-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(🎁) Abillity to constrain transitive dependencies #4991
Comments
pip supports constraints https://pip.pypa.io/en/stable/cli/pip_install/#cmdoption-c |
You can kinda get some transitive dependency functionality if you mark the dependency as [tool.poetry.dependencies]
setuptools = { version: "60.2.0", optional = true } Or maybe make a "constraints" group: [tool.poetry.group.constraints]
optional = true
[tool.poetry.group.constraints.dependencies]
setuptools = "60.2.0" But this isn't a full form solution. |
Because Python packaging is flat, Poetry has always taken the stance that if you care about a transient dependency at all (version, source, etc) it's now a top-level dependency, even if you don't import a module in that dependency directly. I doubt we'll be revisiting that decision anytime soon, and for those that object, the pattern above with optional groups is supported/offers another path. |
… requesting ipapython's 'ldap' extra This removes some unused dependencies of ipaclient such as pypng and qrcode. Ideally we'd be able to add the 'ldap' extra to 'ipapython' without promoting it to a direect dependency, however Poetry does not support this: > Because Python packaging is flat, Poetry has always taken the stance > that if you care about a transient dependency at all (version, source, > etc) it's now a top-level dependency, even if you don't import a module > in that dependency directly. <python-poetry/poetry#4991 (comment)>
The optional marker without an extra doesn't seem to make it optional in pip's eyes, see #7787 |
Recently, a transitive dependency upgrade happened that created a conflict and even broke past setups that embraced "best practices" in pinning dependencies: open-telemetry/opentelemetry-python#3382 This kind of bug means that the current working build stopped working, as well as most/all previous builds (for On the same day, we also had problems with 2 top-level dependencies (boto3-stubs and click) that were marked as Since this is a CLI app and not a library that you're expected to import, we want to ensure to pin transitive dependencies for |
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Feature Request
In Gradle you can constrain transitive dependencies like this:
In Poetry if I want to constrain a transitive dependency I have to specify the dependency as a direct dependency.
There are several advantages and motivations to specifying constraints over direct dependencies.
I would like to be able to specify constraints, maybe something like:
The text was updated successfully, but these errors were encountered: