setup.py has specific versions of dependancies

Question

setup.py has specific versions of dependancies

brianmay opened this issue 5 years ago · 4 comments

setup.py has:

install_requires = [
    'asn1crypto==0.24.0',
    'cffi==1.12.2',
    'cryptography==2.6.1',
    'dj-database-url==0.4.1',
    'Django<=2.1.5',
    'django-argonauts==1.2.0',
    'django-debug-toolbar==1.11',
    'gunicorn==19.6.0',
    'psycopg2==2.7',
    'pycparser==2.19',
    'python-u2flib-server==5.0.0',
    'pytz==2018.9',
    'qrcode==6.1',
    'six==1.12.0',
    'sqlparse==0.3.0',
    'whitenoise==3.1',
]

This makes it impossible to use in any application, because it it is likely the application has different versions pinned.

Furthermore psycopg version 2.7 appears to be broken, need version 2.7.7.

There is no need to be so precise about versions in setup.py, do that in requirements.txt.

ashwin31 commented 4 years ago

Fixed it

Answer 1 · 2019-12-10T22:20:54.000Z

To me it looks like a number of these dependencies aren't actually required for every single installation, and depend on the application and how it is deployed. e.g. gunicorn, psycopg2, pytz, six, whitenoise, django-debug-toolbar, etc.

Answer 2 · 2020-07-14T00:02:42.000Z

This package cannot be used until the requirements are fixed. It is outdated.

Answer 3 · 2020-09-30T21:36:31.000Z

In fact installing this ends up, without warning, quietly uninstalling my current Django version (2.2.14) and installing 2.1.5. It was quite puzzling, but after doing the pip install for this package, I suddenly began to see errors upon running runserver. After debugging, I realized that this installation was the culprit.

On a separate note: I dont even understand why pip would allow such a behavior. Ideally it should refuse to install the package with an error like "dependencies cant be met" or some such.