Dependencies: Bump a few versions, start using version range constraints

[amotl]

About

Related to GH-1015 and GH-1016, this patch intends to modernize a few dependencies.

Details

I've verified the installation works using this command. I did not run any software tests yet.

pip install --editable='.[export,influxdb,cratedb,postgresql,radar,bufr,restapi,explorer,radar,radarplus]' --prefer-binary

[amotl]

Problem

After mitigating a few woes, the patch is now down to four failures, related to imgw. I can reproduce them locally by using this command:

pytest -k test_imgw_meteorology_api_monthly

The error is:

exceptions.ComputeError: strict conversion from `str` to `f64` failed for value(s) ["1835 31"]; if you were trying to cast Utf8 to temporal dtypes, consider using `strptime`

-- https://github.com/earthobservations/wetterdienst/actions/runs/6352977539/job/17256790304?pr=1017#step:8:909

Q&A

@gutzbenj: Do you think it is related to my version bumps, or do you think it could be unrelated?

[gutzbenj]

Dear @amotl ,

looking at the changes I wonder what effect they have as most version constraints are the same as before but some libraries are even more constrained with the lower upper bound.

[gutzbenj]

The issues with the tests are related to actual issues in the data!

[amotl]

looking at the changes I wonder what effect they have as most version constraints are the same as before

It will give people installing Wetterdienst as a library much more freedom. Before, we mostly used ^xx.yy constraint definitions, which nailed the dependencies to the very release it was designated at, modulo semver headroom.

but some libraries are even more constrained with the lower upper bound.

It will give everyone more safety even when time progresses, i.e. each version of Wetterdienst will be more likely to work, even in the future, while Dependabot is the driver not to stay in the past for too long. With NumPy and pandas, I was just playing around until I realized I needed to bump duckdb. Both commits can probably be removed again.

[gutzbenj]

I'm not sure that's the case. When you look at the poetry docs [1] e.g. ^1.2.3 equals >=1,<2. I guess what you mean is ~1.2.3 which equals >=1.2.3,<1.3

[1] https://python-poetry.org/docs/dependency-specification/

[amotl]

I'm not sure that's the case.

What exactly?

When you look at the poetry docs [1] e.g. ^1.2.3 equals >=1,<2.

What would ^0.7.1 equal to?

[gutzbenj]

The constraints that are currently set mostly equal the changes you set.

That would equal >=0.7.1,<1.0

[amotl]

I guess what you mean is ~1.2.3 which equals >=1.2.3,<1.3.

Ah, do you suggest to switch everything over to semver instead? I would be open to, but still do not feel totally convinced and comfortable, and made good experiences with version ranges in the past, that's why I was advocating for them.

[gutzbenj]

Oh my bad!!! I misread the docs and what I said applies only after 1.0 as it looks. What we have to do is reduce the version constraint to second level e.g. ^0.1.2 we have to change to ^0.1.

[amotl]

^0.7.1 would equal >=0.7.1,<1.0.

This is why I love version ranges, because you can define that "it works" with higher major version numbers like >=0.7.1,<2. I can't do that with any other notation, other than enumerating different ranges of major versions explicitly, right?

[amotl]

Oh my bad!!! I misread the docs and what I said applies only after 1.0 as it looks. What we have to do is reduce the version constraint to second level e.g. ^0.1.2 we have to change to ^0.1.

With all those special cases which tend to be regularly forgotten, or not at hand at the right time, it is another reason why I prefer the explicit version range notation.

[kmuehlbauer]

So, does that mean, the Pint pinning had an issue being restricted to 0.17.X.

But for numpy anything in the 1.X.Y should be allowed?

Then, for numpy it might just be a wrong translation of the caret pinning over at conda-forge.

[kmuehlbauer]

The docs say, the caret pinning preserves the leftmost non-zero value.
So ^0.17 will clearly stay <0.18 or am I missing something?

[amotl]

So ^0.17 will clearly stay <0.18 or am I missing something?

Yes, I think this is correct, and needs to be relaxed.

But for numpy anything in the 1.X.Y should be allowed?

In theory, but the interdependencies of NumPy with other libraries like pandas and transiently to duckdb are more subtle, and sometimes problems only trip on behalf of a larger application and test cases like we are running here.

I think it is safer to explicitly let version combinations be validated by CI, and driven by Dependabot. Once a package is released, we do not have any longer the chance to fiddle with its defined dependencies, and with limiting on the upper bound, we are taking care that a package is sound when being installed, even in the future.

This specifically applies to "huge" dependencies with many changes even between their minor releases, like NumPy or pandas. The situation is definitively more relaxed with other packages having a more infrequent release cycle, with less changes.

[gutzbenj]

According to poetry docs ^0.17 means <1.0 but ^0.17.X means <0.18. I made the mistake when adding new dependencies that I didn't remove the third patch version layer from the string after adding with poetry add.

[amotl]

Let me use this as an example to demonstrate why I prefer the version range notation: When version 5 of this package will be released, Dependabot will submit a change to >=4,<6, and the outcome from CI will immediately tell whether this is good or not. If version 5 works, and just because it is version 5 already, I am trusting their maintainers enough that it will not break during the whole version 5 release cycle.

On the other hand, a "point" bump would raise the lower version bound of this package to ">=5", which is an unneccessary restriction if it still works with version 4, and on the other hand, too dangerous without an upper bound, because nobody knows what version 6 will be all about.

Those thoughts include a series of assumptions and decisions I would like to make individually per dependency. They hopefully outline my thoughts why I am so much in favor of version range notations. Of course, it only explains my thoughts on behalf of a single example, but I am sure you can extrapolate from that.

[amotl]

If it technically works with Pint, because the package is compatible enough, I believe it is the right way to write down dependencies in ranges of version numbers, instead of anything else - modulo exceptions ;].

Only writing >=0.17 would be dangerous, because it is very likely to break until a 1.x release.

[amotl]

According to poetry docs ^0.17 means <1.0 but ^0.17.X means <0.18. I made the mistake when adding new dependencies that I didn't remove the third patch version layer from the string after adding with poetry add.

Thanks for adding yet another reason why I don't like the convenience variants for version notations, even if they sound convenient. There are just too many troubles, in past, presence, and future.

[amotl]

I also wanted to add that the resolver now completes in just a few seconds 💯. I am sure there have been advancements in Poetry to increase performance, but I am equally sure it now has much more headroom with those relaxed constraints.

[gutzbenj]

Happy merging! 🙂

[amotl]

Will you separately take care about this regression, @gutzbenj?

[amotl]

Dito.

[amotl]

Also here.

[amotl]

Hmm. Did you see that one before, @gutzbenj?

ERROR tests/ui/explorer/test_explorer.py::test_app_layout - AttributeError: module 'percy' has no attribute 'Runner'

I don't think dependency adjustments changed anything significant here. At least, when rolling back the changes outlined below, there are no changes to poetry.lock on my machine.

Before:

percy-selenium = "^2.0.0"
selenium = "^4.0"

Now:

percy-selenium = ">=2,<3"
selenium = ">=4,<5"

-- https://github.com/earthobservations/wetterdienst/actions/runs/6354438040/job/17260902996?pr=1017#step:8:902

[amotl]

pytest tests/ui/explorer/test_explorer.py -k test_app_layout

pip install "percy<2" magically makes the test case succeed on my machine.

However, the Poetry resolver reports this is not ok:

So, because wetterdienst depends on both dash (^2.6) and percy (<2), version solving failed.

[amotl]

Don't know what is going on about Percy. fb26a9f may fix it.

• Old: https://github.com/percy/python-percy-client (pip install percy)
• New: https://github.com/percy/percy-selenium-python (pip install percy-selenium)

However, installing vanilla percy after installing percy-selenium fixes the problem for me. Maybe they need to tune their packaging a bit?

[amotl]

Q: What's that?
A: It fixes a problem running the "explorer" tests on my machine, and hopefully also on CI. See my report at #1017 (comment) ff.

[amotl]

Better safe than sorry. ;]

[amotl]

Problem

Only on Windows:

Installing the current project: wetterdienst (0.60.0)
+ poetry run -- python -m pip install 'percy>=2,<3' --force
The system cannot find the file specified.
Error: Process completed with exit code 1.

-- https://github.com/earthobservations/wetterdienst/actions/runs/6356128387/job/17265271480?pr=1017#step:6:296

References

• poetry run causes [FileNotFoundError] with some scripts python-poetry/poetry#2481
• Poetry on Windows fails with File does not exists error python-poetry/poetry#4479

Fix?

poetry run poe fix-percy

[tool.poe.tasks]
fix-percy = "python -m pip install 'percy>=2,<3' --force"

[amotl]

This patch has quite a few quirks [1]. Still, a lot of debugging went into it, and it seems to be "right" now, despite including workarounds, so I would like to bring it in, in order to continue with more version bumping.

[1]: One of them, I've reported upstream to percy/percy-selenium-python#66.

[amotl]

Oh my. Tests on Windows fail at the very end with an extraordinarily classic error.

MemoryError: Unable to allocate output buffer.

-- https://github.com/earthobservations/wetterdienst/actions/runs/6356384858/job/17265893861?pr=1017#step:8:833

Maybe just a hiccup while acquiring MOSMIX data. Re-running with 🤞.

[kmuehlbauer]

@amotl Let's put trust into this debugging session and apply these pinnings over at conda-forge.

I can do this, but on Monday earliest.

Thanks for all the hard work here!

[amotl]

Did you ever observe such errors revolving around xdist, when running tests on Windows, @gutzbenj?

[gw1] node down: Not properly terminated
[gw1] [ 93%] FAILED tests/ui/test_cli.py::test_cli_values_json_tidy[dwd-observation---resolution=daily --parameter=kl --date=2020-06-30-station_id0-Dresden-Klotzsche] 

replacing crashed worker gw1

-- https://github.com/earthobservations/wetterdienst/actions/runs/6356384858/job/17266345457?pr=1017#step:8:718

[codecov]

Codecov Report

Attention: 138 lines in your changes are missing coverage. Please review.

Comparison is base (bab5797) 90.91% compared to head (8df10dc) 89.69%.
Report is 14 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1017      +/-   ##
==========================================
- Coverage   90.91%   89.69%   -1.23%     
==========================================
  Files         105      103       -2     
  Lines        8718     9498     +780     
  Branches      998     1056      +58     
==========================================
+ Hits         7926     8519     +593     
- Misses        592      766     +174     
- Partials      200      213      +13     

Flag	Coverage Δ
unittests	89.69% <89.43%> (-1.23%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
wetterdienst/api.py	92.92% <100.00%> (+0.32%)	⬆️
wetterdienst/core/timeseries/export.py	89.17% <ø> (ø)
wetterdienst/core/timeseries/request.py	86.27% <ø> (ø)
wetterdienst/core/timeseries/tools.py	76.00% <ø> (ø)
wetterdienst/provider/dwd/dmo/__init__.py	100.00% <100.00%> (ø)
wetterdienst/provider/dwd/mosmix/__init__.py	100.00% <ø> (ø)
wetterdienst/provider/dwd/mosmix/api.py	95.17% <100.00%> (+10.73%)	⬆️
wetterdienst/provider/dwd/observation/download.py	75.75% <ø> (ø)
wetterdienst/provider/dwd/observation/fields.py	82.75% <ø> (ø)
wetterdienst/provider/dwd/radar/api.py	95.14% <ø> (ø)
... and 10 more

... and 2 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.