[BUG] can't install along with tox

[medecau]

Dependency version resolution is failing when installing in a project with tox.

Poetry's output with all the relevant details:

Because no versions of prospector match >1.8.4,<2.0.0
 and prospector (1.8.4) depends on packaging (<22.0), prospector (>=1.8.4,<2.0.0) requires packaging (<22.0).
And because tox (4.2.8) depends on packaging (>=23)
 and no versions of tox match >4.2.8,<5.0.0, prospector (>=1.8.4,<2.0.0) is incompatible with tox (>=4.2.8,<5.0.0).
So, because pyreviewer depends on both tox (^4.2.8) and prospector (^1.8.4), version solving failed.

The issue seems arise from a prospector dependency on packaging<22.0.

To Reproduce Steps to reproduce the behavior:

1. take a new directory
2. poetry init
3. poetry add tox
4. poetry add prospector
5. Observe error

• OS: macOS
• Tool prospector
• Prospector version ^1.8
• Python version 3.11
• Poetry version 1.3.2

Note that I have successfully added prospector as a dependency with prospector<1.8.

[koniiiik]

Is there a reason why the packaging dependency is pinned the way it is? Briefly looking through the changelog of packaging, the API seems pretty stable, and the backwards incompatibilities mostly amount to dropping support for old Python, or removing obscure bits of API that prospector isn't making use of anyway. Moreover, the versioning scheme seems to be mostly based on the year the release was made, rather than semantic versioning.

The version restriction itself was added in cea00c3 (#576) without any discussion…

[Pierre-Sassoulas]

See #576 for rational, I'm open to new arguments of course :)

[koniiiik]

I'm not challenging having packaging listed as a dependency – that makes perfect sense, since it is a package whose API is directly being used by prospector. The thing I'm challenging is restricting its version to <22.0. Is there any argument against allowing newer versions? Why was it pinned not even to the latest version at the time the dependency was introduced?

[Pierre-Sassoulas]

Right, let's release the constraint. Do you want to open a merge request ?

[carlio]

Hmm this is related to #588

[ryancausey]

Looks like this won't work unless requirements-detector widens or bumps their range also:

$ poetry add "packaging=^22.0"

Updating dependencies
Resolving dependencies... (0.7s)

Because requirements-detector (1.0.3) depends on packaging (>=21.3,<22.0)
 and no versions of requirements-detector match >1.0.3, requirements-detector (>=1.0.3) requires packaging (>=21.3,<22.0).
So, because prospector depends on both requirements-detector (>=1.0.3) and packaging (^22.0), version solving failed.

This is because black 23.1.0 depends on packaging >=22.0

Because black (23.1.0) depends on packaging (>=22.0)
 and prospector (1.8.4) depends on packaging (<22.0), black (23.1.0) is incompatible with prospector (1.8.4).
So, because test-package depends on both black (23.1.0) and prospector (1.8.4), version solving failed.

[Pierre-Sassoulas]

@carlio do you think it's reasonable to replace requirements-detector by some custom code ?

[ryancausey]

I opened a PR against requirements-detector to bump the version range, but it also appears to require dropping python 3.6 support.

[ryancausey]

The PR against requirements detector was merged and released in requirements-detector 1.1.0. It looks like this issue might be resolved by #592 however?

[Pierre-Sassoulas]

#592 was released in prospector 1.9.0

[medecau]

Just checked with tox 4.4.6 and prospector 1.9.0, and it all works as expected.

Thank you all for working to fix this. 🙏🏼