search

BlueBrain / Rockets

REST and websockets C++ library
GNU Lesser General Public License v3.0
38 stars 8 forks source link

Potential dependency conflicts between rockets and coverage #87

Open NeolithEra opened 4 years ago

NeolithEra commented 4 years ago

Hi, as shown in the following full dependency graph of rockets, rockets requires coverage <4.6,>=4.5.2, rockets requires nose-xcover <1.1,>=1.0.11 (nose-xcover 1.0.11 will be installed, i.e., the newest version satisfying the version constraint), and directed dependency nose-xcover 1.0.11 transitively introduces coverage >=3.4.

Obviously, there are multiple version constraints set for coverage in this project. However, according to pip's “first found wins” installation strategy, coverage 4.5.4 (i.e., the newest version satisfying constraint <4.6,>=4.5.2) is the actually installed version.

Although the first found package version coverage 4.5.4 just satisfies the later dependency constraint (coverage <4.6,>=4.5.2), such installed version is very close to the upper bound of the version constraint of coverage specified by nose-xcover 1.0.11.

Once nose-xcover upgrades,its newest version will be installed, Therefore, it will easily cause a dependency conflict (build failure), if the upgraded nose-xcover version introduces a higher version of coverage, violating its another version constraint <4.6,>=4.5.2.

According to the release history of nose-xcover, it habitually upgrates Coverage in its recent releases. For instance, nose-xcover 1.0.4 upgrated Coverage’s constraint from <=3.3 to <=3.4,nose-xcover 1.0.5 upgrated Coverage’s constraint from <=3.4 to ==3.4 ,and nose-xcover 1.0.7 upgrated Coverage’s constraint from ==3.4 to >=3.4.

As such, it is a warm warning of a potential dependency conflict issue for rockets.

Dependency tree

rockets - 1.0.2
| +- coverage(install version:4.5.4 version range:<4.6,>=4.5.2)
| +- json-rpc(install version:1.13.0 version range:<12,>=1.11.1)
| +- jsonrpcserver(install version:3.5.6 version range:<3.6,>=3.5.6)
| | +- funcsigs(install version:1.0.2 version range:<2,>=1)
| | +- jsonschema(install version:2.6.0 version range:<3,>=2)
| | +- six(install version:1.14.0 version range:<2,>=1)
| +- nbsphinx(install version:0.4.3 version range:<0.5,>=0.4.1)
| | +- docutils(install version:0.16 version range:*)
| | +- jinja2(install version:2.11.2 version range:*)
| | | +- MarkupSafe(install version:2.0.0a1 version range:>=0.23)
| +- nose(install version:1.3.7 version range:<1.4,>=1.3.7)
| +- nosexcover(install version:1.0.11 version range:<1.1,>=1.0.11)
| | +- coverage(install version:4.5.4 version range:>=3.4)
| | +- nose(install version:1.3.7 version range:*)
| +- pandoc(install version:1.0.2 version range:<1.1,>=1.0.2)
| +- pycodestyle(install version:2.4.0 version range:<2.5,>=2.4.0)
| +- pydocstyle(install version:5.0.2 version range:<31,>=3.0.0)
| | +- snowballstemmer(install version:2.0.0 version range:*)
| +- pylint(install version:2.5.2 version range:<3,>=2.2.2)
| +- rx(install version:1.6.1 version range:<1.7,>=1.6.1)
| +- sphinx(install version:1.8.5 version range:<1.9,>=1.8.3)
| | +- alabaster(install version:0.7.12 version range:<0.8,>=0.7)
| | +- babel(install version:2.8.0 version range:>=1.3)
| | | +- pytz(install version:2019.3 version range:>=2015.7)
| | +- docutils(install version:0.16 version range:>=0.11)
| | +- imagesize(install version:1.2.0 version range:*)
| | +- jinja2(install version:2.11.2 version range:>=2.3)
| | | +- MarkupSafe(install version:2.0.0a1 version range:>=0.23)
| | +- packaging(install version:20.3 version range:*)
| | +- pygments(install version:2.6.1 version range:>=2.0)
| | +- requests(install version:2.23.0 version range:>=2.0.0)
| | | +- certifi(install version:2020.4.5.1 version range:>=2017.4.17)
| | | +- chardet(install version:3.0.4 version range:>=3.0.2,<4)
| | | +- idna(install version:2.9 version range:>=2.5,<3)
| | | +- urllib3(install version:1.25.9 version range:>=1.21.1,<1.26)
| | +- setuptools(install version:46.1.3 version range:*)
| | +- six(install version:1.14.0 version range:>=1.5)
| | +- snowballstemmer(install version:2.0.0 version range:>=1.1)
| | +- sphinxcontrib-websupport(install version:1.2.1 version range:*)
| +- sphinx-rtd-theme(install version:0.4.3 version range:<0.5,>=0.4.2)
| | +- sphinx(install version:1.8.5 version range:*)
| | | +- alabaster(install version:0.7.12 version range:<0.8,>=0.7)
| | | +- babel(install version:2.8.0 version range:>=1.3)
| | | | +- pytz(install version:2019.3 version range:>=2015.7)
| | | +- docutils(install version:0.16 version range:>=0.11)
| | | +- imagesize(install version:1.2.0 version range:*)
| | | +- jinja2(install version:2.11.2 version range:>=2.3)
| | | | +- MarkupSafe(install version:2.0.0a1 version range:>=0.23)
| | | +- packaging(install version:20.3 version range:*)
| | | +- pygments(install version:2.6.1 version range:>=2.0)
| | | +- requests(install version:2.23.0 version range:>=2.0.0)
| | | | +- certifi(install version:2020.4.5.1 version range:>=2017.4.17)
| | | | +- chardet(install version:3.0.4 version range:>=3.0.2,<4)
| | | | +- idna(install version:2.9 version range:>=2.5,<3)
| | | | +- urllib3(install version:1.25.9 version range:>=1.21.1,<1.26)
| | | +- setuptools(install version:46.1.3 version range:*)
| | | +- six(install version:1.14.0 version range:>=1.5)
| | | +- snowballstemmer(install version:2.0.0 version range:>=1.1)
| | | +- sphinxcontrib-websupport(install version:1.2.1 version range:*)
| +- tox(install version:3.6.1 version range:<3.7,>=3.6.1)
| | +- filelock(install version:3.0.12 version range:>=3.0.0,<4)
| | +- pluggy(install version:0.13.1 version range:>=0.3.0,<1)
| | | +- importlib-metadata(install version:1.6.0 version range:>=0.12)
| | +- py(install version:1.8.1 version range:<2,>=1.4.17)
| | +- setuptools(install version:46.1.3 version range:>=30.0.0)
| | +- six(install version:1.14.0 version range:<2,>=1.0.0)
| | +- toml(install version:0.10.0 version range:>=0.9.4)
| | +- virtualenv(install version:20.0.17 version range:>=1.11.2)
| +- websockets(install version:7.0 version range:<8,>=7.0)

Thanks for your help. Best, Neolith

NeolithEra commented 4 years ago

Suggested Solution

  1. Loosen the version range of coverage to be >=4.5.2.
  2. Remove your direct dependency coverage, and use the coverage transitively introduced by nose-xcover.
  3. Change your direct dependency nose-xcover to be <=1.0.11. @tribal-tec Which solution do you prefer, 1 ,2or 3? Please let me know your choice. May I pull a request to solve this issue?
NeolithEra commented 4 years ago

@ppodhajski,Could you help me review this issue? Thx :p

ppodhajski commented 4 years ago

Hello @NeolithEra , will try to look into that next week