Closed basiekjusz closed 3 weeks ago
Hi @basiekjusz . You are correct. This should have been a new version. For reasons we cannot disclose, the version 1.0.6 you've mentioned was deleted and will no longer be available. As such, even if we move the files for current 1.0.6 to, say, 1.0.7, we would not restore 1.0.6 as it was before this change. You will need to use a version with files present on PyPI. Current 1.0.6 is one such version.
The digest is expected to be inconsistent given what I've outlined. Changing your poetry.lock to point to the new 1.0.6 digest should be stable moving forward, as we've always maintained standard behavior for package versioning. In this case, your poetry lock would have had to be updated either way, because previous 1.0.6 with the matching digest will not be made available.
self-assigned and will close at later point if no further issues/questions
Yeah, I know that's why the digest is different. I meant that it made me easy to find out what happened. Can you let me know whether such occasions will happen again? I regularly rebuild images depending on your package, and events like this one greatly reduce stability, repeatability and trust 😞 New version made me manually resolve dependency conflicts and that's PITA.
sorry for your problem! we hope to not run into a situation where we have to do something like this again.
Describe the bug New published version of PyTDC
1.0.6
has replaced old1.0.6
. This causes stability issues with the projects depending on this package, as right now I'm dealing with inconsistent digest of the package within thepoetry.lock
file and dependencies conflicts in the project I'm maintaining.I can see that
1.0.6
has been replaced a couple of hours ago in PyPI.To Reproduce Steps to reproduce the behavior:
pytdc==1.0.6
a couple of days ago resulted in different package version installed today.Expected behavior Each release of the package in PyPI should result in new version tag, as projects that depend on PyTDC suffer from such invisible changes.
Screenshots If applicable, add screenshots to help explain your problem.
Environment:
Additional context I'm using Poetry that manages packages and notifies me if there are issues with packages hashes. Thanks to that I was able to notice this change.