Open hynek opened 1 month ago
This issue also affecting pypa/setuptools#4533.
Thanks for notifying me!
Would it be possible to create a release which limits the version of the towncrier dependency?
@commonism it'd be pointless as pip's depresolver would just backtrack to the previous version.
@commonism it'd be pointless as pip's depresolver would just backtrack to the previous version.
Pip does not do that
I can assure you, with my PyPA hat on, that pip's dependency resolver (resolvelib
) does exactly that in exactly this corner case, unless the end-user adds a constraint that would prevent it from considering those versions, which is already possible, anyway.
If sphinxcontrib-towncrier==0.4.1
will have a constraint towncrier<24.7
, and user installs sphinxcontrib-towncrier
without any explicit version constraint, then pip will install sphinxcontrib-towncrier==0.4.1, towncrier==23.11.0
. I don't see why pip will apply some kind of backtracking in this case.
Of course, things may be more complicated if some other package passed to pip install
depends on other towncrier version, or specific package version is not available on current environment (Python version and so on).
That's it. You still have to manually constrain the user request on what to install. But if you don't — backtracking happens. OTOH, you can already constrain it now, even without a release with different metadata. And arguably, you should pin your entire environment, not just bits and pieces: https://hynek.me/articles/semver-will-not-save-you/#taking-responsibility.
That said, I don't see how this would be different with or without a release just bumping the metadata. When I find time to work on this, I won't be looking into trivial stop-gaps and will just fix the incompatibility :man_shrugging: It doesn't make sense to me to spend that time twice.
Looks like the just-released Towncrier 24.7 has broken some API you're using:
See https://github.com/python-attrs/attrs/actions/runs/10176118290/job/28144823882#step:6:29 for full CI failure.