20769cd7b2
pip 20.3 finally includes a proper dependency resolver. Its use is causing the following error messages on the lower-constraints job: ERROR: Cannot install ... because these package versions have conflicting dependencies. The conflict is caused by: bandit 1.1.0 depends on PyYAML>=3.1.0 cliff 3.4.0 depends on PyYAML>=3.12 openstacksdk 0.52.0 depends on PyYAML>=3.13 Bump our lower constraint for PyYAML to resolve this issue. With that resolved, we see a new issue: ERROR: Could not find a version that satisfies the requirement cryptography>=2.7 (from openstacksdk) ERROR: No matching distribution found for cryptography>=2.7 This is less self-explanatory but looking at the lower-constraints for openstacksdk 0.52.0 shows a dependency on cryptography 2.7 [1], meaning we need to bump this also. Next up, flake8-import-order seems to cause the dependency resolver to go nuts, eventually ending with the following error message in a Python 3.6 environment: Using cached enum34-1.1.2.zip (49 kB) ERROR: Command errored out with exit status 1: command: ... cwd: ... Complete output (9 lines): Traceback (most recent call last): File "<string>", line 1, in <module> File ".../lib/python3.6/site-packages/setuptools/__init__.py", line 7, in <module> import setuptools.distutils_patch # noqa: F401 File ".../lib/python3.6/site-packages/setuptools/distutils_patch.py", line 9, in <module> import re File "/usr/lib64/python3.6/re.py", line 142, in <module> class RegexFlag(enum.IntFlag): AttributeError: module 'enum' has no attribute 'IntFlag' ---------------------------------------- A quick Google suggests this is because the enum34 package is not complete [2]. We shouldn't even be using it since our base virtualenv should at least use Python 3.6, but I guess some dependency doesn't properly restrict the dependency to <= Python 3.4. This is moved from 'test-requirements.txt' to 'tox.ini' since we don't need to use our constraints machinery for linters. Finally, the versions of bandit and hacking that pip is bringing in both requires in a newer version of babel, which in turn requires a new version of pytz. Collecting hacking>=2.0.0 ... ERROR: Cannot install oslo.i18n because these package versions have conflicting dependencies. The conflict is caused by: babel 2.9.0 depends on pytz>=2015.7 babel 2.8.1 depends on pytz>=2015.7 babel 2.8.0 depends on pytz>=2015.7 babel 2.7.0 depends on pytz>=2015.7 Seeing as we shouldn't be tracking bandit in lower-constraints, I'm not sure why we're want to bump these dependencies for just that. As above, we move these dependencies out of 'test-requirements' and into 'tox.ini' since we can do that for linters. [1] https://opendev.org/openstack/openstacksdk/src/tag/0.52.0/requirements.txt#L19 [2] https://github.com/iterative/dvc/issues/1995#issuecomment-491889669 Change-Id: I8ec738fbcabc8d8553db79a876e5592576cd18fa Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
15 lines
523 B
Plaintext
15 lines
523 B
Plaintext
# The order of packages is significant, because pip processes them in the order
|
|
# of appearance. Changing the order has an impact on the overall integration
|
|
# process, which may cause wedges in the gate later.
|
|
coverage!=4.4,>=4.0 # Apache-2.0
|
|
fixtures>=3.0.0 # Apache-2.0/BSD
|
|
oslotest>=3.2.0 # Apache-2.0
|
|
requests>=2.14.2 # Apache-2.0
|
|
requests-mock>=1.2.0 # Apache-2.0
|
|
stestr>=1.0.0 # Apache-2.0
|
|
testtools>=2.2.0 # MIT
|
|
tempest>=17.1.0 # Apache-2.0
|
|
osprofiler>=1.4.0 # Apache-2.0
|
|
wrapt>=1.7.0 # BSD License
|
|
ddt>=1.0.1 # MIT
|