You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Needs importlib_metadata installed (version 3.8.2 for me) so that code from importlib_metadata import distribution succeeds and that globals().setdefault('load_entry_point', importlib_load_entry_point) activates the shipped importlib_load_entry_point function.
Description
Hi!
The current code for importlib_load_entry_point at
for entry_point in distribution(dist_name).entry_points
if entry_point.group == group and entry_point.name == name
)
return next(matches).load()
does not enforce the version requirement, i.e. when requesting python-dotenv==0.17.0 this will serve python-dotenv==0.16.0 to me happily and without complaining. That seems unfortunate. Is that intended and does it have to be like that? Else, what do you think about a fix along these lines?:
diff --git a/setuptools/command/easy_install.py b/setuptools/command/easy_install.py
index 45adb6a..a09bfad 100644
--- a/setuptools/command/easy_install.py+++ b/setuptools/command/easy_install.py@@ -2060,10 +2060,13 @@ class ScriptWriter:
def importlib_load_entry_point(spec, group, name):
- dist_name, _, _ = spec.partition('==')+ dist_name, _, dist_version = spec.partition('==')+ dist = distribution(dist_name)+ if dist.version != dist_version:+ raise StopIteration # just to match "next(matches)" below
matches = (
entry_point
- for entry_point in distribution(dist_name).entry_points+ for entry_point in dist.entry_points
if entry_point.group == group and entry_point.name == name
)
return next(matches).load()
Thanks and best, Sebastian
Expected behavior
importlib_load_entry_point('python-dotenv==0.17.0', 'console_scripts', 'dotenv') rejects 0.16.0 and raises an exception.
If it turns out needed and intended to ignore version requirements at that place, a comment about why that is in the code would go a long way.
How to Reproduce
Take any existing easy-install script, make a copy, install a different version of the related software, run the script, see it work while expecting failure.
Output
Code of Conduct
I agree to follow the PSF Code of Conduct
The text was updated successfully, but these errors were encountered:
setuptools version
setuptools==56.0.0
Python version
Python 3.7 (and all others)
OS
Linux (and all others)
Additional environment information
Needs importlib_metadata installed (version 3.8.2 for me) so that code
from importlib_metadata import distribution
succeeds and thatglobals().setdefault('load_entry_point', importlib_load_entry_point)
activates the shippedimportlib_load_entry_point
function.Description
Hi!
The current code for
importlib_load_entry_point
atsetuptools/setuptools/command/easy_install.py
Lines 2062 to 2069 in be0f7f5
does not enforce the version requirement, i.e. when requesting
python-dotenv==0.17.0
this will servepython-dotenv==0.16.0
to me happily and without complaining. That seems unfortunate. Is that intended and does it have to be like that? Else, what do you think about a fix along these lines?:Thanks and best, Sebastian
Expected behavior
importlib_load_entry_point('python-dotenv==0.17.0', 'console_scripts', 'dotenv')
rejects 0.16.0 and raises an exception.If it turns out needed and intended to ignore version requirements at that place, a comment about why that is in the code would go a long way.
How to Reproduce
Take any existing easy-install script, make a copy, install a different version of the related software, run the script, see it work while expecting failure.
Output
Code of Conduct
The text was updated successfully, but these errors were encountered: