Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

23.2: Legacy resolver triggers error "while checking for conflicts" #12156

Closed
1 task done
teytaud opened this issue Jul 17, 2023 · 39 comments
Closed
1 task done

23.2: Legacy resolver triggers error "while checking for conflicts" #12156

teytaud opened this issue Jul 17, 2023 · 39 comments
Labels
C: dependency resolution About choosing which dependencies to install type: bug A confirmed bug or unintended behavior

Comments

@teytaud
Copy link

teytaud commented Jul 17, 2023

Description

I got that error, requesting that I post an issue:

ERROR: Error while checking for conflicts. Please file an issue on pip's issue tracker: https://github.com/pypa/pip/issues/new
Traceback (most recent call last):
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/commands/install.py", line 575, in _determine_conflicts
    return check_install_conflicts(to_install)
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/operations/check.py", line 108, in check_install_conflicts
    would_be_installed = _simulate_installation_of(to_install, package_set)
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/operations/check.py", line 131, in _simulate_installation_of
    dist = abstract_dist.get_metadata_distribution()
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/distributions/wheel.py", line 23, in get_metadata_distribution
    assert self.req.local_file_path, "Set as part of preparation during download"
AssertionError: Set as part of preparation during download

Expected behavior

I expected no crash.

pip version

pip-23.2-py3-none-any.whl

Python version

Python3.7

OS

Ubuntu

How to Reproduce

The CI of Nevergrad (repeatedly) leads to this crash: https://app.circleci.com/pipelines/github/facebookresearch/nevergrad/8643/workflows/c916c6c6-edcb-4ca6-bed9-ca7b9c98599c/jobs/27932

Output

 Stored in directory: /home/circleci/.cache/pip/wheels/fa/cd/1f/c6b7b50b564983bf3011e8fc75d06047ddc50c07f6e3660b00
  Building wheel for skrebate (pyproject.toml) ... -� �done
  Created wheel for skrebate: filename=skrebate-0.62-py3-none-any.whl size=29253 sha256=4ea15243891445733bd193094aeddd6ba1d3067eb751756c21bfdc787963043c
  Stored in directory: /home/circleci/.cache/pip/wheels/4f/3b/07/22a9a01f3f25cd376122b5ef526737a44993b4c312e50916ed
  Building wheel for GPUtil (pyproject.toml) ... -� �done
  Created wheel for GPUtil: filename=GPUtil-1.4.0-py3-none-any.whl size=7393 sha256=118f8016f44323a7e9f193bb5f39b8531975de242d6e374ace47b5fd1d34a834
  Stored in directory: /home/circleci/.cache/pip/wheels/6e/f8/83/534c52482d6da64622ddbf72cd93c35d2ef2881b78fd08ff0c
  Building wheel for libsvm (pyproject.toml) ... -� �\� �|� �done
  Created wheel for libsvm: filename=libsvm-3.23.0.4-cp37-cp37m-linux_x86_64.whl size=262588 sha256=e45bce3692537df310c15f35a1c169cc66fe8f431cbe33997a97bf26c9e32b4a
  Stored in directory: /home/circleci/.cache/pip/wheels/cd/e8/1e/bf95cf256e4d3ffc94289ab508c49d48e34c98220af63e3513
  Building wheel for support-developer (pyproject.toml) ... -� �done
  Created wheel for support-developer: filename=support_developer-1.0.5-py3-none-any.whl size=5630 sha256=bd7bdab0086ec6c9d26d7dc644bb467db129ea14d576959ab5597d04ff96258d
  Stored in directory: /home/circleci/.cache/pip/wheels/e4/d3/9b/d4f296a0183daacaf202d8b69df27edca88326a47da66cd624
  Building wheel for pyDOE (pyproject.toml) ... -� �done
  Created wheel for pyDOE: filename=pyDOE-0.3.8-py3-none-any.whl size=18167 sha256=f3e8655c666dc3d648c7872436cec090b2782731cd4e0a05bb3f67a780f75dab
  Stored in directory: /home/circleci/.cache/pip/wheels/83/ce/8a/87b25c685bfeca1872d13b8dc101e087a9c6e3fb5ebb47022a
  Building wheel for sklearn (pyproject.toml) ... -� �done
  Created wheel for sklearn: filename=sklearn-0.0-py2.py3-none-any.whl size=1302 sha256=bc09e67e8e39fa3f926a583ac3dc5f1df182465fb0a13453d4e23f4da8fdf834
  Stored in directory: /home/circleci/.cache/pip/wheels/46/ef/c3/157e41f5ee1372d1be90b09f74f82b10e391eaacca8f22d33e
Successfully built nevergrad gym gym-anm silence-tensorflow websocket-server future skrebate GPUtil libsvm support-developer pyDOE sklearn
ERROR: Error while checking for conflicts. Please file an issue on pip's issue tracker: https://github.com/pypa/pip/issues/new
Traceback (most recent call last):
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/commands/install.py", line 575, in _determine_conflicts
    return check_install_conflicts(to_install)
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/operations/check.py", line 108, in check_install_conflicts
    would_be_installed = _simulate_installation_of(to_install, package_set)
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/operations/check.py", line 131, in _simulate_installation_of
    dist = abstract_dist.get_metadata_distribution()
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/distributions/wheel.py", line 23, in get_metadata_distribution
    assert self.req.local_file_path, "Set as part of preparation during download"
AssertionError: Set as part of preparation during download
Installing collected packages: numpy, cma, scipy, joblib, threadpoolctl, scikit-learn, colorama, bayesian-optimization, typing-extensions, six, python-dateutil, pytz, pandas, zipp, importlib-metadata, click, platformdirs, pathspec, mypy-extensions, tomli, typed-ast, black, mypy, iniconfig, packaging, pluggy, exceptiongroup, pytest, coverage, pytest-cov, lazy-object-proxy, wrapt, astroid, isort, mccabe, tomlkit, dill, pylint, wheel, sphinxcontrib-applehelp, sphinxcontrib-devhelp, sphinxcontrib-jsmath, sphinxcontrib-htmlhelp, sphinxcontrib-serializinghtml, sphinxcontrib-qthelp, MarkupSafe, Jinja2, Pygments, docutils, snowballstemmer, babel, alabaster, imagesize, charset-normalizer, idna, urllib3, certifi, requests, sphinx, sphinxcontrib-jquery, sphinx-rtd-theme, commonmark, recommonmark, pkginfo, webencodings, bleach, readme-renderer, requests-toolbelt, more-itertools, jaraco.classes, importlib-resources, pycparser, cffi, cryptography, jeepney, SecretStorage, keyring, rfc3986, mdurl, markdown-it-py, rich, twine, autodocsumm, pyparsing, xlwt, xlrd, opencv-python, cycler, fonttools, kiwisolver, Pillow, matplotlib, cloudpickle, gym-notices, gym, qdldl, osqp, ecos, scs, cvxpy, websocket-client, websocket-server, gym-anm, pygame, nvidia-cuda-runtime-cu11, nvidia-cublas-cu11, nvidia-cudnn-cu11, nvidia-cuda-nvrtc-cu11, torch, parso, jedi, decorator, pickleshare, traitlets, wcwidth, prompt-toolkit, backcall, matplotlib-inline, ptyprocess, pexpect, ipython, Werkzeug, itsdangerous, flask, brotli, flask-compress, soupsieve, beautifulsoup4, hiplot, fcmaes, et-xmlfile, openpyxl, pyproj, tqdm, torchvision, nose, PyUtilib, ply, pyomo, mixsimulator, networkx, future, py4j, hyperopt, IOHexperimenter, patsy, statsmodels, skrebate, GPUtil, cdt, tensorflow-estimator, imageio, tifffile, PyWavelets, scikit-image, absl-py, astunparse, flatbuffers, gast, google-pasta, grpcio, h5py, keras, libclang, opt-einsum, protobuf, cachetools, pyasn1, pyasn1-modules, rsa, google-auth, oauthlib, requests-oauthlib, google-auth-oauthlib, markdown, tensorboard-data-server, tensorboard-plugin-wit, tensorboard, termcolor, tensorflow-io-gcs-filesystem, tensorflow, libsvm, image-quality, autograd, pymoo, Keras-Preprocessing, support-developer, silence-tensorflow, dm-tree, tensorflow-probability, pyDOE, sklearn, tabulate, sobol-seq, py-expression-eval, bayes-optim, nlopt, pybullet, box2d-py, glfw, pyopengl, mujoco, olymp, nevergrad
ERROR: Exception:
Traceback (most recent call last):
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/cli/base_command.py", line 180, in exc_logging_wrapper
    status = run_func(*args)
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/cli/req_command.py", line 248, in wrapper
    return func(self, options, args)
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/commands/install.py", line 460, in run
    pycompile=options.compile,
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/req/__init__.py", line 79, in install_given_reqs
    pycompile=pycompile,
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/req/req_install.py", line 805, in install
    assert self.local_file_path
AssertionError

Exited with code exit status 2
CircleCI received exit code 2

Code of Conduct

@teytaud teytaud added S: needs triage Issues/PRs that need to be triaged type: bug A confirmed bug or unintended behavior labels Jul 17, 2023
@MichalTkac
Copy link

I've got the same problem here. Using python 3.9 and pip 23.2, during building a docker image a got this error:

10.08 ERROR: Error while checking for conflicts. Please file an issue on pip's issue tracker: https://github.com/pypa/pip/issues/new
10.08 Traceback (most recent call last):
10.08   File "/usr/local/lib/python3.9/site-packages/pip/_internal/commands/install.py", line 575, in _determine_conflicts
10.08     return check_install_conflicts(to_install)
10.08   File "/usr/local/lib/python3.9/site-packages/pip/_internal/operations/check.py", line 108, in check_install_conflicts
10.08     would_be_installed = _simulate_installation_of(to_install, package_set)
10.08   File "/usr/local/lib/python3.9/site-packages/pip/_internal/operations/check.py", line 131, in _simulate_installation_of
10.08     dist = abstract_dist.get_metadata_distribution()
10.08   File "/usr/local/lib/python3.9/site-packages/pip/_internal/distributions/wheel.py", line 23, in get_metadata_distribution
10.08     assert self.req.local_file_path, "Set as part of preparation during download"
10.08 AssertionError: Set as part of preparation during download
10.08 Installing collected packages: asgiref, bcrypt, charset-normalizer, click, coreschema, urllib3, requests, itypes, uritemplate, coreapi, cryptography, pytz, sqlparse, django, django-cors-headers, django-extensions, django-filter, django-pgtrigger, django-postgres-extensions, django-safedelete, django-utils-six, djangorestframework, djangorestframework-jwt, inflection, drf-yasg, hstspreload, httpcore, httpx, markupsafe, msal, openpyxl, phone-iso3166, psycopg2-binary, pyasn1, qrcode, rsa, twilio, unittest-xml-reporting, uwsgi, whitenoise
10.08 ERROR: Exception:
10.08 Traceback (most recent call last):
10.08   File "/usr/local/lib/python3.9/site-packages/pip/_internal/cli/base_command.py", line 180, in exc_logging_wrapper
10.08     status = run_func(*args)
10.08   File "/usr/local/lib/python3.9/site-packages/pip/_internal/cli/req_command.py", line 248, in wrapper
10.08     return func(self, options, args)
10.08   File "/usr/local/lib/python3.9/site-packages/pip/_internal/commands/install.py", line 452, in run
10.08     installed = install_given_reqs(
10.08   File "/usr/local/lib/python3.9/site-packages/pip/_internal/req/__init__.py", line 72, in install_given_reqs
10.08     requirement.install(
10.08   File "/usr/local/lib/python3.9/site-packages/pip/_internal/req/req_install.py", line 805, in install
10.08     assert self.local_file_path
10.08 AssertionError

@varunTirupathi
Copy link

Hey @teytaud did you get any solution for this?

@teytaud
Copy link
Author

teytaud commented Jul 17, 2023

No. I tried tons of things and failed.

@varunTirupathi
Copy link

varunTirupathi commented Jul 17, 2023

try running the pip by removing the --use-deprecated=legacy-resolver' in the PIP command if you are using legacy resolver

@MichalTkac
Copy link

MichalTkac commented Jul 17, 2023

try running the pip by removing the --use-deprecated=legacy-resolver' in the PIP command if you are using legacy resolver

Hi @varunTirupathi , thanks for the tip.
I discovered that this one works earlier but not sure for what cost, yet

@pfmoore
Copy link
Member

pfmoore commented Jul 17, 2023

OK, if this is only a problem with the legacy resolver, I would strongly recommend switching to the "new" resolver (which is hardly new, at this point it's been round for 3 years).

@pradyunsg pradyunsg changed the title PIP crash "error while checking for conflicts", with message requesting that I post an issue here. 23.2: Legacy resolver triggers error "while checking for conflicts" Jul 17, 2023
@pradyunsg pradyunsg added C: dependency resolution About choosing which dependencies to install and removed S: needs triage Issues/PRs that need to be triaged labels Jul 17, 2023
@GottfriedGanssauge
Copy link

We've got the same problem here.
pip-23.2 with Python-3.11

07:21:07  /HAU/crs/environment/bin/python get-pip.py -c /build/crsbuild/constraints.txt
07:21:09  Looking in indexes: https://pypi.org/simple, https://aurora-deploy-read:****@artifactory.haufedev.systems/artifactory/api/pypi/all-pypi/simple
07:21:09  Ignoring PasteDeploy: markers 'python_version == "3.7"' don't match your environment
07:21:09  Collecting pip
07:21:09    Obtaining dependency information for pip from https://files.pythonhosted.org/packages/02/65/f15431ddee78562355ccb39097bf9160a1689f2db40dc418754be98806a1/pip-23.2-py3-none-any.whl.metadata
07:21:10    Downloading pip-23.2-py3-none-any.whl.metadata (4.2 kB)
07:21:10  Collecting setuptools
07:21:10    Obtaining dependency information for setuptools from https://files.pythonhosted.org/packages/c7/42/be1c7bbdd83e1bfb160c94b9cafd8e25efc7400346cf7ccdbdb452c467fa/setuptools-68.0.0-py3-none-any.whl.metadata
07:21:10    Downloading setuptools-68.0.0-py3-none-any.whl.metadata (6.4 kB)
07:21:10  Collecting wheel
07:21:10    Using cached wheel-0.40.0-py3-none-any.whl (64 kB)
07:21:10  �[91mERROR: Error while checking for conflicts. Please file an issue on pip's issue tracker: https://github.com/pypa/pip/issues/new

This same build was running literally for years with Python versions starting from 3.7 to 3.11 and it only started failing yesterday

@GottfriedGanssauge
Copy link

GottfriedGanssauge commented Jul 18, 2023

I really assume it has to do with the legacy resolver but as can be seen in constraints.txt there seems to be no way around it:

# FIXME: remove this once we have a zope no longer including the insecure RestrictedPython
# The one from the Zope constraints file has a security issue (CVE-2023-37271) which is fixed in 6.1
# this neccessitates the legacy resolver to be used in Dockerfile
RestrictedPython >= 6.1
-c https://zopefoundation.github.io/Zope/releases/5.8.3/constraints.txt
# Zope is not contained in the constraints file, but the Version of Zope must match the Version of the constraints
Zope == 5.8.3

@GottfriedGanssauge
Copy link

GottfriedGanssauge commented Jul 18, 2023

With the previous version of pip it ran:
(build log of 4 days ago)

07:20:16  /usr/local/bin/python3 -m venv --without-pip /HAU/crs/environment
07:20:16  /HAU/crs/environment/bin/python get-pip.py -c /build/crsbuild/constraints.txt
07:20:19  Looking in indexes: https://pypi.org/simple, https://aurora-deploy-read:****@artifactory.haufedev.systems/artifactory/api/pypi/all-pypi/simple
07:20:19  Ignoring PasteDeploy: markers 'python_version == "3.7"' don't match your environment
07:20:19  Collecting pip
07:20:19    Downloading pip-23.1.2-py3-none-any.whl (2.1 MB)
07:20:20       ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.1/2.1 MB 7.5 MB/s eta 0:00:00
07:20:20  Collecting setuptools
07:20:20    Using cached setuptools-68.0.0-py3-none-any.whl (804 kB)
07:20:20  Collecting wheel
07:20:20    Using cached wheel-0.40.0-py3-none-any.whl (64 kB)
07:20:20  Installing collected packages: pip, setuptools, wheel
07:20:22  Successfully installed pip-23.1.2 setuptools-68.0.0 wheel-0.40.0

Nothing else changed in the build, especially constraints.txt and the PIP_USE_DEPRECATED=legacy-resolver settings were already present 4 days ago

@smoeinbbp
Copy link

at the moment maybe installing the previous pip version instead of upgrading it to the latest version can fix the issue. it's a temp fix:

pip install pip==23.1.2

@teytaud teytaud closed this as completed Jul 18, 2023
@teytaud
Copy link
Author

teytaud commented Jul 18, 2023

I don't close for now as this creates a ton of other issues

@teytaud teytaud reopened this Jul 18, 2023
@teytaud
Copy link
Author

teytaud commented Jul 18, 2023

I believed it was fixed but no --- error just a bit later: https://app.circleci.com/pipelines/github/facebookresearch/nevergrad/8658/workflows/d3e14a34-5059-4469-9b14-885d122e9aa3/jobs/27973

However things have moved, I try again.

@teytaud
Copy link
Author

teytaud commented Jul 18, 2023

Successfully installed pip-23.2
Removed legacy.
Still crashing:

ERROR: Error while checking for conflicts. Please file an issue on pip's issue tracker: https://github.com/pypa/pip/issues/new
Traceback (most recent call last):
File "/home/circleci/repo/test_wheel/lib/python3.8/site-packages/pip/_internal/commands/install.py", line 575, in _determine_conflicts
return check_install_conflicts(to_install)
File "/home/circleci/repo/test_wheel/lib/python3.8/site-packages/pip/_internal/operations/check.py", line 108, in check_install_conflicts
would_be_installed = _simulate_installation_of(to_install, package_set)
File "/home/circleci/repo/test_wheel/lib/python3.8/site-packages/pip/_internal/operations/check.py", line 131, in _simulate_installation_of
dist = abstract_dist.get_metadata_distribution()
File "/home/circleci/repo/test_wheel/lib/python3.8/site-packages/pip/_internal/distributions/wheel.py", line 23, in get_metadata_distribution
assert self.req.local_file_path, "Set as part of preparation during download"
AssertionError: Set as part of preparation during download
Installing collected packages: numpy, cma, scipy, joblib, threadpoolctl, scikit-learn, colorama, bayesian-optimization, typing-extensions, six, python-dateutil, pytz, tzdata, pandas, nevergrad
ERROR: Exception:
Traceback (most recent call last):
File "/home/circleci/repo/test_wheel/lib/python3.8/site-packages/pip/_internal/cli/base_command.py", line 180, in exc_logging_wrapper
status = run_func(*args)
File "/home/circleci/repo/test_wheel/lib/python3.8/site-packages/pip/_internal/cli/req_command.py", line 248, in wrapper
return func(self, options, args)
File "/home/circleci/repo/test_wheel/lib/python3.8/site-packages/pip/_internal/commands/install.py", line 452, in run
installed = install_given_reqs(
File "/home/circleci/repo/test_wheel/lib/python3.8/site-packages/pip/_internal/req/init.py", line 72, in install_given_reqs
requirement.install(
File "/home/circleci/repo/test_wheel/lib/python3.8/site-packages/pip/_internal/req/req_install.py", line 805, in install
assert self.local_file_path
AssertionError

@ckw017
Copy link

ckw017 commented Jul 18, 2023

Also running into this, we bisected the problem down to this commit: 5168881

In our case, it seems like before the commit metadata_file_data would be None and self.local_file_path would get populated correctly, but after the commit metadata_file_data gets set and somehow that causes self.local_file_path to never be set.

@pfmoore
Copy link
Member

pfmoore commented Jul 18, 2023

Thanks, that's helpful. Are you able to confirm (maybe by adding a print statement) what the URL/name of the metadata file is? Also, are you just using PyPI, or is there any other package index involved?

@ckw017
Copy link

ckw017 commented Jul 18, 2023

I think(?) its just PyPI, not sure if there's a good way to check. Requirement is numpy>=1.17, on the previous commit (directly before breaking one) this ends up with the self.local_file_path /tmp/pip-unpack-236heq8i/numpy-1.25.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl. Trace from it being set on the previous commit:

  File "/home/ray/anaconda3/bin/pip", line 8, in <module>
    sys.exit(main())
  File "/home/ray/default/pip/src/pip/_internal/cli/main.py", line 79, in main
    return command.main(cmd_args)
  File "/home/ray/default/pip/src/pip/_internal/cli/base_command.py", line 101, in main
    return self._main(args)
  File "/home/ray/default/pip/src/pip/_internal/cli/base_command.py", line 223, in _main
    return run(options, args)
  File "/home/ray/default/pip/src/pip/_internal/cli/base_command.py", line 169, in exc_logging_wrapper
    status = run_func(*args)
  File "/home/ray/default/pip/src/pip/_internal/cli/req_command.py", line 248, in wrapper
    return func(self, options, args)
  File "/home/ray/default/pip/src/pip/_internal/commands/install.py", line 377, in run
    requirement_set = resolver.resolve(
  File "/home/ray/default/pip/src/pip/_internal/resolution/legacy/resolver.py", line 185, in resolve
    discovered_reqs.extend(self._resolve_one(requirement_set, req))
  File "/home/ray/default/pip/src/pip/_internal/resolution/legacy/resolver.py", line 509, in _resolve_one
    dist = self._get_dist_for(req_to_install)
  File "/home/ray/default/pip/src/pip/_internal/resolution/legacy/resolver.py", line 462, in _get_dist_for
    dist = self.preparer.prepare_linked_requirement(req)
  File "/home/ray/default/pip/src/pip/_internal/operations/prepare.py", line 516, in prepare_linked_requirement
    return self._prepare_linked_requirement(req, parallel_builds)
  File "/home/ray/default/pip/src/pip/_internal/operations/prepare.py", line 629, in _prepare_linked_requirement
    req.local_file_path = local_file.path
  File "/home/ray/default/pip/src/pip/_internal/req/req_install.py", line 190, in __setattr__
    traceback.print_stack()

@ckw017
Copy link

ckw017 commented Jul 18, 2023

Docker repro:

docker pull rayproject/ray:2.5.1-py39
docker run -it rayproject/ray:2.5.1-py39  
# (In the container)
pip install pip==23.2
pip install --force-reinstall --use-deprecated=legacy-resolver datasets

@pfmoore
Copy link
Member

pfmoore commented Jul 18, 2023

Oh, sorry. I hadn't realised this was still with the legacy resolver. Does it fail with the standard resolver?

@ckw017
Copy link

ckw017 commented Jul 18, 2023

Seems fine without legacy-resolver

@pfmoore
Copy link
Member

pfmoore commented Jul 18, 2023

The reason I'm asking is that there are some known restrictions on the PEP 658/714 code, because of some weird interactions with the internals of the requirement processing. In particular, we deferred some problems with sdist metadata, because it can never occur right now (PyPI doesn't serve separate metadata for sdists, and until metadata 2.2 is supported, sdist metadata isn't reliable anyway).

I wouldn't be surprised if the legacy resolver is behaving weirdly when faced with partially-downloaded requirement objects. The requirement preparation code is pretty complex and fragile, largely because there's a huge amount of code that's mainly there for backward compatibility 🙁

It's definitely a bug, but if switching to the new resolver addresses it, it's not as critical.

@pfmoore pfmoore mentioned this issue Jul 18, 2023
@teytaud
Copy link
Author

teytaud commented Jul 18, 2023

Seems fine without legacy-resolver

THANKS, looks like this works. I had removed legacy-solver only at one place in the .circleci/config whereas it is at two places... now everything runs just fine:
facebookresearch/nevergrad#1540
https://app.circleci.com/pipelines/github/facebookresearch/nevergrad/8660/workflows/96766157-46de-4c18-9561-17024eef71af/jobs/27982

Thank you very much everyone. This helps a lot, I am very grateful for your help.

@edmorley
Copy link
Contributor

edmorley commented Jul 18, 2023

Does adding an early return (conditional on the legacy resolver being enabled) somewhere here also work around the issue?

def _fetch_metadata_only(
self,
req: InstallRequirement,
) -> Optional[BaseDistribution]:
if self.require_hashes:
logger.debug(
"Metadata-only fetching is not used as hash checking is required",
)
return None
# Try PEP 658 metadata first, then fall back to lazy wheel if unavailable.
return self._fetch_metadata_using_link_data_attr(

If so, that would seem a safer fix than making changes to the legacy resolver, since it would mean the metadata file fetching feature is just disabled entirely when using the legacy resolver - similar to how its already disabled when using hash-checking mode.

@ckw017
Copy link

ckw017 commented Jul 18, 2023

^In a totally unscientific manner, changing if self.require_hashes to if True also fixes the repro, so probably.

@pfmoore
Copy link
Member

pfmoore commented Jul 18, 2023

Nice catch. The hard part is going to be finding out whether we're using the legacy resolver from that point in the code 😕

@pfmoore
Copy link
Member

pfmoore commented Jul 18, 2023

If someone can try #12163, I think that addresses this issue.

@ckw017
Copy link

ckw017 commented Jul 18, 2023

^That also fixes my repro

@pradyunsg
Copy link
Member

Keeping this open since the maintainers have been consolidating the various duplicates into this issue -- let's track the fix and close this when it's fixed.

@pradyunsg pradyunsg reopened this Jul 19, 2023
@pfmoore
Copy link
Member

pfmoore commented Jul 19, 2023

On that note, if anyone who encounters this and gets redirected here can test with #12163, that would be a great help. If that PR fixes the issue, just "thumbs up" this comment. If it doesn't, please provide a reproducer.

@amirali-shfz
Copy link

@pfmoore Do you know how long it usually takes to get these fixes in specially since it seems like you already have a PR? Trying to understand if I should remove the flag or wait for the fix to be deployed.

@pfmoore
Copy link
Member

pfmoore commented Jul 19, 2023

I would strongly advise that regardless of when the fix is released, if removing the use of the legacy resolver works for you, you should do that. At some point we will remove the legacy resolver altogether, so you should not continue using it unless you have a very good reason to do so.

Having said that, the fix is likely to be included in a bugfix release of pip 23.2, which I hope to have done in the next few days, unless further issues arise. I'd like a few more confirmations that the fix PR works, so if you can test it that would be great.

@amirali-shfz
Copy link

I ended up removing the flag -- sorry I wasn't able to test it out due to time constraints. Thanks a lot for your help.

@sodul
Copy link

sodul commented Jul 21, 2023

We run into the same issue.

While we would "love" to not use the legacy resolver it is unfortunately not possible due to a large dependency tree that include some projects that do not play well with the new resolver. As a matter of fact we actually have to call pip incrementally to 'ignore' false hard requirements found in some libraries. Not really pip fault but since there is no way to override some package claims about required versions our hand is forced.

@notatallshaw
Copy link
Member

notatallshaw commented Jul 21, 2023

we would "love" to not use the legacy resolver it is unfortunately not possible due to a large dependency tree that include some projects that do not play well with the new resolver.

Do you have a public requirements list?

It's useful to have real world examples that could be tested against if other solutions are provided (could be with Pip or with tools that supplement it).

@pradyunsg
Copy link
Member

With #12163 landed and at least 1 confirmation that this fixes things (and a couple of unrelated digressions about the legacy resolver), I'm gonna go ahead and say that this is resolved and closing this.

kai687 pushed a commit to kai687/sphinxawesome-theme that referenced this issue Jul 24, 2023
Bumps [pip](https://github.com/pypa/pip) from 23.1.2 to 23.2.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>23.2.1 (2023-07-22)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Disable PEP 658 metadata fetching with the legacy resolver.
(<code>[#12156](pypa/pip#12156)
&lt;https://github.com/pypa/pip/issues/12156&gt;</code>_)</li>
</ul>
<h1>23.2 (2023-07-15)</h1>
<h2>Process</h2>
<ul>
<li>Deprecate support for eggs for Python 3.11 or later, when the new
<code>importlib.metadata</code> backend is used to load distribution
metadata. This only affects the egg <em>distribution format</em> (with
the <code>.egg</code> extension); distributions using the
<code>.egg-info</code> <em>metadata format</em> (but are not actually
eggs) are not affected. For more information about eggs, see
<code>relevant section in the setuptools documentation
&lt;https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html&gt;</code>__.</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate legacy version and version specifiers that don't conform
to <code>PEP 440 &lt;https://peps.python.org/pep-0440/&gt;</code>_
(<code>[#12063](pypa/pip#12063)
&lt;https://github.com/pypa/pip/issues/12063&gt;</code>_)</li>
<li><code>freeze</code> no longer excludes the <code>setuptools</code>,
<code>distribute</code>, and <code>wheel</code>
from the output when running on Python 3.12 or later, where they are not
included in a virtual environment by default. Use <code>--exclude</code>
if you wish to
exclude any of these packages.
(<code>[#4256](pypa/pip#4256)
&lt;https://github.com/pypa/pip/issues/4256&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>make rejection messages slightly different between 1 and 8, so the
user can make the difference.
(<code>[#12040](pypa/pip#12040)
&lt;https://github.com/pypa/pip/issues/12040&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>pip completion --zsh</code>.
(<code>[#11417](pypa/pip#11417)
&lt;https://github.com/pypa/pip/issues/11417&gt;</code>_)</li>
<li>Prevent downloading files twice when PEP 658 metadata is present
(<code>[#11847](pypa/pip#11847)
&lt;https://github.com/pypa/pip/issues/11847&gt;</code>_)</li>
<li>Add permission check before configuration
(<code>[#11920](pypa/pip#11920)
&lt;https://github.com/pypa/pip/issues/11920&gt;</code>_)</li>
<li>Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree
(<code>[#11957](pypa/pip#11957)
&lt;https://github.com/pypa/pip/issues/11957&gt;</code>_)</li>
<li>Ignore invalid or unreadable <code>origin.json</code> files in the
cache of locally built wheels.
(<code>[#11985](pypa/pip#11985)
&lt;https://github.com/pypa/pip/issues/11985&gt;</code>_)</li>
<li>Fix installation of packages with PEP658 metadata using
non-canonicalized names
(<code>[#12038](pypa/pip#12038)
&lt;https://github.com/pypa/pip/issues/12038&gt;</code>_)</li>
<li>Correctly parse <code>dist-info-metadata</code> values from
JSON-format index data.
(<code>[#12042](pypa/pip#12042)
&lt;https://github.com/pypa/pip/issues/12042&gt;</code>_)</li>
<li>Fail with an error if the <code>--python</code> option is specified
after the subcommand name.
(<code>[#12067](pypa/pip#12067)
&lt;https://github.com/pypa/pip/issues/12067&gt;</code>_)</li>
<li>Fix slowness when using <code>importlib.metadata</code> (the default
way for pip to read metadata in Python 3.11+) and there is a large
overlap between already installed and to-be-installed packages.
(<code>[#12079](pypa/pip#12079)
&lt;https://github.com/pypa/pip/issues/12079&gt;</code>_)</li>
<li>Pass the <code>-r</code> flag to mercurial to be explicit that a
revision is passed and protect
against <code>hg</code> options injection as part of VCS URLs. Users
that do not have control on
VCS URLs passed to pip are advised to upgrade.
(<code>[#12119](pypa/pip#12119)
&lt;https://github.com/pypa/pip/issues/12119&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/4a79e65cb6aac84505ad92d272a29f0c3c1aedce"><code>4a79e65</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/81a0711192c32126a7b11d6898677274cdbc40b5"><code>81a0711</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/1d4674c38950fe01d138a57524799473a2341bb7"><code>1d4674c</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12163">#12163</a> from
pfmoore/fix_12156</li>
<li><a
href="https://github.com/pypa/pip/commit/39aa7ed50e26d77a4a277fa525add44b6f7b3bcd"><code>39aa7ed</code></a>
Fix a direct creation of RequirementPreparer in the tests</li>
<li><a
href="https://github.com/pypa/pip/commit/c12139de9b51da9947d3b36b4f0e2e0c8f467663"><code>c12139d</code></a>
Disable PEP 658 for the legacy resolver</li>
<li><a
href="https://github.com/pypa/pip/commit/593b85f4abd30688648436bb9baca3b8f7b32b51"><code>593b85f</code></a>
Use strict optional checking in misc.py (<a
href="https://redirect.github.com/pypa/pip/issues/11382">#11382</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/b252ad819bc7b998508a7ed8789b60dceddfd603"><code>b252ad8</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12148">#12148</a> from
mtreinish/patch-1</li>
<li><a
href="https://github.com/pypa/pip/commit/26814251c04f459dce8e9502aa42eebdb125ee20"><code>2681425</code></a>
Correct typo in 23.2 Changelog Bug Fixes</li>
<li><a
href="https://github.com/pypa/pip/commit/1d5b12063d8656a2d1c2eebaee83ed530b642e48"><code>1d5b120</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12145">#12145</a> from
pfmoore/release/23.2</li>
<li><a
href="https://github.com/pypa/pip/commit/b6a2670599ded25ffcebc33b5c8b583ccef87f27"><code>b6a2670</code></a>
Bump for development</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/23.1.2...23.2.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.1.2&new-version=23.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Jul 24, 2023
Bumps [pip](https://github.com/pypa/pip) from 23.2 to 23.2.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>23.2.1 (2023-07-22)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Disable PEP 658 metadata fetching with the legacy resolver. (<code>[#12156](pypa/pip#12156) &lt;https://github.com/pypa/pip/issues/12156&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/4a79e65cb6aac84505ad92d272a29f0c3c1aedce"><code>4a79e65</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/81a0711192c32126a7b11d6898677274cdbc40b5"><code>81a0711</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/1d4674c38950fe01d138a57524799473a2341bb7"><code>1d4674c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12163">#12163</a> from pfmoore/fix_12156</li>
<li><a href="https://github.com/pypa/pip/commit/39aa7ed50e26d77a4a277fa525add44b6f7b3bcd"><code>39aa7ed</code></a> Fix a direct creation of RequirementPreparer in the tests</li>
<li><a href="https://github.com/pypa/pip/commit/c12139de9b51da9947d3b36b4f0e2e0c8f467663"><code>c12139d</code></a> Disable PEP 658 for the legacy resolver</li>
<li><a href="https://github.com/pypa/pip/commit/593b85f4abd30688648436bb9baca3b8f7b32b51"><code>593b85f</code></a> Use strict optional checking in misc.py (<a href="https://redirect.github.com/pypa/pip/issues/11382">#11382</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/b252ad819bc7b998508a7ed8789b60dceddfd603"><code>b252ad8</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12148">#12148</a> from mtreinish/patch-1</li>
<li><a href="https://github.com/pypa/pip/commit/26814251c04f459dce8e9502aa42eebdb125ee20"><code>2681425</code></a> Correct typo in 23.2 Changelog Bug Fixes</li>
<li><a href="https://github.com/pypa/pip/commit/1d5b12063d8656a2d1c2eebaee83ed530b642e48"><code>1d5b120</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12145">#12145</a> from pfmoore/release/23.2</li>
<li><a href="https://github.com/pypa/pip/commit/b6a2670599ded25ffcebc33b5c8b583ccef87f27"><code>b6a2670</code></a> Bump for development</li>
<li>See full diff in <a href="https://github.com/pypa/pip/compare/23.2...23.2.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.2&new-version=23.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Jul 24, 2023
Bumps [pip](https://github.com/pypa/pip) from 23.2 to 23.2.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>23.2.1 (2023-07-22)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Disable PEP 658 metadata fetching with the legacy resolver. (<code>[#12156](pypa/pip#12156) &lt;https://github.com/pypa/pip/issues/12156&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/4a79e65cb6aac84505ad92d272a29f0c3c1aedce"><code>4a79e65</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/81a0711192c32126a7b11d6898677274cdbc40b5"><code>81a0711</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/1d4674c38950fe01d138a57524799473a2341bb7"><code>1d4674c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12163">#12163</a> from pfmoore/fix_12156</li>
<li><a href="https://github.com/pypa/pip/commit/39aa7ed50e26d77a4a277fa525add44b6f7b3bcd"><code>39aa7ed</code></a> Fix a direct creation of RequirementPreparer in the tests</li>
<li><a href="https://github.com/pypa/pip/commit/c12139de9b51da9947d3b36b4f0e2e0c8f467663"><code>c12139d</code></a> Disable PEP 658 for the legacy resolver</li>
<li><a href="https://github.com/pypa/pip/commit/593b85f4abd30688648436bb9baca3b8f7b32b51"><code>593b85f</code></a> Use strict optional checking in misc.py (<a href="https://redirect.github.com/pypa/pip/issues/11382">#11382</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/b252ad819bc7b998508a7ed8789b60dceddfd603"><code>b252ad8</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12148">#12148</a> from mtreinish/patch-1</li>
<li><a href="https://github.com/pypa/pip/commit/26814251c04f459dce8e9502aa42eebdb125ee20"><code>2681425</code></a> Correct typo in 23.2 Changelog Bug Fixes</li>
<li><a href="https://github.com/pypa/pip/commit/1d5b12063d8656a2d1c2eebaee83ed530b642e48"><code>1d5b120</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12145">#12145</a> from pfmoore/release/23.2</li>
<li><a href="https://github.com/pypa/pip/commit/b6a2670599ded25ffcebc33b5c8b583ccef87f27"><code>b6a2670</code></a> Bump for development</li>
<li>See full diff in <a href="https://github.com/pypa/pip/compare/23.2...23.2.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.2&new-version=23.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
@sodul
Copy link

sodul commented Jul 25, 2023

@notatallshaw Unfortunately we do not have a public requirements.txt to share. If I do get some spare time, I will try to disable the legacy resolver in a virtualenv and see if I can reproduce and provide a trimmed down version. No promises though.

ErikBavenstrand added a commit to klarna-incubator/mleko that referenced this issue Jul 26, 2023
Bumps [pip](https://github.com/pypa/pip) from 23.2 to 23.2.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>23.2.1 (2023-07-22)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Disable PEP 658 metadata fetching with the legacy resolver.
(<code>[#12156](pypa/pip#12156)
&lt;https://github.com/pypa/pip/issues/12156&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/4a79e65cb6aac84505ad92d272a29f0c3c1aedce"><code>4a79e65</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/81a0711192c32126a7b11d6898677274cdbc40b5"><code>81a0711</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/1d4674c38950fe01d138a57524799473a2341bb7"><code>1d4674c</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12163">#12163</a> from
pfmoore/fix_12156</li>
<li><a
href="https://github.com/pypa/pip/commit/39aa7ed50e26d77a4a277fa525add44b6f7b3bcd"><code>39aa7ed</code></a>
Fix a direct creation of RequirementPreparer in the tests</li>
<li><a
href="https://github.com/pypa/pip/commit/c12139de9b51da9947d3b36b4f0e2e0c8f467663"><code>c12139d</code></a>
Disable PEP 658 for the legacy resolver</li>
<li><a
href="https://github.com/pypa/pip/commit/593b85f4abd30688648436bb9baca3b8f7b32b51"><code>593b85f</code></a>
Use strict optional checking in misc.py (<a
href="https://redirect.github.com/pypa/pip/issues/11382">#11382</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/b252ad819bc7b998508a7ed8789b60dceddfd603"><code>b252ad8</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12148">#12148</a> from
mtreinish/patch-1</li>
<li><a
href="https://github.com/pypa/pip/commit/26814251c04f459dce8e9502aa42eebdb125ee20"><code>2681425</code></a>
Correct typo in 23.2 Changelog Bug Fixes</li>
<li><a
href="https://github.com/pypa/pip/commit/1d5b12063d8656a2d1c2eebaee83ed530b642e48"><code>1d5b120</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12145">#12145</a> from
pfmoore/release/23.2</li>
<li><a
href="https://github.com/pypa/pip/commit/b6a2670599ded25ffcebc33b5c8b583ccef87f27"><code>b6a2670</code></a>
Bump for development</li>
<li>See full diff in <a
href="https://github.com/pypa/pip/compare/23.2...23.2.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.2&new-version=23.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>
mergify bot pushed a commit to aws/jsii that referenced this issue Jul 27, 2023
…k/test/generated-code (#4192)

Bumps [pip](https://github.com/pypa/pip) from 23.2 to 23.2.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>23.2.1 (2023-07-22)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Disable PEP 658 metadata fetching with the legacy resolver. (<code>[#12156](pypa/pip#12156) &lt;https://github.com/pypa/pip/issues/12156&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/4a79e65cb6aac84505ad92d272a29f0c3c1aedce"><code>4a79e65</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/81a0711192c32126a7b11d6898677274cdbc40b5"><code>81a0711</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/1d4674c38950fe01d138a57524799473a2341bb7"><code>1d4674c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12163">#12163</a> from pfmoore/fix_12156</li>
<li><a href="https://github.com/pypa/pip/commit/39aa7ed50e26d77a4a277fa525add44b6f7b3bcd"><code>39aa7ed</code></a> Fix a direct creation of RequirementPreparer in the tests</li>
<li><a href="https://github.com/pypa/pip/commit/c12139de9b51da9947d3b36b4f0e2e0c8f467663"><code>c12139d</code></a> Disable PEP 658 for the legacy resolver</li>
<li><a href="https://github.com/pypa/pip/commit/593b85f4abd30688648436bb9baca3b8f7b32b51"><code>593b85f</code></a> Use strict optional checking in misc.py (<a href="https://redirect.github.com/pypa/pip/issues/11382">#11382</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/b252ad819bc7b998508a7ed8789b60dceddfd603"><code>b252ad8</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12148">#12148</a> from mtreinish/patch-1</li>
<li><a href="https://github.com/pypa/pip/commit/26814251c04f459dce8e9502aa42eebdb125ee20"><code>2681425</code></a> Correct typo in 23.2 Changelog Bug Fixes</li>
<li><a href="https://github.com/pypa/pip/commit/1d5b12063d8656a2d1c2eebaee83ed530b642e48"><code>1d5b120</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12145">#12145</a> from pfmoore/release/23.2</li>
<li><a href="https://github.com/pypa/pip/commit/b6a2670599ded25ffcebc33b5c8b583ccef87f27"><code>b6a2670</code></a> Bump for development</li>
<li>See full diff in <a href="https://github.com/pypa/pip/compare/23.2...23.2.1">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.2&new-version=23.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
@sodul
Copy link

sodul commented Aug 4, 2023

@notatallshaw These are the packages that are giving us the most issues:
azure-cli and the other azure-xxxx packages and git+https://github.com/vmware/vsphere-automation-sdk-python (VMware does not release it on the registry, they do fix the dependency issues when reported, but it has frequent issues).

We were able to remove --use-deprecated=legacy-resolver by moving them into a separate requirement file, pip install these first, then pip install our remaining requirements.

We then get an error in the console output (but it does not actually fail the install):

ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
azure-cli 2.49.0 requires fabric~=2.4, but you have fabric 3.1.0 which is incompatible.
azure-cli 2.49.0 requires scp~=0.13.2, but you have scp 0.14.5 which is incompatible.
azure-cli-core 2.49.0 requires msal[broker]==1.20.0, but you have msal 1.23.0 which is incompatible.

The way we use the azure CLI means we never use ssh/scp, so the claimed incompatibility issues have zero consequence for us regardless of being true or not.

@notatallshaw
Copy link
Member

Thanks for the info! If it comes up again or I work on an alternative approach to this problem I will use it as a test case.

torbennehmer added a commit to torbennehmer/hacs-e3dc that referenced this issue Aug 7, 2023
Updates the requirements on [pip](https://github.com/pypa/pip) to permit
the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>23.2.1 (2023-07-22)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Disable PEP 658 metadata fetching with the legacy resolver.
(<code>[#12156](pypa/pip#12156)
&lt;https://github.com/pypa/pip/issues/12156&gt;</code>_)</li>
</ul>
<h1>23.2 (2023-07-15)</h1>
<h2>Process</h2>
<ul>
<li>Deprecate support for eggs for Python 3.11 or later, when the new
<code>importlib.metadata</code> backend is used to load distribution
metadata. This only affects the egg <em>distribution format</em> (with
the <code>.egg</code> extension); distributions using the
<code>.egg-info</code> <em>metadata format</em> (but are not actually
eggs) are not affected. For more information about eggs, see
<code>relevant section in the setuptools documentation
&lt;https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html&gt;</code>__.</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate legacy version and version specifiers that don't conform
to <code>PEP 440 &lt;https://peps.python.org/pep-0440/&gt;</code>_
(<code>[#12063](pypa/pip#12063)
&lt;https://github.com/pypa/pip/issues/12063&gt;</code>_)</li>
<li><code>freeze</code> no longer excludes the <code>setuptools</code>,
<code>distribute</code>, and <code>wheel</code>
from the output when running on Python 3.12 or later, where they are not
included in a virtual environment by default. Use <code>--exclude</code>
if you wish to
exclude any of these packages.
(<code>[#4256](pypa/pip#4256)
&lt;https://github.com/pypa/pip/issues/4256&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>make rejection messages slightly different between 1 and 8, so the
user can make the difference.
(<code>[#12040](pypa/pip#12040)
&lt;https://github.com/pypa/pip/issues/12040&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>pip completion --zsh</code>.
(<code>[#11417](pypa/pip#11417)
&lt;https://github.com/pypa/pip/issues/11417&gt;</code>_)</li>
<li>Prevent downloading files twice when PEP 658 metadata is present
(<code>[#11847](pypa/pip#11847)
&lt;https://github.com/pypa/pip/issues/11847&gt;</code>_)</li>
<li>Add permission check before configuration
(<code>[#11920](pypa/pip#11920)
&lt;https://github.com/pypa/pip/issues/11920&gt;</code>_)</li>
<li>Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree
(<code>[#11957](pypa/pip#11957)
&lt;https://github.com/pypa/pip/issues/11957&gt;</code>_)</li>
<li>Ignore invalid or unreadable <code>origin.json</code> files in the
cache of locally built wheels.
(<code>[#11985](pypa/pip#11985)
&lt;https://github.com/pypa/pip/issues/11985&gt;</code>_)</li>
<li>Fix installation of packages with PEP658 metadata using
non-canonicalized names
(<code>[#12038](pypa/pip#12038)
&lt;https://github.com/pypa/pip/issues/12038&gt;</code>_)</li>
<li>Correctly parse <code>dist-info-metadata</code> values from
JSON-format index data.
(<code>[#12042](pypa/pip#12042)
&lt;https://github.com/pypa/pip/issues/12042&gt;</code>_)</li>
<li>Fail with an error if the <code>--python</code> option is specified
after the subcommand name.
(<code>[#12067](pypa/pip#12067)
&lt;https://github.com/pypa/pip/issues/12067&gt;</code>_)</li>
<li>Fix slowness when using <code>importlib.metadata</code> (the default
way for pip to read metadata in Python 3.11+) and there is a large
overlap between already installed and to-be-installed packages.
(<code>[#12079](pypa/pip#12079)
&lt;https://github.com/pypa/pip/issues/12079&gt;</code>_)</li>
<li>Pass the <code>-r</code> flag to mercurial to be explicit that a
revision is passed and protect
against <code>hg</code> options injection as part of VCS URLs. Users
that do not have control on
VCS URLs passed to pip are advised to upgrade.
(<code>[#12119](pypa/pip#12119)
&lt;https://github.com/pypa/pip/issues/12119&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/4a79e65cb6aac84505ad92d272a29f0c3c1aedce"><code>4a79e65</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/81a0711192c32126a7b11d6898677274cdbc40b5"><code>81a0711</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/1d4674c38950fe01d138a57524799473a2341bb7"><code>1d4674c</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12163">#12163</a> from
pfmoore/fix_12156</li>
<li><a
href="https://github.com/pypa/pip/commit/39aa7ed50e26d77a4a277fa525add44b6f7b3bcd"><code>39aa7ed</code></a>
Fix a direct creation of RequirementPreparer in the tests</li>
<li><a
href="https://github.com/pypa/pip/commit/c12139de9b51da9947d3b36b4f0e2e0c8f467663"><code>c12139d</code></a>
Disable PEP 658 for the legacy resolver</li>
<li><a
href="https://github.com/pypa/pip/commit/593b85f4abd30688648436bb9baca3b8f7b32b51"><code>593b85f</code></a>
Use strict optional checking in misc.py (<a
href="https://redirect.github.com/pypa/pip/issues/11382">#11382</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/b252ad819bc7b998508a7ed8789b60dceddfd603"><code>b252ad8</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12148">#12148</a> from
mtreinish/patch-1</li>
<li><a
href="https://github.com/pypa/pip/commit/26814251c04f459dce8e9502aa42eebdb125ee20"><code>2681425</code></a>
Correct typo in 23.2 Changelog Bug Fixes</li>
<li><a
href="https://github.com/pypa/pip/commit/1d5b12063d8656a2d1c2eebaee83ed530b642e48"><code>1d5b120</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12145">#12145</a> from
pfmoore/release/23.2</li>
<li><a
href="https://github.com/pypa/pip/commit/b6a2670599ded25ffcebc33b5c8b583ccef87f27"><code>b6a2670</code></a>
Bump for development</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/21.0...23.2.1">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>
gignsky added a commit to gignsky/tdarr-node-switcher that referenced this issue Aug 28, 2023
Bumps [pip](https://github.com/pypa/pip) from 23.1.2 to 23.2.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>23.2.1 (2023-07-22)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Disable PEP 658 metadata fetching with the legacy resolver.
(<code>[#12156](pypa/pip#12156)
&lt;https://github.com/pypa/pip/issues/12156&gt;</code>_)</li>
</ul>
<h1>23.2 (2023-07-15)</h1>
<h2>Process</h2>
<ul>
<li>Deprecate support for eggs for Python 3.11 or later, when the new
<code>importlib.metadata</code> backend is used to load distribution
metadata. This only affects the egg <em>distribution format</em> (with
the <code>.egg</code> extension); distributions using the
<code>.egg-info</code> <em>metadata format</em> (but are not actually
eggs) are not affected. For more information about eggs, see
<code>relevant section in the setuptools documentation
&lt;https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html&gt;</code>__.</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate legacy version and version specifiers that don't conform
to <code>PEP 440 &lt;https://peps.python.org/pep-0440/&gt;</code>_
(<code>[#12063](pypa/pip#12063)
&lt;https://github.com/pypa/pip/issues/12063&gt;</code>_)</li>
<li><code>freeze</code> no longer excludes the <code>setuptools</code>,
<code>distribute</code>, and <code>wheel</code>
from the output when running on Python 3.12 or later, where they are not
included in a virtual environment by default. Use <code>--exclude</code>
if you wish to
exclude any of these packages.
(<code>[#4256](pypa/pip#4256)
&lt;https://github.com/pypa/pip/issues/4256&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>make rejection messages slightly different between 1 and 8, so the
user can make the difference.
(<code>[#12040](pypa/pip#12040)
&lt;https://github.com/pypa/pip/issues/12040&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>pip completion --zsh</code>.
(<code>[#11417](pypa/pip#11417)
&lt;https://github.com/pypa/pip/issues/11417&gt;</code>_)</li>
<li>Prevent downloading files twice when PEP 658 metadata is present
(<code>[#11847](pypa/pip#11847)
&lt;https://github.com/pypa/pip/issues/11847&gt;</code>_)</li>
<li>Add permission check before configuration
(<code>[#11920](pypa/pip#11920)
&lt;https://github.com/pypa/pip/issues/11920&gt;</code>_)</li>
<li>Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree
(<code>[#11957](pypa/pip#11957)
&lt;https://github.com/pypa/pip/issues/11957&gt;</code>_)</li>
<li>Ignore invalid or unreadable <code>origin.json</code> files in the
cache of locally built wheels.
(<code>[#11985](pypa/pip#11985)
&lt;https://github.com/pypa/pip/issues/11985&gt;</code>_)</li>
<li>Fix installation of packages with PEP658 metadata using
non-canonicalized names
(<code>[#12038](pypa/pip#12038)
&lt;https://github.com/pypa/pip/issues/12038&gt;</code>_)</li>
<li>Correctly parse <code>dist-info-metadata</code> values from
JSON-format index data.
(<code>[#12042](pypa/pip#12042)
&lt;https://github.com/pypa/pip/issues/12042&gt;</code>_)</li>
<li>Fail with an error if the <code>--python</code> option is specified
after the subcommand name.
(<code>[#12067](pypa/pip#12067)
&lt;https://github.com/pypa/pip/issues/12067&gt;</code>_)</li>
<li>Fix slowness when using <code>importlib.metadata</code> (the default
way for pip to read metadata in Python 3.11+) and there is a large
overlap between already installed and to-be-installed packages.
(<code>[#12079](pypa/pip#12079)
&lt;https://github.com/pypa/pip/issues/12079&gt;</code>_)</li>
<li>Pass the <code>-r</code> flag to mercurial to be explicit that a
revision is passed and protect
against <code>hg</code> options injection as part of VCS URLs. Users
that do not have control on
VCS URLs passed to pip are advised to upgrade.
(<code>[#12119](pypa/pip#12119)
&lt;https://github.com/pypa/pip/issues/12119&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/4a79e65cb6aac84505ad92d272a29f0c3c1aedce"><code>4a79e65</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/81a0711192c32126a7b11d6898677274cdbc40b5"><code>81a0711</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/1d4674c38950fe01d138a57524799473a2341bb7"><code>1d4674c</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12163">#12163</a> from
pfmoore/fix_12156</li>
<li><a
href="https://github.com/pypa/pip/commit/39aa7ed50e26d77a4a277fa525add44b6f7b3bcd"><code>39aa7ed</code></a>
Fix a direct creation of RequirementPreparer in the tests</li>
<li><a
href="https://github.com/pypa/pip/commit/c12139de9b51da9947d3b36b4f0e2e0c8f467663"><code>c12139d</code></a>
Disable PEP 658 for the legacy resolver</li>
<li><a
href="https://github.com/pypa/pip/commit/593b85f4abd30688648436bb9baca3b8f7b32b51"><code>593b85f</code></a>
Use strict optional checking in misc.py (<a
href="https://redirect.github.com/pypa/pip/issues/11382">#11382</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/b252ad819bc7b998508a7ed8789b60dceddfd603"><code>b252ad8</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12148">#12148</a> from
mtreinish/patch-1</li>
<li><a
href="https://github.com/pypa/pip/commit/26814251c04f459dce8e9502aa42eebdb125ee20"><code>2681425</code></a>
Correct typo in 23.2 Changelog Bug Fixes</li>
<li><a
href="https://github.com/pypa/pip/commit/1d5b12063d8656a2d1c2eebaee83ed530b642e48"><code>1d5b120</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12145">#12145</a> from
pfmoore/release/23.2</li>
<li><a
href="https://github.com/pypa/pip/commit/b6a2670599ded25ffcebc33b5c8b583ccef87f27"><code>b6a2670</code></a>
Bump for development</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/23.1.2...23.2.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.1.2&new-version=23.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 4, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
C: dependency resolution About choosing which dependencies to install type: bug A confirmed bug or unintended behavior
Projects
None yet
Development

No branches or pull requests