search

secureIT-project / CVEfixes

CVEfixes: Automated Collection of Vulnerabilities and Their Fixes from Open-Source Software
Other
204 stars 52 forks source link

Anaconda environment conflict #2

Closed YangWenhao3906 closed 2 years ago

YangWenhao3906 commented 2 years ago

when I run conda env create -f environment.yml in my ubuntu 20.04, but conflict occurs. how can I solve it?

Collecting guesslang~=2.0
  Downloading guesslang-2.2.0-py3-none-any.whl (2.5 MB)
  Downloading guesslang-2.0.3-py3-none-any.whl (2.1 MB)
  Downloading guesslang-2.0.1-py3-none-any.whl (2.1 MB)
  Downloading guesslang-2.0.0-py3-none-any.whl (13.0 MB)
INFO: pip is looking at multiple versions of <Python from Requires-Python> to determine which version is compatible with other requirements. This could take a while.
INFO: pip is looking at multiple versions of pydriller to determine which version is compatible with other requirements. This could take a while.

The conflict is caused by:
    guesslang 2.2.1 depends on tensorflow==2.5.0
    guesslang 2.2.0 depends on tensorflow==2.5.0
    guesslang 2.0.3 depends on tensorflow==2.5.0
    guesslang 2.0.1 depends on tensorflow==2.2.0
    guesslang 2.0.0 depends on tensorflow==2.2.0

To fix this you could try to:
1. loosen the range of package versions you've specified
2. remove package versions to allow pip attempt to solve the dependency conflict

Pip subprocess error:
ERROR: Cannot install -r /home/yang/Documents/CVE/CVEfixes/condaenv.ko814pto.requirements.txt (line 2) because these package versions have conflicting dependencies.
ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/user_guide/#fixing-conflicting-dependencies

CondaEnvException: Pip failed
leonmoonen commented 2 years ago

Have you tried the virtualenv-based route? Would that be an option for you?

To try, run the following while in /home/yang/Documents/CVE/CVEfixes/:

python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
leonmoonen commented 2 years ago

A follow-up: I've replicated the issue in a VM with Ubuntu 20.04.3 and this Miniconda installer.

Although the CVEfixes collector itself doesn't use tensorflow, guesslang depends on it, and it seems the conda resolution algorithm gets confused (even though it could just use guesslang 2.2.1 and tensorflow 2.5.0). We can help it by adding tensorflow to the dependencies, i.e., update environment.yml like this:

name: CVEfixes
channels:
  - conda-forge
  - defaults
dependencies:
 - python~=3.8
 - pandas~=1.2
 - numpy~=1.19
 - requests~=2.24
 - PyGithub~=1.54
 - tensorflow==2.5
 - jupyter
 - seaborn
 - matplotlib
 - pip
 - pip:
   - PyDriller~=2.0
   - guesslang~=2.0

After this the conda environment gets created correctly in my VM.