Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential dependency conflicts between seldon-core and opentracing #1867

Closed
NeolithEra opened this issue May 24, 2020 · 4 comments
Closed

Potential dependency conflicts between seldon-core and opentracing #1867

NeolithEra opened this issue May 24, 2020 · 4 comments
Assignees
@adriangonz

Comments

@NeolithEra
Copy link

Hi, as shown in the following full dependency graph of seldon-core, seldon-core requires opentracing >=2.2.0,<2.3.0, seldon-core requires flask-opentracing >=1.1.0,<1.2.0 (flask-opentracing 1.1.0 will be installed, i.e., the newest version satisfying the version constraint), and directed dependency flask-opentracing 1.1.0 transitively introduces opentracing >=2.0,<3.

Obviously, there are multiple version constraints set for opentracing in this project. However, according to pip's “first found wins” installation strategy, opentracing 2.2.0 (i.e., the newest version satisfying constraint >=2.2.0,<2.3.0) is the actually installed version.

Although the first found package version opentracing 2.2.0 just satisfies the later dependency constraint (opentracing >=2.2.0,<2.3.0), such installed version is very close to the upper bound of the version constraint of opentracing specified by flask-opentracing 1.1.0.

Once flask-opentracing upgrades,its newest version will be installed, Therefore, it will easily cause a dependency conflict (build failure), if the upgraded flask-opentracing version introduces a higher version of opentracing, violating its another version constraint >=2.2.0,<2.3.0.

According to the release history of flask-opentracing, it habitually upgrates Opentracing in its recent releases. For instance, flask-opentracing 0.1.6 upgrated Opentracing’s constraint from >= 2.0.0.dev3 to >=1.1,<1.2 ,flask-opentracing 0.2.0 upgrated Opentracing’s constraint from >=1.1,<1.2 to * ,and flask-opentracing 1.0.0 upgrated Opentracing’s constraint from *
to >=2.0,<2.1.

As such, it is a warm warning of a potential dependency conflict issue for seldon-core.

Dependency tree

seldon-core - 1.1.0
| +- azure-storage-blob(install version:2.1.0 version range:<3.0.0,>=2.0.1)
| | +- azure-common(install version:2.2.05 version range:>=1.1.5)
| | +- azure-storage-common(install version:2.1.0 version range:<3,>=2.1)
| | | +- azure-common(install version:2.2.05 version range:>=1.1.5)
| | | +- cryptography(install version:2.9 version range:*)
| | | | +- cffi(install version:1.14.0 version range:>=1.8)
| | | | +- six (install version:1.14.0 version range:>=1.4.1)
| | | +- python-dateutil(install version:2.8.1 version range:*)
| | | +- requests(install version:2.23.0 version range:*)
| | | | +- certifi(install version:2020.4.5.1 version range:>=2017.4.17)
| | | | +- chardet(install version:3.0.4 version range:>=3.0.2,<4)
| | | | +- idna(install version:2.9 version range:>=2.5,<3)
| | | | +- urllib3(install version:1.25.9 version range:>=1.21.1,<1.26)
| +- flask(install version:2.2.0 version range:>=2.2.0,<2.3.0)
| | +- click(install version:7.1.1 version range:>=5.1)
| | +- itsdangerous(install version:1.1.0 version range:>=0.24)
| | +- Jinja2(install version:2.11.2 version range:>=2.10.1)
| | | +- MarkupSafe(install version:2.0.0a1 version range:>=0.23)
| | +- Werkzeug(install version:1.0.1 version range:>=0.15)
| +- flask-cors(install version:3.0.8 version range:<4.0.0)
| | +- flask(install version:2.2.0 version range:>=0.9)
| | | +- click(install version:7.1.1 version range:>=5.1)
| | | +- itsdangerous(install version:1.1.0 version range:>=0.24)
| | | +- Jinja2(install version:2.11.2 version range:>=2.10.1)
| | | | +- MarkupSafe(install version:2.0.0a1 version range:>=0.23)
| | | +- Werkzeug(install version:1.0.1 version range:>=0.15)
| | +- six(install version:1.14.0 version range:*)
| +- flask-opentracing(install version:1.1.0 version range:>=1.1.0,<1.2.0)
| | +- flask(install version:2.2.0 version range:*)
| | | +- click(install version:7.1.1 version range:>=5.1)
| | | +- itsdangerous(install version:1.1.0 version range:>=0.24)
| | | +- Jinja2(install version:2.11.2 version range:>=2.10.1)
| | | | +- MarkupSafe(install version:2.0.0a1 version range:>=0.23)
| | | +- Werkzeug(install version:1.0.1 version range:>=0.15)
| | +- opentracing(install version:2.2.0 version range:>=2.0,<3)
| | | +- unknown (-)(install version: version range:*)
| +- flatbuffers(install version:1.12 version range:>=2.2.0,<2.3.0)
| +- grpcio(install version:1.29.0 version range:>=2.2.0,<2.3.0)
| +- grpcio-opentracing(install version:1.1.4 version range:>=1.1.4,<1.2.0)
| | +- grpcio(install version:1.29.0 version range:>=1.1.3,<2.0)
| | +- opentracing(install version:2.2.0 version range:>=1.2.2)
| | | +- unknown (-)(install version: version range:*)
| | +- six(install version:1.14.0 version range:>=1.10)
| +- gunicorn(install version:20.0.4 version range:>=19.9.0,<20.1.0)
| | +- setuptools(install version:46.1.3 version range:>=3.0)
| +- jaeger-client(install version:4.1.0 version range:<4.2.0,>=4.1.0)
| | +- opentracing(install version:2.2.0 version range:<3.0,>=2.1)
| | | +- unknown (-)(install version: version range:*)
| | +- threadloop(install version:1.0.2 version range:<2,>=1)
| | | +- tornado(install version:6.0.4 version range:*)
| | +- thrift(install version:0.13.0 version range:*)
| | | +- six(install version:1.14.0 version range:>=1.7.2)
| | +- tornado(install version:5.1.1 version range:>=4.3,<6)
| +- minio(install version:5.0.10 version range:<6.0.0,>=4.0.9)
| +- numpy(install version:1.19.0rc1 version range:>=2.2.0,<2.3.0)
| +- opentracing(install version:2.2.0 version range:>=2.2.0,<2.3.0)
| | +- unknown (-)(install version: version range:*)
| +- protobuf(install version:3.12.1 version range:<4.0.0)
| +- pyaml(install version:19.12.0 version range:<20.0.0)
| | +- PyYAML(install version:5.3.1 version range:*)
| +- redis(install version:3.5.2 version range:<4.0.0)
| +- requests(install version:2.23.0 version range:<3.0.0)
| | +- certifi(install version:2020.4.5.1 version range:>=2017.4.17)
| | +- chardet(install version:3.0.4 version range:>=3.0.2,<4)
| | +- idna(install version:2.9 version range:>=2.5,<3)
| | +- urllib3(install version:1.25.9 version range:>=1.21.1,<1.26)
| +- setuptools(install version:46.1.3 version range:>=41.0.0)

Thanks for your help.
Best,
Neolith
@NeolithEra NeolithEra added the triage Needs to be triaged and prioritised accordingly label May 24, 2020
@NeolithEra
Copy link
Author

Suggested Solution

  1. Loosen the version range of opentracing to be >=2.2.0.
  2. Remove your direct dependency opentracing, and use the opentracing transitively introduced by flask-opentracing.
  3. Change your direct dependency flask-opentracing to be <=1.1.0.
    @cliveseldon Which solution do you prefer, 1 ,2or 3?
    Please let me know your choice. May I pull a request to solve this issue?

@ukclivecox
Copy link
Contributor

@adriangonz Has been working on the python code most recently for this. I know the version ranges were there due to incompatibility between some of the package versions but maybe now we can loosen these?

@NeolithEra NeolithEra changed the title Potential dependency conflicts between seldon-core and invenio-records-files Potential dependency conflicts between seldon-core and opentracing May 24, 2020
@adriangonz
Copy link
Contributor

Hey @NeolithEra, thanks for your detailed report!

The dependency constrains around tracing were chosen to let Flask-OpenTracing, opentracing, jaeger-client and grpcio-opentracing work together. In fact, the version constrains that you can see on setup.py were the only combination (at the time) that allowed them to work together.

On our experience, all of them are incredible sensitive to any version change. That's the reason why we had to introduce opentracing as a direct dependency (and also the reason why we probably can't remove it).

Flask-Opentracing is currently pinned to 1.1.x, so there shouldn't be any breaking upgrade that seldon-core would install automatically. Therefore, I can't see any immediate risk as they are right now.

Is there anything in particular that you are missing from the existing set of versions?

@ukclivecox ukclivecox removed the triage Needs to be triaged and prioritised accordingly label May 28, 2020
@adriangonz
Copy link
Contributor

@NeolithEra is this still an issue? I'll be closing this one for now, but please do re-open if this is still a problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adriangonz adriangonz

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@adriangonz @ukclivecox @NeolithEra