The issue seems as a result of I need my dependencies to be up-to-date. For this, I’ve configured Dependabot to observe for brand new variations of dependencies listed in necessities.txt
. When such an occasion happens, it open a PR in my repo. More often than not, the PR works like a allure, however in a couple of instances, an error happens once I run the script after I merge. It seems like the next:
ERROR: libfoo 1.0.0 has requirement libbar<2.5,>=2.0, however you may have libbar 2.5 which is incompatible.
The issue is that Dependabot opens a PR for each library listed. However a brand new library model could be launched, which falls outdoors the vary of compatibility.
Think about the next state of affairs. My venture wants the libfoo
dependency. In flip, libfoo
requires the libbar
dependency. At set up time, pip
makes use of the newest model of libfoo
and the newest appropriate model of libbar
. The ensuing necessities.txt
is:
necessities.txt
libfoo==1.0.0
libbar==2.0
The whole lot works as anticipated. After some time, Dependabot runs and finds that libbar
has launched a brand new model, e.g., 2.5
. Faithfully, it opens a PR to merge the next change:
necessities.txt
libfoo==1.0.0
libbar==2.5
Whether or not the above problem seems relies upon solely on how libfoo 1.0.0
specified its dependency in setup.py
. If 2.5
falls throughout the appropriate vary, it really works; if not, it gained’t.