search

mozilla / taar-lite

A lightweight version of the TAAR service intended for specific deployments with reduced feature visibility.
Mozilla Public License 2.0
2 stars 6 forks source link

Conflicts between mozilla-taarlite and boto3 #64

Open NeolithEra opened 4 years ago

NeolithEra commented 4 years ago

Hi, users are unable to run mozilla-taarlite due to dependency conflict with boto3 package. As shown in the following full dependency graph of mozilla-taarlite, mozilla-taarlite requires *_boto3 _,while mozilla-srgutil requires _boto3 ==1.7.2**_.

According to pip’s “first found wins” installation strategy, boto3 1.10.35 is the actually installed version. However, boto3 1.10.35 does not satisfy ==1.7.2.

Dependency tree-----------

mozilla-taarlite - 0.2.3
| +- boto3(install version:1.10.35 version range:*)
| +- mozilla-srgutil(install version:0.1.10 version range:*)
| | +- boto3(install version:1.7.2 version range:==1.7.2)
| | | +- botocore(install version:1.10.84 version range:<1.11.0,>=1.10.2)
| | | | +- docutils(install version:0.16b0.dev0 version range:>=0.10)
| | | | +- jmespath(install version:0.9.4 version range:<1.0.0,>=0.7.1)
| | | +- jmespath(install version:0.9.4 version range:<1.0.0,>=0.7.1)
| | | +- s3transfer(install version:0.1.13 version range:<0.2.0,>=0.1.10)
| | | | +- botocore(install version:1.13.35 version range:>=1.3.0,<2.0.0)
| | +- dockerflow(install version:2019.10.0 version range:>=2018.4.0)
| | +- requests(install version:2.22.0 version range:>=2.19.1)
| | | +- certifi(install version:2019.11.28 version range:>=2017.4.17)
| | | +- chardet(install version:3.0.4 version range:<3.1.0,>=3.0.2)
| | | +- idna(install version:2.8 version range:>=2.5,<2.9)
| | | +- urllib3(install version:1.25.7 version range:<1.26,>=1.21.1)
| +- numpy(install version:1.18.0rc1 version range:*)
| +- requests(install version:2.22.0 version range:*)
| | +- certifi(install version:2019.11.28 version range:>=2017.4.17)
| | +- chardet(install version:3.0.4 version range:<3.1.0,>=3.0.2)
| | +- idna(install version:2.8 version range:>=2.5,<2.9)
| | +- urllib3(install version:1.25.7 version range:<1.26,>=1.21.1)
| +- scipy(install version:1.4.0rc2 version range:*)
| +- six(install version:1.13.0 version range:*)

Thanks for your help. Best, Neolith

NeolithEra commented 4 years ago

Suggested Solution

  1. Ask your upstream project mozilla-srgutil to loose the version range of boto3.
  2. Remove your direct dependency boto3, and use boto3 transitively introduced by mozilla-srgutil.

@crankycoder Which solution do you prefer, 1 or 2? Please let me know your choice. I can submit a PR to solve this issue.

crankycoder commented 4 years ago

Let me take a look at this - I originally pinned the version of boto3 to 1.7 so that we don't get breaking incompatibility with the mocking library for boto3 (moto)

NeolithEra commented 4 years ago

@crankycoder Thank you very much for your feedback. :-P