-
Notifications
You must be signed in to change notification settings - Fork 244
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
_parse_version_many
does not match PEP 508 or documentation
#803
Comments
The canonical spec source is on packaging.python.org: https://packaging.python.org/en/latest/specifications/version-specifiers/#compatible-release So the most important thing would be to raise a PR to pypa/packaging.python.org if we don’t decide to change the implementation. (Personally I feel it’s not worthwhile to break people’s things for this.) |
It looks like this is the relevant spec from packaging.python.org: https://packaging.python.org/en/latest/specifications/dependency-specifiers/ It's the same as the PEP. |
PEP 508 says that a
version_many
looks likeversion_one (wsp* ',' version_one)*
and the documentation comment in_parse_version_many
says that aversion_many
looks like(SPECIFIER (WS? COMMA WS? SPECIFIER)*)?
(essentially the same thing, but optional).However, the implementation of
_parse_version_many
actually parses something likeversion_one (wsp* ',' version_one)* wsp* (',' wsp*)?
or(SPECIFIER (WS? COMMA WS? SPECIFIER)* WS? (COMMA WS?)?)?
. An extra comma, possibly surrounded by whitespace, is accepted.It's probably too late to fix the implementation. Packages like this one contain malformed requirements that are accepted by the implementation but not the documentation. The documentation should probably be changed to reflect reality instead.
produces
It looks like the extra, empty specifier is accidentally removed by
SpecifierSet
when it tries to handle converting an empty string into an empty set.produces
Together, these behaviors cause trailing commas in requirements to be ignored, allowing invalid requirements to be installed by setuptools.
produces
The text was updated successfully, but these errors were encountered: