Open NeolithEra opened 4 years ago
@jbeaulaurier ,Could you help me review this issue? Thx :p
Hi Neolith, thanks for pointing this out. From your suggested options, I think #3 is the safest solution for this project. Please go ahead and submit a pull request and thanks for you help!
Hi, as shown in the following full dependency graph of mbin, mbin requires numpy >=1.7.1,<1.14, mbin requires matplotlib >=1.5.0 (matplotlib 3.2.1 will be installed, i.e., the newest version satisfying the version constraint), and directed dependency matplotlib 3.2.1 transitively introduces numpy >=1.11.
Obviously, there are multiple version constraints set for numpy in this project. However, according to pip's “first found wins” installation strategy, numpy 1.13.3 (i.e., the newest version satisfying constraint >=1.7.1,<1.14) is the actually installed version.
Although the first found package version numpy 1.13.3 just satisfies the later dependency constraint (numpy >=1.7.1,<1.14), such installed version is very close to the upper bound of the version constraint of numpy specified by matplotlib 3.2.1.
Once matplotlib upgrades,its newest version will be installed. Therefore, it will easily cause a dependency conflict (build failure), if the upgraded matplotlib version introduces a higher version of numpy, violating its another version constraint >=1.7.1,<1.14.
According to the release history of matplotlib, it habitually upgrates Numpy in its recent releases. For instance, matplotlib #15645 upgrated Numpy’s constraint from >=1.11 to >=1.12, and matplotlib #15698 upgrated Numpy’s constraint from >=1.12 to >=1.15.
As such, it is a warm warning of a potential dependency conflict issue for mbin.
Dependency tree
Thanks for your help. Best, Neolith