Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Dev dependency get locked as main dependency when constraint is a list

See original GitHub issue

I am on the latest Poetry version.
I have searched the issues of this repo and believe that this is not a duplicate.
If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

OS version and name: Ubuntu 18.10
Poetry version: 0.12.5
Link of a Gist with the contents of your pyproject.toml file: https://gist.github.com/ISO-morphism/1ffe8786755057778b00b845d2d471fc

Issue

While perusing the Poetry source code I stumbled across this block that looked like it could cause a bug. When a member of dev-dependencies has multiple constraints expressed as a list (like this), poetry lock will lock it as a main dependency (like this).

When reading in a .pyproject.toml file, Poetry will internally add a Dependency to a Package that gets initialized from reading a pyproject.toml file.

Steps to reproduce

$ git clone https://github.com/sdispater/poetry.git
Add keyring = ["16.0.0", "16.0.0"] to [tool.poetry.dev-dependencies] in pyproject.toml
$ poetry lock
Search poetry.lock for keyring, see that category = "main"

or in one line:

git clone https://github.com/sdispater/poetry.git && \
cd poetry && \
mv pyproject.toml pyproject.toml.bak && \
sed -e '/\[tool.poetry.dev-dependencies\]/a\' -e 'keyring = ["16.0.0", "16.0.0"]' pyproject.toml.bak > pyproject.toml && \
poetry lock && \
grep -C3 'name = "keyring"' poetry.lock

produces for me:

$ git clone https://github.com/sdispater/poetry.git && \
> cd poetry && \
> mv pyproject.toml pyproject.toml.bak && \
> sed -e '/\[tool.poetry.dev-dependencies\]/a\' -e 'keyring = ["16.0.0", "16.0.0"]' pyproject.toml.bak > pyproject.toml && \
> poetry lock && \
> grep -C3 'name = "keyring"' poetry.lock
Cloning into 'poetry'...
remote: Enumerating objects: 73, done.
remote: Counting objects: 100% (73/73), done.
remote: Compressing objects: 100% (57/57), done.
remote: Total 7105 (delta 26), reused 39 (delta 14), pack-reused 7032
Receiving objects: 100% (7105/7105), 7.85 MiB | 1.22 MiB/s, done.
Resolving deltas: 100% (4703/4703), done.
Updating dependencies
Resolving dependencies... (1.4s)


Writing lock file

[[package]]
category = "main"
description = "Store and access your passwords safely."
name = "keyring"
optional = false
python-versions = ">=2.7"
version = "16.0.0"

This particular example also violates the !!!note found in the docs in that identical constraints do not cause an error.

Issue Analytics

State:
Created 5 years ago
Comments:16 (3 by maintainers)

Top GitHub Comments

1reaction

jhrmnncommented, Nov 14, 2018

It also happens with a git dependency with a specified commit.

0reactions

finswimmercommented, Jan 27, 2020

Thanks a lot for coming back and reporting it as closed 👍

Top Results From Across the Web

Package dependencies - Dart

A dependency is another package that your package needs in order to work. Dependencies are specified in your pubspec. You list only immediate ......

Dependency Management With Python Poetry

Install dependencies with poetry.lock; Execute basic Poetry CLI commands. Using Poetry will help you start new projects, maintain existing ones, ...

Manage Dependencies - PDM

PDM provides a bunch of handful commands to help manage your project and dependencies. The following examples are run on Ubuntu 18.04, a...

Commands | Documentation | Poetry - Python dependency ...

To get help from the command-line, simply call poetry to see the complete list ... If there is no poetry.lock file, Poetry will...

How to resolve Python package dependencies with pipenv?

$ pipenv lock Locking [dev-packages] dependencies… Locking [packages] dependencies… Warning: Your dependencies could not be resolved. You likely have a mismatch ...