component-detection icon indicating copy to clipboard operation
component-detection copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Python: Handle multiple dependency specifiers for the same package

Open cobya opened this issue 1 year ago • 3 comments

In PythonResolver and SimplePythonResolver, as surfaced in #962 there is the potential for multiple package version specifications for the same package present in a .WHL file returned by pypi. PythonResolver and SimplePythonResolver will now resolve this mismatch by choosing the latest entry, but this logic may result in lost versions.

Investigate pypi responses and documentation to see if there is a better method of handling this case.

Example: https://pypi.org/project/msal-extensions/ https://files.pythonhosted.org/packages/52/34/a8995d6f0fa626ff6b28dbd9c90f6c2a46bd484bc7ab343d078b0c6ff1a7/msal_extensions-1.0.0-py2.py3-none-any.whl

AB#2139080

cobya avatar Jan 11 '24 22:01 cobya

Relevant function: ResolveDependencySpecifications in PythonResolverBase

cobya avatar Jan 19 '24 17:01 cobya

@cobya can you please share ETA for this fix ?

hravellamicrosoft avatar Jan 23 '24 01:01 hravellamicrosoft

@hravellamicrosoft we do not have a current ETA for this. The fixes in #962 will be rolled out in the next release of our internal tooling but this repo's discussions should be kept separate from that.

cobya avatar Jan 23 '24 22:01 cobya