Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential dependency conflicts between django-andablog and django #68

Open
NeolithEra opened this issue May 9, 2020 · 3 comments
Open

Potential dependency conflicts between django-andablog and django #68

NeolithEra opened this issue May 9, 2020 · 3 comments

Comments

@NeolithEra
Copy link

Hi, as shown in the following full dependency graph of django-andablog, django-andablog requires django >=2.0,<2.3 , while the installed version of django (2.2.12) ,django-model-utils 4.0.0 requires django >=2.0.1.
According to Pip's “first found wins” installation strategy, django 2.2.12 is the actually installed version.
Although the first found package version django 2.2.12 just satisfies the later dependency constraint (django >=2.0.1), it will easily cause a build failure once the updated django-model-utils introduces a higher version of Django.
According to the release history of django-model-utils, it habitually upgrates Django in its recent releases. For instance, django-model-utils 3.0.0 upgrated Django’s constraint from >=1.4.2 to >=1.8, django-model-utils 3.2.0 upgrated Django’s constraint from >=1.8 to >=1.1.11, and django-model-utils 4.0.0 upgrated Django’s constraint from >=1.1.11 to >=2.0.1.

Dependency tree

django-andablog - 3.2.0
| +- django(install version:2.2.12 version range:>=2.0,<2.3)
| | +- pytz(install version:2019.3 version range:*)
| | +- sqlparse(install version:0.3.1 version range:*)
| +- django-markupfield(install version:2.0.0 version range:>=1.5,<3)
| +- django-model-utils(install version:4.0.0 version range:>=3.0,<5.0)
| | +- django(install version:2.2.12 version range:>=2.0.1)
| | | +- asgiref (install version: version range:=3.2)
| | | +- pytz(install version:2019.3 version range:*)
| | | +- sqlparse (install version:0.3.1 version range:>=0.2.2)
| +- django-taggit(install version:1.2.0 version range:>=0.22.2,<2.0.0)
| +- pillow(install version:7.1.2 version range:>=4.0.0,<8.0.0)
| +- six(install version:1.14.0 version range:*)

Thanks for your help.
Best,
Neolith
@NeolithEra
Copy link
Author

Suggested Solution

  1. Lose the version range of django to be >=2.0.
  2. Remove your direct dependency django, and use the django transitively introduced by django-model-utils.
  3. Change the version range of django-model-utils to be >=3.0,<=4.0.
    @ivanvenosdel Which solution do you prefer, 1 ,2or 3?
    Please let me know your choice. May I pull a request to solve this issue?

@ivanvenosdel
Copy link
Contributor

Thank you for noticing this and offering to do a PR. If I understand your concern correctly you are saying that, though there is not currently a dependency conflict, the way django-model-utils typically bumps its Django dependencies in minor releases means that there soon will be.

Lets go with your first suggestion as I would rather have the minimum Django be determined via actual testing efforts by this project.

@ivanvenosdel
Copy link
Contributor

Also feel free to add yourself to the AUTHORS file.

NeolithEra added a commit to NeolithEra/django-andablog that referenced this issue May 11, 2020
@NeolithEra
Fix dependency conflict for issue
42872b1 
ramblin-dev#68
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ivanvenosdel @NeolithEra