Include required version of Django for dependency management tools
Closed this issue · 0 comments
adrian-nilsson-fcc commented
Description
Version 2.4.0 requires Django >= 4.2, but this is not visible to the popular dependency management tool poetry:
[project]
name = "django-prometheus-bug"
requires-python = ">=3.12"
dependencies = [
"django (>=3.2,<4.0)",
"django-prometheus (>=2.4.0,<3.0.0)"
]
[tool.poetry]
package-mode = false
[build-system]
requires = ["poetry-core>=2.0.0,<3.0.0"]
build-backend = "poetry.core.masonry.api"The above project installs without conflict:
~/[...]> poetry sync
Installing dependencies from lock file
Package operations: 6 installs, 0 updates, 2 removals
- Removing setuptools (78.1.1)
- Removing wheel (0.45.1)
- Installing asgiref (3.8.1)
- Installing prometheus-client (0.22.1)
- Installing pytz (2025.2)
- Installing sqlparse (0.5.3)
- Installing django (3.2.25)
- Installing django-prometheus (2.4.0)
This results in a broken installation. Moreover, an existing Django 3.2 project could be left in a broken state after doing poetry update if it uses django-prometheus (this is how I first discovered the dependency issue).
Dependency tree:
~/[...]> poetry show --tree
django 3.2.25 A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
├── asgiref >=3.3.2,<4
├── pytz *
└── sqlparse >=0.2.2
django-prometheus 2.4.0 Django middlewares to monitor your application with Prometheus.io.
└── prometheus-client >=0.7
Expected behaviour
django-prometheus v.2.4.0 should not be installable alongside Django 3.2.* since it requires Django >= 4.2.
Suggested implementation
I'm not a packaging expert, but why not add a version specifier django >= 4.2 in install_requires?