Thirdparty pip dependencies override root project's pip dependencies #1791
Description
🐞 bug report
Affected Rule
use_extension("@rules_python//python/extensions:pip.bzl", "pip")
Is this a regression?
Between old WORKSPACE rules and bzlmod, potentially yes - so long as you knew the order you were defining dependencies.
Description
A third party project called foo uses rules_python and bzlmod to bring in pip dependencies:
pip = use_extension("@rules_python//python/extensions:pip.bzl", "pip")
pip.parse(
hub_name = "foo_pip_deps",
python_version = "3.11",
requirements_lock = "@foo//:requirements_lock.txt",
)
use_repo(pip, "foo_pip_deps")
This dependency is implicitly used as part of a library this third party defines. This requirements_lock.txt uses a pip module matplotlib at v1.
load("@foo_pip_deps//:requirements.bzl", "requirement")
py_library(
name = "foo",
srcs = ["foo.py"],
imports = ["."],
visibility = ["//visibility:public"],
deps = [requirement("matplotlib")], #v1
)
My root project uses the pip extension and its own requirements_lock.txt file to bring in matplotlib at v2.
If I depend on the @foo project:
load("@bar_pip_deps//:requirements.bzl", "requirement")
py_binary(
name = "main",
srcs = ["main.py"],
deps = [
"@foo",
requirement("matplotlib"), #v2
],
)
The target will now use matplotlib at v1. Even though my root project specifically asks for v2.
🔬 Minimal Reproduction
🔥 Exception or Error
🌍 Your Environment
Operating System:
linux
Output of bazel version:
7.0.2
Rules_python version:
0.31.0
Anything else relevant?