Closed woodruffw closed 5 months ago
Sigh, I see what happened here:
The conflict is caused by:
ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-dependency-conflicts
The user requested sigstore-protobuf-specs~=0.3.0
sigstore 2.1.2 depends on sigstore-protobuf-specs~=0.2.2
The user requested sigstore-protobuf-specs~=0.3.0
sigstore 2.1.0 depends on sigstore-protobuf-specs~=0.2.2
The user requested sigstore-protobuf-specs~=0.3.0
sigstore 2.0.1 depends on sigstore-protobuf-specs~=0.2.0
The user requested sigstore-protobuf-specs~=0.3.0
sigstore 2.0.0 depends on sigstore-protobuf-specs~=0.2.0
To fix this you could try to:
1. loosen the range of package versions you've specified
2. remove package versions to allow pip attempt to solve the dependency conflict
sigstore-python 2.x is ranged to sigstore-protobuf-specs ~= 0.2
, but we've intentionally bumped to ~= 0.3
because of https://github.com/sigstore/sigstore-conformance/pull/132. So this fails to resolve a released version of 2.x.
This ought to always resolve, but there's nothing preventing
pip
from selecting an older version without it.h/t @segiddins