-
Notifications
You must be signed in to change notification settings - Fork 428
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unpin numpy #591
Unpin numpy #591
Conversation
See also https://iscinumpy.dev/post/bound-version-constraints/ The workaround here is unnecessary (discussed in google#43). Since numpy declares python_requires, pip's resolver will automatically discard newer numpy solutions when installing on Python 3.8
Thanks for the PR! Interesting... do you know if numpy started using python_requires only recently? IIRC I couldn't get anything working with the simpler setup that you are proposing... but indeed, the tests seem to pass on all 3.8 => 3.12 python versions, so it looks good to me... |
OK, I now remember what the problem was. I was just trying to bump numpy version to 2.1.0, which only supports python>=3.10. If I update pyproject.toml with The only way I found to fix this is to update pyproject.toml with:
Then, This seems more like a "limitation"/requirement from poetry, rather than a requirement from pip? |
I'm pretty sure the pin is needed. Not all tools behave the same way. |
We are working to port magika project management from This is how it currently looks like: Lines 15 to 17 in 6cf77a5
The @hauntsaninja, @gaby, thoughts? |
@reyammer That should be fine, the main thing will be keeping track of which versions Also 👍 for using |
Closing this for now; @hauntsaninja please feel free to reopen if you have more context, thanks! |
Sorry, just seeing this! All of pip/uv/poetry will look at Requires-Python metadata when determining the version of numpy to install. They will not let you install a version of numpy that has a Requires-Python incompatible with your Python version. I promise you that this is so! :-)
The way all Python resolvers work is approximately like the following:
Poetry has a concept of a lockfile. Nothing in here is ever exposed to your users, it's simply for your own development. Poetry's lockfile will try to find a single set of dependencies that you can use across different platforms and Python versions. If it's crashing, it might be because it's trying to compile numpy 1.24 for Python 3.12 from the sdist and failing, which is where your manual splitting of pins might help. uv also has a similar lockfile concept, but maybe its implementation is smart enough to avoid sdists where possible. My recommendation: For anything your users will see, this PR will work great, across all tools (i.e. just a simple For your own development / lockfiles, you could try some equivalent of:
since numpy 1.26 is the first version of numpy to ship wheels for Python 3.12 What you have on master currently also seems a little unnecessarily restrictive, e.g. your users on Python 3.10 and newer won't be able to use numpy 1.26 |
Thank you @hauntsaninja! Super useful. Re-opened this PR while I give some thought to it :-) |
Updated the PR with my concrete suggestion :-) |
I think this PR should be good and would solve a problem in a codebase I work on! astral-sh/uv#8492 is a feature request against uv for them to do this solving automatically when making a lock file. |
Hello @hauntsaninja, thanks so much again for the extended explanation and the PR. I've also started going through https://iscinumpy.dev/post/bound-version-constraints/, great read. I think I've finally understood what you meant. And I think that, up to now, I've misunderstood what the Note to self with my new understanding:
This means: if you are running python < 3.12, you can use any version of numpy>=1.24 that it's compatible with your python version (and it's up to the Does this make any sense? :-) One other thing I'd like to check with you: are you saying that pip and other resolvers should be able to figure these additional constraints out by themselves? e.g., in case one runs python 3.13, then it should be clear via numpy metadata that one should could only install numpy >= 2.1.0, right? And so, you are saying that such Thank you! |
That makes sense and is basically right! For your users, a simple (and magika doesn't need to get in the business of figuring out whether a user can install such a numpy in whatever environment they're using — that's the job of the user's package manager / resolver) For your lock file, things are different. I'll omit some detail, but basically what it means for a given numpy to support a given Python is a little bit of a grey area. For instance, it's probably possible to make numpy 1.26 work on Python 3.13. But numpy 1.26 doesn't have a Python 3.13 wheel, so the way to make this work is for your package manager to compile numpy from source. Workable, but probably a worse experience for you, especially if compilation fails for some reason. The feature request in astral-sh/uv#8492 is for uv to basically be more willing to trade off "in lock file, only use a single version of numpy across all different versions of Python" in favour of "in lock file, use multiple versions of numpy if it means you avoid having to compile numpy from source". If implemented, we wouldn't have to manually trick uv into doing this the way this PR does. That means this PR could be simplified to being a simple |
All makes sense, thank you! Merged. Sorry for the delay and thanks for the extended explanations, I've learnt a lot. |
See also https://iscinumpy.dev/post/bound-version-constraints/
The workaround here is unnecessary (discussed in #43). Since numpy declares python_requires, pip's resolver will automatically discard newer numpy solutions when installing on Python 3.8.
This also saves you a chore every year when Python makes a new release :-)