Closed NeolithEra closed 3 years ago
@KaitCrawford,Could you help me review this issue? Thx :p
Hi @NeolithEra, sorry for the delay in getting back to you. Thanks for bringing this up and for your patience. As per the PR above we've relaxed the version requirement of django-treebeard and the 10.1.17 release contains this change.
Hi, as shown in the following full dependency graph of molo-core, molo-core requires django-treebeard ==4.2.0, molo-core requires wagtail <2.7,>=2.6.2 (wagtail 2.6.3 will be installed, i.e., the newest version satisfying the version constraint), and directed dependency wagtail 2.6.3 transitively introduces django-treebeard >=4.2.0,<5.0.
Obviously, there are multiple version constraints set for django-treebeard in this project. However, according to pip's “first found wins” installation strategy, django-treebeard 4.2.0 (i.e., the newest version satisfying constraint ==4.2.0) is the actually installed version.
Although the first found package version django-treebeard 4.2.0 just satisfies the later dependency constraint (django-treebeard ==4.2.0), such installed version is very close to the upper bound of the version constraint of django-treebeard specified by wagtail 2.6.3.
Once wagtail upgrades,its newest version will be installed, Therefore, it will easily cause a dependency conflict (build failure), if the upgraded wagtail version introduces a higher version of django-treebeard , violating its another version constraint ==4.2.0.
According to the release history of wagtail, it habitually upgrates Django-treebeard in its recent releases. For instance, wagtail 1.4rc1 upgrated Django-treebeard ’s constraint from ==3.0 to >=3.0,<5.0,and wagtail 2.0b1 upgrated Django-treebeard ’s constraint from >=3.0,<5.0 to >=4.2,<5.0.
As such, it is a warm warning of a potential dependency conflict issue for molo-core.
Dependency tree
Thanks for your help. Best, Neolith