Switch to pip-compile
Categories
(Webtools Graveyard :: Pontoon, defect, P3)
Tracking
(Not tracked)
People
(Reporter: mathjazz, Assigned: mail)
Details
Attachments
(1 file)
Recently, Pip 20.3 was released, which uses a new resolver per default. This new resolver changes the usage of constraints. In particular, it is not possible anymore to use a constraints file in combination with hash checking (as we currently do).
For more details, see:
https://pip.pypa.io/en/latest/user_guide/#watch-out-for
https://github.com/pypa/pip/issues/9020
As a consequence, Travis started to fail:
Collecting asgiref<4,>=3.2.10
ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
asgiref<4,>=3.2.10 from https://files.pythonhosted.org/packages/89/49/5531992efc62f9c6d08a7199dc31176c8c60f7b2548c6ef245f96f29d0d9/asgiref-3.3.1-py3-none-any.whl#sha256=5ee950735509d04eb673bd7f7120f8fa1c9e2df495394992c73234d526907e17 (from Django==3.1.3->-r requirements/default.txt (line 39))
The command "pip install --require-hashes -r requirements/default.txt" failed and exited with 1 during .
As a short-term solution we use the old resolver through the --use-deprecated=legacy-resolver option.
This option will be removed in the next version - Pip 21.0. This bug track the implementation of the long-term solution, which is to switch from hashin to something like pip-compile for the requirements files.
Resources:
https://github.com/mozilla/ichnaea/pull/1427
https://github.com/mozilla/ichnaea/issues/1407
https://github.com/mozilla-services/socorro/pull/5595
|
||
Comment 1•5 years ago
|
||
|
Reporter | |
Updated•5 years ago
|
|
||
Updated•4 years ago
|
Description
•