Potential dependency conflicts between brightside and amqp
NeolithEra opened this issue · comments
Hi, as shown in the following full dependency graph of brightside, brightside requires amqp (the latest version), while the installed version of _kombu _(4.6.8) requires amqp>=2.5.2,<2.6.
According to Pip's “first found wins” installation strategy, amqp 2.5.2 is the actually installed version.
Although the first found package version amqp 2.5.2 just satisfies the later dependency constraint (amqp>=2.5.2,<2.6), it will lead to a build failure once developers release a newer version of amqp.
Dependency tree--------
brightside - 0.6.13
| +- amqp(install version:2.5.2 version range:*)
| +- eventlet(install version:0.25.2 version range:*)
| +- ez-setup(install version:0.9 version range:*)
| +- kombu(install version:4.6.8 version range:*)
| | +- amqp(install version:2.5.2 version range:>=2.5.2,<2.6)
| | +- importlib-metadata(install version:1.6.0 version range:>=0.18)
| +- poll(install version:1.0 version range:*)
| +- psycopg2(install version:2.8.5 version range:*)
| +- sqlalchemy(install version:1.3.16 version range:*)
Thanks for your attention.
Best,
Neolith
Solution
- Loosen the version range of amqp to be <=2.5.2.
- Remove your direct dependency amqp, and use the amqp transitively introduced by kombu.
- Ask your direct dependency kombu to loosen the version range of amqp to be >=2.5.2.
@iancooper Which solution do you prefer, 1 ,2 or 3?
Please let me know your choice. May I pull a request to solve this issue?
@NeolithEra I would think we could opt for 2, as I believe we only use it through kombu (though if that trips us up, 1 seems better0.
A PR would be great