Hello,

The latest version of the pyrsistent dropped Python 2 support after one of the contributors added python_requires='>=3.5' in setup.py.

pip install pyrsistent Collecting pyrsistent Downloading https://files.pythonhosted.org/packages/83/14/6d02fad9caeb3903f06f9442e57789ca2fbb3cf7daf66d4de3aa4dc867dc/pyrsistent-0.17.1.tar.gz (106kB) 100% |████████████████████████████████| 112kB 604kB/s pyrsistent requires Python '>=3.5' but the running Python is 2.7.17

The fix added to declare Python 2 support drop seems to be ok but I think there is a problem with the sdist. I mean, what version of setuptools did you used to create the sdist? Because supporting python_requires requires setuptools>=24.2.0 and pip>=9.0.0 to benefit from it

https://packaging.python.org/guides/distributing-packages-using-setuptools/#python-requires

Support for this feature is relatively recent. Your project's source distributions and wheels (see Packaging your project) must be built using at least version 24.2.0 of setuptools in order for the python_requires argument to be recognized and the appropriate metadata generated.

Hey, 0.17.{1,2} are also missing the metadata.. Could you please yank these from PyPI as well?

AFAIK you need to use twine to upload the package to PyPI for the metadata to be properly recognized.

Tip: You can publish to testpypi in order to avoid bumping the real version number and yanking packages a lot until it works properly!

OK, sorry, you'll have to pin your versions until I find some time to do this properly.

The problem is mostly with packages that don't explicitly depend on pyrsistent (but have some dependency depend on it) and already have packages out there on pypi - those are broken without making a new release there.

Would keeping 0.17.* yanked until you solved it be an option to avoid this?

@tobgu I had to had python_requires recently to one of my package, it requires the latest version to support Python 2.7 to also have this metadata. I would recommend releasing a 0.16.1 version with a python_requires>=2.7

@Lothiraldan I don't think that's required...

If you look here you see that the package does not include the metadata. Compare it with e.g. this one where it says "Requires: Python >=3.7" on the side. This is the same metadata that is also used during installs.

Try pip install -U pip setuptools twine to make sure all those things are recent enough.

@ThiefMaster I found this documentation that explains in details how to drop support for a Python version: https://packaging.python.org/guides/dropping-older-python-versions/#dropping-a-python-release

And from my testing it matches the behavior I can see.

As for the pypi page, I think the Requires: Python is not displayed because pyrsistent does not release a wheel. The metadata is correctly present in the tar.gz setup.py file.

AFAIK pypi does not look at package contents at all but relies on metadata sent in the request where the package is uploaded. So wheel vs sdist should not matter as long as the tool used to upload knows how to get the metadata and includes it in the request.

OK, 0.17.X is now yanked until this has been sorted.

I've never seen this fail if published with latest setuptools and twine, so that's a new one for me!

FYI @tobgu, there's https://test.pypi.org/ if you want to test some uploads and check if the metadata get uploaded, without polluting your official releases.

Even though pypi says it's yanked, pip is still trying to install 0.17.2.
Even with --no-cache-dir.

Maybe an ancient pip/setuptools version that does not know about yanked packages?

It's the OS-provided py2 installation, so probably.
I thought it meant it was actually removed from pypi.

Aside from old pip/setuptools, Sonatype Nexus doesn’t propagate the yanked attribute, so if you’re using that to mirror/proxy PyPI, that may also be contributing. I’ve opened a ticket for this: https://issues.sonatype.org/browse/NEXUS-25231

• 0.16.1 released which requires Python >= 2.7
• 0.17.3 released which requires Python >= 3.5

Twine was needed to get the meta data across to PyPI it seems.

Please let me know if there are still issues of any kind.

@tobgu thank you for your fixes. Would it be possible to completely remove 0.17.0, 0.17.1 and 0.17.2 versions from PyPi? Not all PyPI proxies are propagating "yanked" attribute, so not working versions still may be offered to some users.

not the author, but nuking packages is generally not a good idea (even though it's very unlikely that someone started depending on .1 and .2 which were only out for a very short time). I'd say whoever is using proxies should use this opportunity to ask the developers (or vendors, since I think some of them are commercial) to fix this!

@ThiefMaster I agree. Unfortunately, getting fix and deployment may take months if not years in some organizations. I'm looking for short term solution.

Why isn't 0.17.3 yanked as well?

Probably because it's not broken: Requires: Python >=3.5

OK, haven't heard about any major issues with the release so closing this one. Sorry for any inconvenience this caused and thanks for all your input!

@wasilukm The best I can offer for you is probably to pin a version in your requirements file (https://pip.pypa.io/en/stable/user_guide/#pinned-version-numbers) or to explicitly avoid certain versions in the requirements file (https://pip.pypa.io/en/stable/user_guide/#requirements-files).

Just FYI if anyone has an issue with pip installing wrong pyrsistent version (0.17.2) for python2: Take a note that pip respects yanked packages from version 19.2. If you use earlier pip version, it will install wrong package.

I managed to manually install 0.16.1 to get by the issue on buster 10.6, that has pip version 18.1-5. After manually installing 0.16.1, my transitive dependency error when installing pyjson was resolved.

sudo pip install pyrsistent==0.16.1