1

I have a requirement.txt with only 2 dependencies:

sentry-sdk==0.7.11
requests==2.21.0

I've checked the setup.py of both packages and both depend on urllib3:

  • request provides a range that does not accpet the 1.25
  • sentry-sdk instead does not specify a specific version or range

recently a new version of urllib3 (1.25) has been released when I install the dependencies with pip I get the following error:

ERROR: requests 2.21.0 has requirement urllib3<1.25,>=1.21.1, but you'll have urllib3 1.25 which is incompatible.

Is this behavior expected or is a bug in pip?

What is the meaning of not specifying a version of a dependency in install_requires? "force the latest version"?

cunfusu
  • 97
  • 1
  • 9
  • I'm also trying to install the dependencies using pipenv (-r flag) and looks like pipenv is able to handle the dependency resolution. I guess I was expecting something from pip that it actually doesn't provide. Apparently pip is only able to detect conflicts – cunfusu Apr 24 '19 at 09:27

1 Answers1

1

The reason you observe this behavior is because pip installs sentry-sdk first. Since this does not have the version contraint, you get the latest version (1.25). When requests is to be installed, this version is incompatible.

The only way to solve this is to solve all version constraints globally, which AFAIK pip cannot do.

The solution is to specify the version of urllib3 you want in your requirements.txt (since you know which versions of its dependencies you use). This is probably good pratice anyway for transient packages without constraints.

Actually, the way to have reproducible builds with pip is to always do 

pip freeze > requirements.txt

and check in the result. This way a third party package update won't break your build, and you can always manually upgrade later (and check in the result).

Krumelur
  • 31,081
  • 7
  • 77
  • 119
  • seems also that pip has the "check" command. it's probably a good idea to check that the there are no problem before freezing. – cunfusu Apr 25 '19 at 11:11