The issue seems as a result of I need my dependencies to be up-to-date. For this, I’ve configured Dependabot to observe for brand new variations of dependencies listed in
necessities.txt. When such an occasion happens, it open a PR in my repo. More often than not, the PR works like a allure, however in a couple of instances, an error happens once I run the script after I merge. It seems like the next:
ERROR: libfoo 1.0.0 has requirement libbar<2.5,>=2.0, however you may have libbar 2.5 which is incompatible.
The issue is that Dependabot opens a PR for each library listed. However a brand new library model could be launched, which falls outdoors the vary of compatibility.
Think about the next state of affairs. My venture wants the
libfoo dependency. In flip,
libfoo requires the
libbar dependency. At set up time,
pip makes use of the newest model of
libfoo and the newest appropriate model of
libbar. The ensuing
The whole lot works as anticipated. After some time, Dependabot runs and finds that
libbar has launched a brand new model, e.g.,
2.5. Faithfully, it opens a PR to merge the next change:
Whether or not the above problem seems relies upon solely on how
libfoo 1.0.0 specified its dependency in
2.5 falls throughout the appropriate vary, it really works; if not, it gained’t.