Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pipgrip selects yanked verison #118

Closed
tekumara opened this issue Aug 14, 2023 · 6 comments
Closed

pipgrip selects yanked verison #118

tekumara opened this issue Aug 14, 2023 · 6 comments
Labels
bug Something isn't working

Comments

@tekumara
Copy link

tekumara commented Aug 14, 2023
edited
Loading

What you were trying to do (and why)

pipgrip prefect will select 2.82 which has been yanked.

What happened (including command output)

Command output

$ pipgrip prefect

prefect==2.82
aiosqlite==0.19.0
alembic==1.11.2
mako==1.2.4
markupsafe==2.1.3
sqlalchemy==1.4.49
typing-extensions==4.7.1
anyio==3.7.1
exceptiongroup==1.1.2
idna==3.4
sniffio==1.3.0
apprise==1.4.5
certifi==2023.7.22
click==8.1.6
markdown==3.4.4
pyyaml==6.0.1
requests==2.31.0
charset-normalizer==3.2.0
urllib3==2.0.4
requests-oauthlib==1.3.1
oauthlib==3.2.2
asgi-lifespan==2.1.0
asyncpg==0.28.0
cloudpickle==2.2.1
coolname==2.2.0
croniter==1.4.1
python-dateutil==2.8.2
six==1.16.0
cryptography==41.0.3
cffi==1.15.1
pycparser==2.21
dateparser==1.1.8
pytz==2023.3
regex==2023.8.8
tzlocal==5.0.1
docker==6.1.3
packaging==23.1
websocket-client==1.6.1
fastapi==0.101.0
pydantic==2.1.1
annotated-types==0.5.0
pydantic-core==2.4.0
starlette==0.27.0
fsspec==2023.6.0
griffe==0.32.3
colorama==0.4.6
httpx==0.24.1
h2==4.1.0
hpack==4.0.0
hyperframe==6.0.1
httpcore==0.17.3
h11==0.14.0
jinja2==3.1.2
jsonpatch==1.33
jsonpointer==2.4
jsonschema==4.19.0
attrs==23.1.0
jsonschema-specifications==2023.7.1
referencing==0.30.2
rpds-py==0.9.2
kubernetes==27.2.0
google-auth==2.17.3
cachetools==5.3.1
pyasn1-modules==0.3.0
pyasn1==0.5.0
rsa==4.9
orjson==3.9.4
pathspec==0.11.2
pendulum==2.1.2
pytzdata==2020.1
python-slugify==8.0.1
text-unidecode==1.3
readchar==4.0.5
setuptools==68.0.0
rich==13.5.2
markdown-it-py==3.0.0
mdurl==0.1.2
pygments==2.16.1
greenlet==2.0.2
toml==0.10.2
typer==0.9.0
uvicorn==0.23.2
websockets==11.0.3
$ pip install prefect==2.82
...
WARNING: The candidate selected for download or install is a yanked version: 'prefect' candidate (version 2.82 at https://files.pythonhosted.org/packages/16/e3/4ac0b6e214e4fb315d2032e176eaa33c175e29ff182fe48ac1cabccb30bc/prefect-2.82-py3-none-any.whl (from https://pypi.org/simple/prefect/) (requires-python:>=3.7))
Reason for being yanked: Version number was supposed to be "2.8.2"

What you expected to happen

Yanked versions are ignored

Step-by-step reproduction instructions

pipgrip==0.10.7
@tekumara tekumara added the bug Something isn't working label Aug 14, 2023
@ddelange
Copy link
Owner

ddelange commented Aug 14, 2023
edited
Loading

Hi @tekumara 👋

Thanks for the report. It looks like this is an upstream bug. Somehow this output includes the yanked version:

$ pip install prefect==none
ERROR: Could not find a version that satisfies the requirement prefect==none (from versions: 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.11.0, 0.11.1, 0.11.2, 0.11.3, 0.11.4, 0.11.5, 0.12.0, 0.12.1, 0.12.2, 0.12.3, 0.12.4, 0.12.5, 0.12.6, 0.13.0, 0.13.1, 0.13.2, 0.13.3, 0.13.4, 0.13.5, 0.13.6, 0.13.7, 0.13.8, 0.13.9, 0.13.10, 0.13.11, 0.13.12, 0.13.13, 0.13.14, 0.13.15, 0.13.16, 0.13.17, 0.13.18, 0.13.19, 0.14.0, 0.14.1, 0.14.2, 0.14.3, 0.14.4, 0.14.5, 0.14.6, 0.14.7, 0.14.8, 0.14.9, 0.14.10, 0.14.11, 0.14.12, 0.14.13, 0.14.14, 0.14.15, 0.14.16, 0.14.17, 0.14.18, 0.14.19, 0.14.20, 0.14.21, 0.14.22, 0.15.0, 0.15.1, 0.15.2, 0.15.3, 0.15.4, 0.15.5, 0.15.6, 0.15.7, 0.15.8, 0.15.9, 0.15.10, 0.15.11, 0.15.12, 0.15.13, 1.0rc1, 1.0.0, 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 2.0a1, 2.0a2, 2.0a3, 2.0a4, 2.0a5, 2.0a6, 2.0a7, 2.0a8, 2.0a9, 2.0a10, 2.0a11, 2.0a12, 2.0a13, 2.0b1, 2.0b2, 2.0b3, 2.0b4, 2.0b5, 2.0b6, 2.0b7, 2.0b8, 2.0b9, 2.0b10, 2.0b11, 2.0b12, 2.0b13, 2.0b14, 2.0b15, 2.0b16, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.5.0, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.7.8, 2.7.9, 2.7.10, 2.7.11, 2.7.12, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.9.0, 2.10.0, 2.10.1, 2.10.2, 2.10.3, 2.10.4, 2.10.5, 2.10.6, 2.10.7, 2.10.8, 2.10.9, 2.10.10, 2.10.11, 2.10.12, 2.10.13, 2.10.14, 2.10.15, 2.10.16, 2.10.17, 2.10.18, 2.10.19, 2.10.20, 2.10.21, 2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.82)

@ddelange
Copy link
Owner

Yep, it was reported upstream: pypa/pip#11745

@tekumara
Copy link
Author

Oh interesting, thanks for looking into this.

One slight difference i've noticed is that
pip install prefect~=2.11 will install prefect 2.11.3, but
pipgrip prefect~=2.11 will pick prefect 2.82 (the yanked version)

@ddelange
Copy link
Owner

Yeah, that's expected behaviour if the yanked versions show up in the from versions: message, pipgrip relies on it to build the resolution space...

@ddelange
Copy link
Owner

ddelange commented Aug 14, 2023
edited
Loading

I opened a PR to fix it: pypa/pip#12225

@ddelange
Copy link
Owner

Upstream fix is merged. Thanks for the report!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tekumara @ddelange