Bump dependencies and build tools#2394
Bump dependencies and build tools#2394gaborbernat merged 1 commit intopypa:mainfrom gaborbernat:bump-tools
Conversation
Signed-off-by: Bernát Gábor <gaborjbernat@gmail.com>
| distlib>=0.3.5,<1 | ||
| filelock>=3.4.1,<4 | ||
| platformdirs>=2.4,<3 | ||
| importlib-metadata>=4.8.3;python_version < "3.8" |
There was a problem hiding this comment.
I had issues when requiring tox and flake8 because of this pin.
Shortened error from pip-compile-multi:
Could not find a version that matches importlib-metadata<4.3,>=0.12,>=0.22,>=1.1.0,>=4.8.3 (from tox==3.25.1->-r requirements/local.in (line 3))
Tried: ............
There are incompatible versions in the resolved dependencies:
.......
importlib-metadata<4.3,>=1.1.0 (from flake8==5.0.4->-r requirements/test.in (line 6))
importlib-metadata>=4.8.3 (from virtualenv==20.16.3->tox==3.25.1->-r requirements/local.in (line 3))
In my case, pinning virtualenv==20.16.2 ; python_version < '3.7' avoids the problem, but my project will be locked on virtualenv version 20.16.2 until this can be resolved.
Is there a reason for importlib-metadata to be pinned as >=4.8.3? I'm not super familiar with the library, and the problems around it, but unfortunately looks this isn't the only issue out there when projects pin it.
There was a problem hiding this comment.
Is there a reason for
importlib-metadatato be pinned as>=4.8.3?
That's the only version we actually test with in our CI and is the only version I'm comfortable saying it's supported. I recommend reaching out to other projects that upper pin to remove.
Signed-off-by: Bernát Gábor gaborjbernat@gmail.com