poetry icon indicating copy to clipboard operation
poetry copied to clipboard
verified publisher icon python-poetry

poetry and pip disagree whether dependency should be installed due to wrong marker specification

Open mirekdlugosz opened this issue 2 years ago • 0 comments

  • Poetry version: 1.4.2

  • Python version: 3.11.3

  • OS version and name: Fedora 37

  • pyproject.toml: https://gist.github.com/mirekdlugosz/f5d93f7b5a907acf7e448a0fdc9fdc65

  • [x] I am on the latest stable Poetry version, installed using a recommended method.

  • [x] I have searched the issues of this repo and believe that this is not a duplicate.

  • [x] I have consulted the FAQ and blog for any relevant entries or release notes.

  • [x] If an exception occurs when executing a command, I executed it again in debug mode (-vvv option) and have included the output below.

Issue

redis==4.5.4 has following dependency specification:

async-timeout>=4.0.2; python_version<="3.11.2"

The idea was to only install async-timeout on Python 3.11.2 or earlier. But this marker is wrong - python_full_version should be used instead of python_version.

When running on Python 3.11.3, pip will pull in this dependency, while poetry will skip it:

$ pip install redis==4.5.4
Collecting redis==4.5.4
  Using cached redis-4.5.4-py3-none-any.whl (238 kB)
Collecting async-timeout>=4.0.2
  Using cached async_timeout-4.0.2-py3-none-any.whl (5.8 kB)
Installing collected packages: async-timeout, redis
Successfully installed async-timeout-4.0.2 redis-4.5.4

$ poetry add redis==4.5.4

Updating dependencies
Resolving dependencies... (0.1s)

Package operations: 1 install, 0 updates, 0 removals

  • Installing redis (4.5.4)

I think this can be considered a bug in poetry. If you consider "python_version" to evaluate to 3.11.0, then entire marker should evaluate to True. If you consider that parser should also run something like '.'.join(version_specifier.split('.')[:2]) on reference version, then it will eventually compare "3.11" to "3.11" and also evaluate to True.

I have found past issues like https://github.com/python-poetry/poetry-core/pull/382 or https://github.com/python-poetry/poetry/issues/5717 . It seems that historically there has been some confusion about difference between python_version and python_full_version (hard to blame anyone, redis was also confused). Perhaps this is showing that there are some remnants of this still around.

I can try to poke around a little and submit a PR, but would need some pointers.

mirekdlugosz avatar Apr 07 '23 15:04 mirekdlugosz