested the Python 2 install process as per the deployment docs and fixed all the broken dependencies by pinning them in setup.py. This fixes the installation process *right now* on Python 2. The problem is that packages are dropping Python 2 support all over the place and due to our (deliberate) loose dependency version specifications and the loose sub-dependency version specifications, it's one horrible mess. But it works right now.
Next up I'll be pinning all the currently installed Python 2 packages and all dependencies.