This PR makes a minor adjustment to the version_many grammar to allow a trailing comma to match the behavior of _parse_version_many.
Users may assume that setuptools install_requires is a comma separated list or otherwise leave trailing commas in dependency specifiers, leading to requirements like numpy >=1.19,. Since https://github.com/pypa/packaging/pull/484 released in late 2022, the packaging package used by most packaging tools has been silently discarding trailing commas in version specifiers due to a slight misimplementation of a comma separated list. Because of this bug, users have created packages that do not conform to the spec yet work without issue.
Even if everyone were using PEP 517 and had their build dependencies specified such that the version of the packaging package used in the build would be semver compatible (advisable but not recommended: setuptoolssetuptoolshatch), the regression would still not be fixable in the packaging package because the same PEP 508 version specifiers are also used by PEP 518 when specifying the build backend. Packages authored since late 2022 may have these incorrect specifiers in their build-system.requires section and such packages would not be buildable by package managers with a fixed version of the packaging package.
This is important because tools like uv use alternative implementations of PEP 508. If 99% of users are using the packaging package's slightly broken implementation, the implementation becomes the de facto specification, and packages that comply to the de facto specification but not the documented specification become a problem for alternative implementations.
This PR makes a minor adjustment to the
version_many
grammar to allow a trailing comma to match the behavior of_parse_version_many
.Users may assume that setuptools
install_requires
is a comma separated list or otherwise leave trailing commas in dependency specifiers, leading to requirements likenumpy >=1.19,
. Since https://github.com/pypa/packaging/pull/484 released in late 2022, thepackaging
package used by most packaging tools has been silently discarding trailing commas in version specifiers due to a slight misimplementation of a comma separated list. Because of this bug, users have created packages that do not conform to the spec yet work without issue.More details about the behavior are on https://github.com/pypa/packaging/issues/803 .
Even if everyone were using PEP 517 and had their build dependencies specified such that the version of the packaging package used in the build would be semver compatible (advisable but not recommended: setuptools setuptools hatch), the regression would still not be fixable in the packaging package because the same PEP 508 version specifiers are also used by PEP 518 when specifying the build backend. Packages authored since late 2022 may have these incorrect specifiers in their
build-system.requires
section and such packages would not be buildable by package managers with a fixed version of the packaging package.This is important because tools like uv use alternative implementations of PEP 508. If 99% of users are using the packaging package's slightly broken implementation, the implementation becomes the de facto specification, and packages that comply to the de facto specification but not the documented specification become a problem for alternative implementations.
📚 Documentation preview 📚: https://python-packaging-user-guide--1550.org.readthedocs.build/en/1550/