search

Kotaimen / awscfncli

Friendly AWS CloudFormation CLI
MIT License
59 stars 12 forks source link

Potential dependency conflicts between awscfncli2 and botocore #83

Open NeolithEra opened 4 years ago

NeolithEra commented 4 years ago

Hi, as shown in the following full dependency graph of awscfncli2, awscfncli2 requires *_botocore _ , while the installed version of boto3(1.10.23) requires _botocore >=1.13.23,<1.14.0**_.

According to Pip's “first found wins” installation strategy, botocore 1.13.23 is the actually installed version.

Although the first found package version botocore 1.13.23 just satisfies the later dependency constraint (botocore >=1.13.23,<1.14.0), it will lead to a build failure once developers release a newer version of botocore.

Dependency tree--------

awscfncli2 - 2.1.19
| +- awscli(install version:1.16.287 version range:>=1.16.0six>=1.10.0)
| +- boto3(install version:1.10.23 version range:*)
| | +- botocore(install version:1.13.23 version range:>=1.13.23,<1.14.0)
| | | +- docutils(install version:0.15.2 version range:>=0.10,<0.16)
| | | +- jmespath(install version:0.9.4 version range:<1.0.0,>=0.7.1)
| | +- jmespath(install version:0.9.4 version range:<1.0.0,>=0.7.1)
| | +- s3transfer(install version:0.2.1 version range:>=0.2.0,<0.3.0)
| | | +- botocore(install version:1.13.23 version range:<2.0.0,>=1.12.36)
| | | | +- docutils(install version:0.15.2 version range:>=0.10,<0.16)
| | | | +- jmespath(install version:0.9.4 version range:<1.0.0,>=0.7.1)
| +- botocore(install version:1.13.23 version range:*)
| | +- docutils(install version:0.15.2 version range:>=0.10,<0.16)
| | +- jmespath(install version:0.9.4 version range:<1.0.0,>=0.7.1)
| +- click(install version:7.0 version range:>=6.0,<8)
| +- jsonschema(install version:3.2.0 version range:>=2.6.0)
| +- PyYAML(install version:5.2b1 version range:>=3.10)

Thanks for your attention. Best, Neolith

NeolithEra commented 4 years ago

Suggested Solution

  1. Fix your direct dependencies to be botocore <1.14.0.
  2. Ask your upstream project boto3 to lose the version range of botocore to be >=1.13.23, and s3transfer to lose the version range of botocore to be >=1.12.36.

@Kotaimen Which solution do you prefer, 1 or 2? Please let me know your choice. May I pull a request to solve this issue?

Kotaimen commented 4 years ago

Hi @NeolithEra :

Thanks for pointing this out! However I'm still not getting why this will causes error, because awscfncli2 don't specify a required botocore version, the requirements are set by boto3, right? My bet is boto3/s3transfer/botocore always have pretty good compatibility...