search

genouest / biomaj2galaxy

BioMAJ post processes to manipulate Galaxy tool data tables
MIT License
1 stars 5 forks source link

Potential dependency conflicts between biomaj2galaxy and requests #3

Closed NeolithEra closed 4 years ago

NeolithEra commented 4 years ago

Hi, as shown in the following full dependency graph of biomaj2galaxy, bioblend requires requests >=2.20.0 , while the installed version of requests-toolbelt(0.9.1) requires requests >=2.0.1,<3.0.0.

According to Pip's “first found wins” installation strategy, requests 2.22.0 is the actually installed version.

Although the first found package version requests 2.22.0 just satisfies the later dependency constraint (requests >=2.0.1,<3.0.0), it will lead to a build failure once developers release a newer version of requests.

Dependency tree--------

biomaj2galaxy - 2.0.1
| +- bioblend(install version:0.13.0 version range:*)
| | +- boto(install version:2.49.0 version range:>=2.9.7)
| | +- pyyaml(install version:5.2b1 version range:*)
| | +- requests(install version:2.22.0 version range:>=2.20.0)
| | | +- certifi(install version:2019.9.11 version range:>=2017.4.17)
| | | +- chardet(install version:3.0.4 version range:<3.1.0,>=3.0.2)
| | | +- idna(install version:2.8 version range:>=2.5,<2.9)
| | | +- urllib3(install version:1.25.7 version range:<1.26,>=1.21.1)
| | +- requests-toolbelt(install version:0.9.1 version range:>=0.5.1)
| | | +- requests(install version:2.22.0 version range:>=2.0.1,<3.0.0)
| | | | +- certifi(install version:2019.9.11 version range:>=2017.4.17)
| | | | +- chardet(install version:3.0.4 version range:<3.1.0,>=3.0.2)
| | | | +- idna(install version:2.8 version range:>=2.5,<2.9)
| | | | +- urllib3(install version:1.25.7 version range:<1.26,>=1.21.1)
| | +- six(install version:1.13.0 version range:*)
| +- click(install version:7.0 version range:*)
| +- future(install version:0.18.2 version range:*)

Thanks for your attention. Best, Neolith

NeolithEra commented 4 years ago

Suggested Solution

  1. Ask your upstream project bioblend to fix his direct dependencies to be requests >=2.20.0 <3.
  2. Ask your upstream project requests-toolbelt to lose the version range of requests to be >=2.0.1.

@abretaud Which solution do you prefer, 1 or 2? Please let me know your choice. May I pull a request to solve this issue?

abretaud commented 4 years ago

Hi @NeolithEra, and sorry fo the delay, I had not seen this issue... It looks like a virtual problem for now, do you know if there is a plan for a >3 release for requests anytime soon? Anyway, I don't see exactly why the authors of requests-toolbelt are restricting to requests <non-existing-3, maybe they could just remove this constraint? (or they will do it anyway in a future release when/if requests 3 is out some day)