-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pip accepts requirements with extras that don't conform to PEP 508 #8288
Comments
I'm trying to get familiar with pip sources and can take a look at this. I'll probably need a bit of advice along the way though: I've looked at this enough to see that the requirements/specifier handling is a bit redundant: it gets parsed several times with slightly different results and it's not 100% clear which of these parsing passes should check for this. More importantly it looks like the non-deprecated form I'll make a potential fix for just this issue and then comment on the other weirdness once I understand it better. |
Actually commenting now on the strange behaviour I'm seeing so I remember later:
|
I think the major confusion with the methods in question is that there seems to be undocumented redundancy:
|
So InstallRequirements does this:
I still can't find an explanation -- why are there two ways to define extras? EDIT: after lots of git blame I think this is the origin of multiple ways to give extras to InstallRequirement: #1236. Still don't understand why. |
Man, I think we should just rewrite I am not entirely sure, but assume most of the |
I'm on board. We will have to go through a deprecation cycle though, since this is changing user-facing behavior. |
Right, that's the feel I got from the code as well -- although for a newcomer parse_req_from_line() is not well specified: refactoring anything seems scary because the input can be so many different things... |
Trust me, I feel as uneasy as you are to the prospect. I feel less afriad of breaking things with experience, but still break as many things as when I started. |
+1 from me too. And @jku don't worry, those nervous feelings are the sign of someone who knows what they are doing! The people I'd be worried about are people who look at this code and think it all seems reasonably straightforward 🙂 On a more serious note, please feel free to ask if you're unsure. And trust your instincts - they've been good so far. |
For others information: I have some ideas and might try the refactoring at some point but for now I'm not working on it -- feel free to have a go. I'll have another go with the PR #8424 now though: getting this specific misparsing marked as deprecated will be useful in any case. |
153: Update pip to 20.2 r=duckinator a=pyup-bot This PR updates [pip](https://pypi.org/project/pip) from **20.1.1** to **20.2**. <details> <summary>Changelog</summary> ### 20.2 ``` ================= Deprecations and Removals ------------------------- - Deprecate setup.py-based builds that do not generate an ``.egg-info`` directory. (`6998 <https://github.com/pypa/pip/issues/6998>`_, `8617 <https://github.com/pypa/pip/issues/8617>`_) - Disallow passing install-location-related arguments in ``--install-options``. (`7309 <https://github.com/pypa/pip/issues/7309>`_) - Add deprecation warning for invalid requirements format "base>=1.0[extra]" (`8288 <https://github.com/pypa/pip/issues/8288>`_) - Deprecate legacy setup.py install when building a wheel failed for source distributions without pyproject.toml (`8368 <https://github.com/pypa/pip/issues/8368>`_) - Deprecate -b/--build/--build-dir/--build-directory. Its current behaviour is confusing and breaks in case different versions of the same distribution need to be built during the resolution process. Using the TMPDIR/TEMP/TMP environment variable, possibly combined with --no-clean covers known use cases. (`8372 <https://github.com/pypa/pip/issues/8372>`_) - Remove undocumented and deprecated option ``--always-unzip`` (`8408 <https://github.com/pypa/pip/issues/8408>`_) Features -------- - Log debugging information about pip, in ``pip install --verbose``. (`3166 <https://github.com/pypa/pip/issues/3166>`_) - Refine error messages to avoid showing Python tracebacks when an HTTP error occurs. (`5380 <https://github.com/pypa/pip/issues/5380>`_) - Install wheel files directly instead of extracting them to a temp directory. (`6030 <https://github.com/pypa/pip/issues/6030>`_) - Add a beta version of pip's next-generation dependency resolver. Move pip's new resolver into beta, remove the ``--unstable-feature=resolver`` flag, and enable the ``--use-feature=2020-resolver`` flag. The new resolver is significantly stricter and more consistent when it receives incompatible instructions, and reduces support for certain kinds of :ref:`Constraints Files`, so some workarounds and workflows may break. More details about how to test and migrate, and how to report issues, at :ref:`Resolver changes 2020` . Maintainers are preparing to ``` ### 20.2b1 ``` =================== Bug Fixes --------- - Correctly treat wheels containing non-ASCII file contents so they can be installed on Windows. (`5712 <https://github.com/pypa/pip/issues/5712>`_) - Prompt the user for password if the keyring backend doesn't return one (`7998 <https://github.com/pypa/pip/issues/7998>`_) Improved Documentation ---------------------- - Add GitHub issue template for reporting when the dependency resolver fails (`8207 <https://github.com/pypa/pip/issues/8207>`_) ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pip - Changelog: https://pyup.io/changelogs/pip/ - Homepage: https://pip.pypa.io/ </details> Co-authored-by: pyup-bot <github-bot@pyup.io>
153: Update pip to 20.2 r=duckinator a=pyup-bot This PR updates [pip](https://pypi.org/project/pip) from **20.1.1** to **20.2**. <details> <summary>Changelog</summary> ### 20.2 ``` ================= Deprecations and Removals ------------------------- - Deprecate setup.py-based builds that do not generate an ``.egg-info`` directory. (`6998 <https://github.com/pypa/pip/issues/6998>`_, `8617 <https://github.com/pypa/pip/issues/8617>`_) - Disallow passing install-location-related arguments in ``--install-options``. (`7309 <https://github.com/pypa/pip/issues/7309>`_) - Add deprecation warning for invalid requirements format "base>=1.0[extra]" (`8288 <https://github.com/pypa/pip/issues/8288>`_) - Deprecate legacy setup.py install when building a wheel failed for source distributions without pyproject.toml (`8368 <https://github.com/pypa/pip/issues/8368>`_) - Deprecate -b/--build/--build-dir/--build-directory. Its current behaviour is confusing and breaks in case different versions of the same distribution need to be built during the resolution process. Using the TMPDIR/TEMP/TMP environment variable, possibly combined with --no-clean covers known use cases. (`8372 <https://github.com/pypa/pip/issues/8372>`_) - Remove undocumented and deprecated option ``--always-unzip`` (`8408 <https://github.com/pypa/pip/issues/8408>`_) Features -------- - Log debugging information about pip, in ``pip install --verbose``. (`3166 <https://github.com/pypa/pip/issues/3166>`_) - Refine error messages to avoid showing Python tracebacks when an HTTP error occurs. (`5380 <https://github.com/pypa/pip/issues/5380>`_) - Install wheel files directly instead of extracting them to a temp directory. (`6030 <https://github.com/pypa/pip/issues/6030>`_) - Add a beta version of pip's next-generation dependency resolver. Move pip's new resolver into beta, remove the ``--unstable-feature=resolver`` flag, and enable the ``--use-feature=2020-resolver`` flag. The new resolver is significantly stricter and more consistent when it receives incompatible instructions, and reduces support for certain kinds of :ref:`Constraints Files`, so some workarounds and workflows may break. More details about how to test and migrate, and how to report issues, at :ref:`Resolver changes 2020` . Maintainers are preparing to ``` ### 20.2b1 ``` =================== Bug Fixes --------- - Correctly treat wheels containing non-ASCII file contents so they can be installed on Windows. (`5712 <https://github.com/pypa/pip/issues/5712>`_) - Prompt the user for password if the keyring backend doesn't return one (`7998 <https://github.com/pypa/pip/issues/7998>`_) Improved Documentation ---------------------- - Add GitHub issue template for reporting when the dependency resolver fails (`8207 <https://github.com/pypa/pip/issues/8207>`_) ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pip - Changelog: https://pyup.io/changelogs/pip/ - Homepage: https://pip.pypa.io/ </details> Co-authored-by: pyup-bot <github-bot@pyup.io> Co-authored-by: Ellen Marie Dash <me@duckie.co>
Description
See #8285. The form
setuptools_scm>=3.5[toml]
does not conform to PEP 508. Pip accepts it, presumably for historical reasons.We should deprecate and ultimately reject this form.
Expected behavior
Pip should only accept standard (PEP 508) formats for requirements.
How to Reproduce
See the linked issue.
The text was updated successfully, but these errors were encountered: