Closed chludwig-haufe closed 11 months ago
I ran pip-compile in the debugger and saw (I think) what's the problem:
piptools.resolver.BacktrackingResolver._do_resolve()
, the first resolution attempt fails because compatible_existing_constraints
contains an incompatible version of cachecontrol
. So far that's expected.In the exception handler, however, cause_ireq_names
is assigned the value {'cachecontrol[filecache]'}
, including the extra specifier. However, the corresponding key in compatible_existing_constraints
is 'cachecontrol'
(without extra).
Therefore, the handler cannot find and drop the incompatible dependency from compatible_existing_constraints
(i.e., cause_existing_ireq
is None
) and re-raises the exception.
This happens with and without --strip-extras
.
Does pip install --no-deps cachecontrol==0.13.1 -vvvvv
succeed under the same OS+arch+Python? I think that the backtracking resolver rejects sdist-only releases that it can't build. Though, this one appears to have wheels so that's probably not it.
Have you tried without the hash generation? Also, maybe try with --upgrade
.
pip install --no-deps cachecontrol==0.13.1 -vvvvv
does work. (Tested inside an Ubuntu Jammy container with Python 3.11.)--generate-hashes
from the command line does not make any difference.With --upgrade
, the error goes away – unfortunately, this does not help me in the RenovateBot scenario.
RenovateBot does use --upgrade
if it creates a merge request for "lock file maintenance". (I.e., when it updates the indirect dependencies in requirements.txt.) It apparently does not use this option if it wants to update a pinned dependency in requirements.in. The only control that I have over the command line created by RenovateBot is that it keeps the option listed in requirements.txt.
Of course, I am not familiar with the codebase of pip-tools. But what I observed in the debugger looks like a bug to me:
--upgrade
is specified).I will try whether I can come up with a PR.
When upgrading the (pinned) dependencies in requirements.in of a project with an existing requirements.txt, pip-compile fails with a resolver error. It claims that an indirect dependency (here:
cachecontrol[filecache]<0.14.0,>=0.13.0
) cannot be resolved even though a version (0.13.1) matching the constraint is listed among the considered versions.pip-compile successfully creates a requirements.txt from the same requirements.in file (with the same pinned project dependencies), if I first delete the existing requirements.txt. However, I came across this error when renovateBot failed to update requirements.txt – that's a scenario where I cannot delete requirements.txt first.
Environment Versions
Steps to replicate
Expected result
requirements.txt is updated, no need to delete requirements.txt first
Actual result
The resolver error shown if requirements.txt exists already generated for an older version of the project dependency.