Giters

swimlane / pyattck

A Python package to interact with the Mitre ATT&CK Framework

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Dependencies are too constrained

Koen1999 opened this issue · comments

commented

Describe the bug
When installing pyattck alongside stix2-validator, this turns out to be impossible.
stix-validator requires a modern version of attrs, whereas the one from pyattck is held back for unclear reasons.

To Reproduce
Steps to reproduce the behavior:
pip install pyattck>=6 stix2-validator or pip install pyattck>=6 attrs>=22

Expected behavior
Both packages are installed

Screenshots

(venv) PS C:\Users\user> pip install pyattck>=6 attrs>=22
Requirement already satisfied: pyattck>=6 in c:\users\user\appdata\local\programs\python\venv\lib\site-packages (7.1.2)
Collecting attrs>=22
  Using cached attrs-23.2.0-py3-none-any.whl.metadata (9.5 kB)
INFO: pip is looking at multiple versions of pyattck to determine which version is compatible with other requirements. This could take a while.
Collecting pyattck>=6
  Using cached pyattck-7.1.1-py3-none-any.whl (24 kB)
  Using cached pyattck-7.1.0-py3-none-any.whl (24 kB)
  Using cached pyattck-7.0.0-py3-none-any.whl (24 kB)
  Using cached pyattck-6.2.0-py3-none-any.whl (19 kB)
  Using cached pyattck-6.1.2-py3-none-any.whl (19 kB)
  Using cached pyattck-6.1.1-py3-none-any.whl (19 kB)
  Using cached pyattck-6.1.0-py3-none-any.whl (14 kB)
INFO: pip is still looking at multiple versions of pyattck to determine which version is compatible with other requirements. This could take a while.
  Using cached pyattck-6.0.0-py3-none-any.whl (20 kB)
Requirement already satisfied: requests in c:\users\user\appdata\local\programs\python\venv\lib\site-packages (from pyattck>=6) (2.31.0)
Requirement already satisfied: PyYaml>=5.4.1 in c:\users\user\appdata\local\programs\python\venv\lib\site-packages (from pyattck>=6) (6.0.1)
Collecting fire==0.3.1 (from pyattck>=6)
  Using cached fire-0.3.1.tar.gz (81 kB)
  Preparing metadata (setup.py) ... done
ERROR: Cannot install attrs>=22, pyattck==6.0.0, pyattck==6.1.0, pyattck==6.1.1, pyattck==6.1.2, pyattck==6.2.0, pyattck==7.0.0, pyattck==7.1.0, pyattck==7.1.1 and pyattck==7.1.2 because these package versions have conflicting dependencies.

The conflict is caused by:
    The user requested attrs>=22
    pyattck 7.1.2 depends on attrs<22.0.0 and >=21.4.0
    The user requested attrs>=22
    pyattck 7.1.1 depends on attrs<22.0.0 and >=21.4.0
    The user requested attrs>=22
    pyattck 7.1.0 depends on attrs<22.0.0 and >=21.4.0
    The user requested attrs>=22
    pyattck 7.0.0 depends on attrs<22.0.0 and >=21.4.0
    The user requested attrs>=22
    pyattck 6.2.0 depends on attrs<22.0.0 and >=21.4.0
    The user requested attrs>=22
    pyattck 6.1.2 depends on attrs<22.0.0 and >=21.4.0
    The user requested attrs>=22
    pyattck 6.1.1 depends on attrs<22.0.0 and >=21.4.0
    The user requested attrs>=22
    pyattck 6.1.0 depends on attrs<22.0.0 and >=21.4.0
    The user requested attrs>=22
    pyattck 6.0.0 depends on attrs==21.4.0

To fix this you could try to:
1. loosen the range of package versions you've specified
2. remove package versions to allow pip attempt to solve the dependency conflict

ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-dependency-conflicts

Desktop (please complete the following information):

  • OS: Windows 10
  • Browser n/a
  • Version n/a

Additional context
The problem is that pyproject.toml specifies attrs = "^21.4.0", whereas this should be attrs = "^21.4", or even more loosely attrs = ">=21.4.0"