flare-floss 3.0.1 is incompatible with flare-capa > 6.0.0

Question

flare-floss 3.0.1 is incompatible with flare-capa > 6.0.0

Closed this issue 7 months ago · 2 comments

Using this minimal pyproject.toml:

[tool.poetry]
name = "test"
version = "1.0"
description = ""
authors = []

[tool.poetry.dependencies]
python = ">=3.11"
flare-capa = ">=6, <7"
flare-floss = ">=2.2.0"

[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"

$ poetry lock
$ poetry show | grep flare
flare-capa        (!) 6.0.0    The FLARE team's open-source tool to identif...
flare-floss       (!) 3.0.1    FLARE Obfuscated String Solver

With flare-capa constrained to >=6, <7 and flare-floss >=2.2.0, we get current flare-capa 6.0.0, which is not the latest version in the 6 series and flare-floss 3.0.1, which is the current version of flare-floss.

If we change the constraint for flare-capa to >6.0.0, we get the following error from poetry lock:

Because no versions of flare-floss match >2.2.0,<2.3.0 || >2.3.0,<3.0.0 || >3.0.0,<3.0.1 || >3.0.1
 and flare-floss (2.2.0) depends on networkx (2.5.1), flare-floss (>=2.2.0,<2.3.0 || >2.3.0,<3.0.0 || >3.0.0,<3.0.1 || >3.0.1) requires networkx (2.5.1).
And because flare-floss (2.3.0) depends on networkx (2.5.1)
 and flare-floss (3.0.0) depends on tqdm (4.65.0), flare-floss (>=2.2.0,<3.0.1 || >3.0.1) requires networkx (2.5.1) or tqdm (4.65.0).
And because flare-floss (3.0.1) depends on tqdm (4.65.0)
 and flare-capa (6.1.0) depends on tqdm (4.66.1), if flare-floss (>=2.2.0) and flare-capa (6.1.0) then networkx (2.5.1).
And because flare-capa (6.1.0) depends on networkx (3.1)
 and no versions of flare-capa match >6.0.0,<6.1.0 || >6.1.0,<7, flare-floss (>=2.2.0) is incompatible with flare-capa (>6.0.0,<7).
So, because test depends on both flare-capa (>6.0.0, <7) and flare-floss (>=2.2.0), version solving failed.

That is, the current version of flare-floss is incompatible with every version of flare-capa between 6.0.0 and 7.

If we change the flare-capa constraint to >= 7, we get this error message from poetry lock:

    Because no versions of flare-floss match >2.2.0,<2.3.0 || >2.3.0,<3.0.0 || >3.0.0,<3.0.1 || >3.0.1
 and flare-floss (2.2.0) depends on networkx (2.5.1), flare-floss (>=2.2.0,<2.3.0 || >2.3.0,<3.0.0 || >3.0.0,<3.0.1 || >3.0.1) requires networkx (2.5.1).
(1) And because flare-floss (2.3.0) depends on networkx (2.5.1)
 and flare-floss (3.0.0) depends on tqdm (4.65.0), flare-floss (>=2.2.0,<3.0.1 || >3.0.1) requires networkx (2.5.1) or tqdm (4.65.0).
    And because flare-floss (3.0.1) depends on tqdm (4.65.0)
 and flare-capa (7.0.0) depends on tqdm (4.66.1), if flare-floss (>=2.2.0) and flare-capa (7.0.0) then networkx (2.5.1).
(2) So, because flare-capa (7.0.0) depends on networkx (3.1)
 and no versions of flare-capa match >7,<7.0.1 || >7.0.1, flare-floss (>=2.2.0) is incompatible with flare-capa (>=7,<7.0.1 || >7.0.1).

    Because flare-floss (3.0.1) depends on tqdm (4.65.0)
 and flare-floss (>=2.2.0,<3.0.1 || >3.0.1) requires networkx (2.5.1) or tqdm (4.65.0)
 1, flare-floss (>=2.2.0) requires tqdm (4.65.0) or networkx (2.5.1).
    And because flare-capa (7.0.1) depends on both tqdm (4.66.1) and networkx (3.1), flare-floss (>=2.2.0) is incompatible with flare-capa (7.0.1).
    And because flare-floss (>=2.2.0) is incompatible with flare-capa (>=7,<7.0.1 || >7.0.1) (2), flare-floss (>=2.2.0) is incompatible with flare-capa (>=7)
    So, because test depends on both flare-capa (>=7) and flare-floss (>=2.2.0), version solving failed.

I.e., no version of flare-capa after 6.0.0 is compatible with the current version of flare-floss

Could we get a release of flare-floss which uses the same version of tqdm as flare-capa so the current versions of each can be installed together?

Answer 1 · 2024-04-15T11:38:12.000Z

this should be fixed via the new v3.1.0 release

Answer 2 · 2024-04-16T13:46:10.000Z

The new release didn't fix the problem:

flare-floss 3.1.0 is incompatible with flare-capa >=6:

Because no versions of flare-capa match >6,<6.1.0 || >6.1.0,<7.0.0 || >7.0.0,<7.0.1 || >7.0.1
 and flare-capa (6.0.0) depends on pydantic (1.10.9), flare-capa (>=6,<6.1.0 || >6.1.0,<7.0.0 || >7.0.0,<7.0.1 || >7.0.1) requires pydantic (1.10.9).
And because flare-capa (6.1.0) depends on pydantic (2.1.1), flare-capa (>=6,<7.0.0 || >7.0.0,<7.0.1 || >7.0.1) requires pydantic (1.10.9 || 2.1.1).
And because flare-capa (7.0.0) depends on pydantic (2.4.0)
 and flare-capa (7.0.1) depends on pydantic (2.4.0), flare-capa (>=6) requires pydantic (1.10.9 || 2.1.1 || 2.4.0).
Because no versions of flare-floss match >3.1.0
 and flare-floss (3.1.0) depends on pydantic (2.6.0), flare-floss (>=3.1.0) requires pydantic (2.6.0).
Thus, flare-floss (>=3.1.0) is incompatible with flare-capa (>=6).
So, because asdf depends on both flare-capa (>=6) and flare-floss (>=3.1.0), version solving failed.

Now you're specifying two different versions of pydantic.