Describe the bug
In Airflow, we are experiencing problems when we are trying to use the PIP released 2 days ago which has the new resolver on by default.
ERROR: Requested oauthlib[signedtoken]>=1.0.0 from https://files.pythonhosted.org/packages/e5/54/4f96c51b171cf3a64a04b8c5167268803205bc5943b5cdf70bd770727b88/oauthlib-1.1.0-1.tar.gz#sha256=0f786c5573248a38efa86c48c59c0c93140ac836ab2a246aeefd8f9039e999ba (from jira->apache-airflow==1.10.13) has different version in metadata: '1.1.0'
How to reproduce
pip install --upgrade pip
pip --version
should return 20.3pip install "https://github.com/apache/airflow/archive/v1-10-test.tar.gz#egg=apache-airflow[all]" --constraint https://raw.githubusercontent.com/apache/airflow/constraints-1-10/constraints-3.6.txt
Collecting oauthlib[signedtoken]>=1.0.0
Using cached oauthlib-3.0.2-py2.py3-none-any.whl (143 kB)
Using cached oauthlib-3.0.1-py2.py3-none-any.whl (142 kB)
Using cached oauthlib-3.0.0-py2.py3-none-any.whl (142 kB)
Using cached oauthlib-2.1.0-py2.py3-none-any.whl (121 kB)
Using cached oauthlib-2.0.7-py2.py3-none-any.whl (124 kB)
Using cached oauthlib-2.0.6.tar.gz (127 kB)
Using cached oauthlib-2.0.5.tar.gz (129 kB)
Using cached oauthlib-2.0.4.tar.gz (127 kB)
Using cached oauthlib-2.0.3.tar.gz (127 kB)
Using cached oauthlib-2.0.2.tar.gz (125 kB)
Using cached oauthlib-2.0.1.tar.gz (122 kB)
Using cached oauthlib-2.0.0.tar.gz (122 kB)
Using cached oauthlib-1.1.2.tar.gz (111 kB)
Using cached oauthlib-1.1.1.tar.gz (108 kB)
Using cached oauthlib-1.1.0-1.tar.gz (106 kB)
ERROR: Requested oauthlib[signedtoken]>=1.0.0 from https://files.pythonhosted.org/packages/e5/54/4f96c51b171cf3a64a04b8c5167268803205bc5943b5cdf70bd770727b88/oauthlib-1.1.0-1.tar.gz#sha256=0f786c5573248a38efa86c48c59c0c93140ac836ab2a246aeefd8f9039e999ba (from jira->apache-airflow[all]) has different version in metadata: '1.1.0'
````
Apparently, metadata in published oauthlib 1.1.0-1 is wrong snd points to 1.1.0.
The same command with the legacy resolver works fine:
pip install --use-deprecated legacy-resolver "https://github.com/apache/airflow/archive/v1-10-test.tar.gz#egg=apache-airflow[all]" --constraint https://raw.githubusercontent.com/apache/airflow/constraints-1-10/constraints-3.6.txt
```
Expected behavior
I expect the resolver does not get broken by broken metadata.
Opened similar issue in PIP https://github.com/pypa/pip/issues/9203 as I am not sure who can fix it.
I tried pip install oauthlib[signedtoken]>=1.0.0
.
It works as expected. I'm not sure what else we can do.
Maybe ytou can remove/yank the offending library version ? I can also try to add limitation to oauthlub in our case!
I tried
pip install oauthlib[signedtoken]>=1.0.0
.
Try pip install oauthlib==1.1.0
, since that's the version that's failing. pip 20.3 has a resolver that backtracks on conflicts.
Confirmed by PIP developers that yanking this version should fix it. https://github.com/pypa/pip/issues/9203#issuecomment-737891765
Would the maintainers be so kind to yank it?
If you guys can yank (https://pypi.org/help/#yanked) that release, it should help us at Airflow and hopefully more libraries like us to use the new PIP resolver without error.
Really appreciate all the work you guys are doing
Hi,
I have yanked the release. Let me know if it is ok now.
Regards
Thanks, appreciate that 🙏
Thanks a lot ! Really appreciate.
Unfottunately, despite PIP maintainer confirmation, it did not work: https://github.com/pypa/pip/issues/9203#issuecomment-738395432
Feel free to unyank @JonathanHuot
Just update - don't unyank it please yet :). Seems that fix is coming https://github.com/pypa/pip/pull/9226
Looks like this is fixed now (tested using pip 21.0)
Thanks for letting us know :)
@JonathanHuot Did we unyank the release yet?
I have unyanked the release, if someone could confirm it still work, that will be great :)
Works :)
Most helpful comment
I have unyanked the release, if someone could confirm it still work, that will be great :)