search

dohlee / python-biopipe

MIT License
0 stars 0 forks source link

Potential dependency conflicts between biopipe and urllib3 #7

Open NeolithEra opened 4 years ago

NeolithEra commented 4 years ago

Hi, as shown in the following full dependency graph of biopipe, biopipe requires urllib3 >=1.22 , while the installed version of requests(2.22.0) requires urllib3 <1.26,>=1.21.1.

According to Pip's “first found wins” installation strategy, urllib3 1.25.7 is the actually installed version.

Although the first found package version urllib3 1.25.7 just satisfies the later dependency constraint (urllib3 <1.26,>=1.21.1), it will lead to a build failure once developers release a newer version of urllib3.

Dependency tree--------

biopipe - 0.1.10
| +- certifi(install version:2019.9.11 version range:>=2018.4.16)
| +- chardet(install version:3.0.4 version range:>=3.0.4)
| +- gseapy(install version:0.9.16 version range:>=0.9.3)
| | +- beautifulsoup4(install version:4.8.1 version range:*)
| | | +- soupsieve(install version:1.9.5 version range:>=1.2)
| | +- bioservices(install version:1.6.0 version range:*)
| | +- html5lib(install version:1.0 version range:*)
| | | +- six(install version:1.13.0 version range:>=1.9)
| | | +- webencodings(install version:0.5.1 version range:*)
| | +- lxml(install version:4.4.1 version range:*)
| | | +- cython(install version:0.29.14 version range:>=0.29.7)
| | +- matplotlib(install version:3.1.2 version range:*)
| | +- numpy(install version:1.17.4 version range:>=1.13.0)
| | +- pandas(install version:0.25.3 version range:*)
| | +- requests(install version:2.22.0 version range:*)
| | | +- certifi(install version:2019.9.11 version range:>=2017.4.17)
| | | +- chardet(install version:3.0.4 version range:<3.1.0,>=3.0.2)
| | | +- idna(install version:2.8 version range:>=2.5,<2.9)
| | | +- urllib3(install version:1.25.6 version range:<1.26,>=1.21.1)
| | +- scipy(install version:1.3.3 version range:*)
| +- idna(install version:2.8 version range:>=2.6)
| +- mygene(install version:3.1.0 version range:>=3.0.0)
| | +- biothings-client(install version:0.2.1 version range:>=0.2.0)
| | | +- nose(install version:1.3.7 version range:*)
| | | +- requests(install version:2.22.0 version range:>=2.3.0)
| | | | +- certifi(install version:2019.9.11 version range:>=2017.4.17)
| | | | +- chardet(install version:3.0.4 version range:<3.1.0,>=3.0.2)
| | | | +- idna(install version:2.8 version range:>=2.5,<2.9)
| | | | +- urllib3(install version:1.25.6 version range:<1.26,>=1.21.1)
| +- requests(install version:2.22.0 version range:>=2.18.4)
| | +- certifi(install version:2019.9.11 version range:>=2017.4.17)
| | +- chardet(install version:3.0.4 version range:<3.1.0,>=3.0.2)
| | +- idna(install version:2.8 version range:>=2.5,<2.9)
| | +- urllib3(install version:1.25.7 version range:<1.26,>=1.21.1)
| +- urllib3(install version:1.25.7 version range:>=1.22)

Thanks for your attention. Best, Neolith

NeolithEra commented 4 years ago

Suggested Solution

  1. Fix your direct dependencies to be urllib3 <1.26.
  2. Ask your upstream project request to losse the version range of urllib3 to be >=1.21.1.

@dohlee Which solution do you prefer, 1 or 2? Please let me know your choice. May I pull a request to solve this issue?