Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Potential bug on install requirements mutation during dependency resolution

See original GitHub issue

Description

While working on the new resolver support in pip-tools (https://github.com/jazzband/pip-tools/pull/1539) I ran into an issue with failing tests against pip’s main branch. Using git bisect I’ve tracked down a bad commit https://github.com/pypa/pip/commit/0c284520c6d068cb25ac89d9dbee0456c2eba23a which was introduced in https://github.com/pypa/pip/pull/10962.

The main issue with the following line: https://github.com/pypa/pip/blob/0c284520c6d068cb25ac89d9dbee0456c2eba23a/src/pip/_internal/resolution/resolvelib/factory.py#L310

… where template essentially is ireqs[0]: https://github.com/pypa/pip/blob/0c284520c6d068cb25ac89d9dbee0456c2eba23a/src/pip/_internal/resolution/resolvelib/factory.py#L258

See also discussion on the commit.

Expected behavior

I’ve prepared a temporary fix where template is deep copied from ireqs[0] (see https://github.com/pypa/pip/pull/11018) which makes pip-tools’ tests pass. Any ideas on how to avoid ireqs mutation which might lead to potential bugs?

pip version

22.1.dev0

Python version

3.8

OS

macOS

How to Reproduce

Unfortunately, I haven’t found yet simple reproducer other than pip-tools’ tests:

  1. git clone https://github.com/atugushev/pip-tools@new-resolver
  2. cd pip-tools
  3. tox -e py38-pipmain -- -k 'not network'

Output

https://github.com/jazzband/pip-tools/runs/5872141303?check_suite_focus=true

Code of Conduct

Issue Analytics

  • State:open
  • Created a year ago
  • Reactions:3
  • Comments:6 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
pradyunsgcommented, May 2, 2022

@atugushev Could you provide a reproducer for the issue?

1reaction
pradyunsgcommented, Apr 23, 2022

I’m marking this as a release blocker, or at least, as something we’d want to see tested as part of a beta release before a proper release.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Dependency Resolution - pip documentation v22.3.1
pip is capable of determining and installing the dependencies of packages. The process of determining which version of a dependency to install is...
Read more >
mutatest
Python mutation testing: test your tests! ... These mutants are potential modifications in source code that continuous integration checks would miss.
Read more >
Could I Have a Stack Trace to Examine the Dependency ...
Although project management tools such as Maven are able to give warnings of potential dependency conflicts when a project.
Read more >
V2: Fast Detection of Configuration Drift in Python
V2 then uses the dependency resolution algorithm and ... a dependency which is not required fails to install, it will.
Read more >
Real world mutation testing
By default pitest will mutate all code in your project. You can limit which code is mutated and which tests are run using...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

How to report a security bug of pip?

Next page

Always retry 429 Too Many Requests responses from index server