23.2: Legacy resolver triggers error "while checking for conflicts"

[teytaud]

Description

I got that error, requesting that I post an issue:

ERROR: Error while checking for conflicts. Please file an issue on pip's issue tracker: https://github.com/pypa/pip/issues/new
Traceback (most recent call last):
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/commands/install.py", line 575, in _determine_conflicts
    return check_install_conflicts(to_install)
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/operations/check.py", line 108, in check_install_conflicts
    would_be_installed = _simulate_installation_of(to_install, package_set)
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/operations/check.py", line 131, in _simulate_installation_of
    dist = abstract_dist.get_metadata_distribution()
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/distributions/wheel.py", line 23, in get_metadata_distribution
    assert self.req.local_file_path, "Set as part of preparation during download"
AssertionError: Set as part of preparation during download

Expected behavior

I expected no crash.

pip version

pip-23.2-py3-none-any.whl

Python version

Python3.7

OS

Ubuntu

How to Reproduce

The CI of Nevergrad (repeatedly) leads to this crash: https://app.circleci.com/pipelines/github/facebookresearch/nevergrad/8643/workflows/c916c6c6-edcb-4ca6-bed9-ca7b9c98599c/jobs/27932

Output

 Stored in directory: /home/circleci/.cache/pip/wheels/fa/cd/1f/c6b7b50b564983bf3011e8fc75d06047ddc50c07f6e3660b00
  Building wheel for skrebate (pyproject.toml) ... -� �done
  Created wheel for skrebate: filename=skrebate-0.62-py3-none-any.whl size=29253 sha256=4ea15243891445733bd193094aeddd6ba1d3067eb751756c21bfdc787963043c
  Stored in directory: /home/circleci/.cache/pip/wheels/4f/3b/07/22a9a01f3f25cd376122b5ef526737a44993b4c312e50916ed
  Building wheel for GPUtil (pyproject.toml) ... -� �done
  Created wheel for GPUtil: filename=GPUtil-1.4.0-py3-none-any.whl size=7393 sha256=118f8016f44323a7e9f193bb5f39b8531975de242d6e374ace47b5fd1d34a834
  Stored in directory: /home/circleci/.cache/pip/wheels/6e/f8/83/534c52482d6da64622ddbf72cd93c35d2ef2881b78fd08ff0c
  Building wheel for libsvm (pyproject.toml) ... -� �\� �|� �done
  Created wheel for libsvm: filename=libsvm-3.23.0.4-cp37-cp37m-linux_x86_64.whl size=262588 sha256=e45bce3692537df310c15f35a1c169cc66fe8f431cbe33997a97bf26c9e32b4a
  Stored in directory: /home/circleci/.cache/pip/wheels/cd/e8/1e/bf95cf256e4d3ffc94289ab508c49d48e34c98220af63e3513
  Building wheel for support-developer (pyproject.toml) ... -� �done
  Created wheel for support-developer: filename=support_developer-1.0.5-py3-none-any.whl size=5630 sha256=bd7bdab0086ec6c9d26d7dc644bb467db129ea14d576959ab5597d04ff96258d
  Stored in directory: /home/circleci/.cache/pip/wheels/e4/d3/9b/d4f296a0183daacaf202d8b69df27edca88326a47da66cd624
  Building wheel for pyDOE (pyproject.toml) ... -� �done
  Created wheel for pyDOE: filename=pyDOE-0.3.8-py3-none-any.whl size=18167 sha256=f3e8655c666dc3d648c7872436cec090b2782731cd4e0a05bb3f67a780f75dab
  Stored in directory: /home/circleci/.cache/pip/wheels/83/ce/8a/87b25c685bfeca1872d13b8dc101e087a9c6e3fb5ebb47022a
  Building wheel for sklearn (pyproject.toml) ... -� �done
  Created wheel for sklearn: filename=sklearn-0.0-py2.py3-none-any.whl size=1302 sha256=bc09e67e8e39fa3f926a583ac3dc5f1df182465fb0a13453d4e23f4da8fdf834
  Stored in directory: /home/circleci/.cache/pip/wheels/46/ef/c3/157e41f5ee1372d1be90b09f74f82b10e391eaacca8f22d33e
Successfully built nevergrad gym gym-anm silence-tensorflow websocket-server future skrebate GPUtil libsvm support-developer pyDOE sklearn
ERROR: Error while checking for conflicts. Please file an issue on pip's issue tracker: https://github.com/pypa/pip/issues/new
Traceback (most recent call last):
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/commands/install.py", line 575, in _determine_conflicts
    return check_install_conflicts(to_install)
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/operations/check.py", line 108, in check_install_conflicts
    would_be_installed = _simulate_installation_of(to_install, package_set)
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/operations/check.py", line 131, in _simulate_installation_of
    dist = abstract_dist.get_metadata_distribution()
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/distributions/wheel.py", line 23, in get_metadata_distribution
    assert self.req.local_file_path, "Set as part of preparation during download"
AssertionError: Set as part of preparation during download
Installing collected packages: numpy, cma, scipy, joblib, threadpoolctl, scikit-learn, colorama, bayesian-optimization, typing-extensions, six, python-dateutil, pytz, pandas, zipp, importlib-metadata, click, platformdirs, pathspec, mypy-extensions, tomli, typed-ast, black, mypy, iniconfig, packaging, pluggy, exceptiongroup, pytest, coverage, pytest-cov, lazy-object-proxy, wrapt, astroid, isort, mccabe, tomlkit, dill, pylint, wheel, sphinxcontrib-applehelp, sphinxcontrib-devhelp, sphinxcontrib-jsmath, sphinxcontrib-htmlhelp, sphinxcontrib-serializinghtml, sphinxcontrib-qthelp, MarkupSafe, Jinja2, Pygments, docutils, snowballstemmer, babel, alabaster, imagesize, charset-normalizer, idna, urllib3, certifi, requests, sphinx, sphinxcontrib-jquery, sphinx-rtd-theme, commonmark, recommonmark, pkginfo, webencodings, bleach, readme-renderer, requests-toolbelt, more-itertools, jaraco.classes, importlib-resources, pycparser, cffi, cryptography, jeepney, SecretStorage, keyring, rfc3986, mdurl, markdown-it-py, rich, twine, autodocsumm, pyparsing, xlwt, xlrd, opencv-python, cycler, fonttools, kiwisolver, Pillow, matplotlib, cloudpickle, gym-notices, gym, qdldl, osqp, ecos, scs, cvxpy, websocket-client, websocket-server, gym-anm, pygame, nvidia-cuda-runtime-cu11, nvidia-cublas-cu11, nvidia-cudnn-cu11, nvidia-cuda-nvrtc-cu11, torch, parso, jedi, decorator, pickleshare, traitlets, wcwidth, prompt-toolkit, backcall, matplotlib-inline, ptyprocess, pexpect, ipython, Werkzeug, itsdangerous, flask, brotli, flask-compress, soupsieve, beautifulsoup4, hiplot, fcmaes, et-xmlfile, openpyxl, pyproj, tqdm, torchvision, nose, PyUtilib, ply, pyomo, mixsimulator, networkx, future, py4j, hyperopt, IOHexperimenter, patsy, statsmodels, skrebate, GPUtil, cdt, tensorflow-estimator, imageio, tifffile, PyWavelets, scikit-image, absl-py, astunparse, flatbuffers, gast, google-pasta, grpcio, h5py, keras, libclang, opt-einsum, protobuf, cachetools, pyasn1, pyasn1-modules, rsa, google-auth, oauthlib, requests-oauthlib, google-auth-oauthlib, markdown, tensorboard-data-server, tensorboard-plugin-wit, tensorboard, termcolor, tensorflow-io-gcs-filesystem, tensorflow, libsvm, image-quality, autograd, pymoo, Keras-Preprocessing, support-developer, silence-tensorflow, dm-tree, tensorflow-probability, pyDOE, sklearn, tabulate, sobol-seq, py-expression-eval, bayes-optim, nlopt, pybullet, box2d-py, glfw, pyopengl, mujoco, olymp, nevergrad
ERROR: Exception:
Traceback (most recent call last):
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/cli/base_command.py", line 180, in exc_logging_wrapper
    status = run_func(*args)
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/cli/req_command.py", line 248, in wrapper
    return func(self, options, args)
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/commands/install.py", line 460, in run
    pycompile=options.compile,
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/req/__init__.py", line 79, in install_given_reqs
    pycompile=pycompile,
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/pip/_internal/req/req_install.py", line 805, in install
    assert self.local_file_path
AssertionError

Exited with code exit status 2
CircleCI received exit code 2

Code of Conduct

• I agree to follow the PSF Code of Conduct.

[MichalTkac]

I've got the same problem here. Using python 3.9 and pip 23.2, during building a docker image a got this error:

10.08 ERROR: Error while checking for conflicts. Please file an issue on pip's issue tracker: https://github.com/pypa/pip/issues/new
10.08 Traceback (most recent call last):
10.08   File "/usr/local/lib/python3.9/site-packages/pip/_internal/commands/install.py", line 575, in _determine_conflicts
10.08     return check_install_conflicts(to_install)
10.08   File "/usr/local/lib/python3.9/site-packages/pip/_internal/operations/check.py", line 108, in check_install_conflicts
10.08     would_be_installed = _simulate_installation_of(to_install, package_set)
10.08   File "/usr/local/lib/python3.9/site-packages/pip/_internal/operations/check.py", line 131, in _simulate_installation_of
10.08     dist = abstract_dist.get_metadata_distribution()
10.08   File "/usr/local/lib/python3.9/site-packages/pip/_internal/distributions/wheel.py", line 23, in get_metadata_distribution
10.08     assert self.req.local_file_path, "Set as part of preparation during download"
10.08 AssertionError: Set as part of preparation during download
10.08 Installing collected packages: asgiref, bcrypt, charset-normalizer, click, coreschema, urllib3, requests, itypes, uritemplate, coreapi, cryptography, pytz, sqlparse, django, django-cors-headers, django-extensions, django-filter, django-pgtrigger, django-postgres-extensions, django-safedelete, django-utils-six, djangorestframework, djangorestframework-jwt, inflection, drf-yasg, hstspreload, httpcore, httpx, markupsafe, msal, openpyxl, phone-iso3166, psycopg2-binary, pyasn1, qrcode, rsa, twilio, unittest-xml-reporting, uwsgi, whitenoise
10.08 ERROR: Exception:
10.08 Traceback (most recent call last):
10.08   File "/usr/local/lib/python3.9/site-packages/pip/_internal/cli/base_command.py", line 180, in exc_logging_wrapper
10.08     status = run_func(*args)
10.08   File "/usr/local/lib/python3.9/site-packages/pip/_internal/cli/req_command.py", line 248, in wrapper
10.08     return func(self, options, args)
10.08   File "/usr/local/lib/python3.9/site-packages/pip/_internal/commands/install.py", line 452, in run
10.08     installed = install_given_reqs(
10.08   File "/usr/local/lib/python3.9/site-packages/pip/_internal/req/__init__.py", line 72, in install_given_reqs
10.08     requirement.install(
10.08   File "/usr/local/lib/python3.9/site-packages/pip/_internal/req/req_install.py", line 805, in install
10.08     assert self.local_file_path
10.08 AssertionError

[varunTirupathi]

Hey @teytaud did you get any solution for this?

[teytaud]

No. I tried tons of things and failed.

[varunTirupathi]

try running the pip by removing the --use-deprecated=legacy-resolver' in the PIP command if you are using legacy resolver

[MichalTkac]

try running the pip by removing the --use-deprecated=legacy-resolver' in the PIP command if you are using legacy resolver

Hi @varunTirupathi , thanks for the tip.
I discovered that this one works earlier but not sure for what cost, yet

[pfmoore]

OK, if this is only a problem with the legacy resolver, I would strongly recommend switching to the "new" resolver (which is hardly new, at this point it's been round for 3 years).

[GottfriedGanssauge]

We've got the same problem here.
pip-23.2 with Python-3.11

07:21:07  /HAU/crs/environment/bin/python get-pip.py -c /build/crsbuild/constraints.txt
07:21:09  Looking in indexes: https://pypi.org/simple, https://aurora-deploy-read:****@artifactory.haufedev.systems/artifactory/api/pypi/all-pypi/simple
07:21:09  Ignoring PasteDeploy: markers 'python_version == "3.7"' don't match your environment
07:21:09  Collecting pip
07:21:09    Obtaining dependency information for pip from https://files.pythonhosted.org/packages/02/65/f15431ddee78562355ccb39097bf9160a1689f2db40dc418754be98806a1/pip-23.2-py3-none-any.whl.metadata
07:21:10    Downloading pip-23.2-py3-none-any.whl.metadata (4.2 kB)
07:21:10  Collecting setuptools
07:21:10    Obtaining dependency information for setuptools from https://files.pythonhosted.org/packages/c7/42/be1c7bbdd83e1bfb160c94b9cafd8e25efc7400346cf7ccdbdb452c467fa/setuptools-68.0.0-py3-none-any.whl.metadata
07:21:10    Downloading setuptools-68.0.0-py3-none-any.whl.metadata (6.4 kB)
07:21:10  Collecting wheel
07:21:10    Using cached wheel-0.40.0-py3-none-any.whl (64 kB)
07:21:10  �[91mERROR: Error while checking for conflicts. Please file an issue on pip's issue tracker: https://github.com/pypa/pip/issues/new

This same build was running literally for years with Python versions starting from 3.7 to 3.11 and it only started failing yesterday

[GottfriedGanssauge]

I really assume it has to do with the legacy resolver but as can be seen in constraints.txt there seems to be no way around it:

# FIXME: remove this once we have a zope no longer including the insecure RestrictedPython
# The one from the Zope constraints file has a security issue (CVE-2023-37271) which is fixed in 6.1
# this neccessitates the legacy resolver to be used in Dockerfile
RestrictedPython >= 6.1
-c https://zopefoundation.github.io/Zope/releases/5.8.3/constraints.txt
# Zope is not contained in the constraints file, but the Version of Zope must match the Version of the constraints
Zope == 5.8.3

[GottfriedGanssauge]

With the previous version of pip it ran:
(build log of 4 days ago)

07:20:16  /usr/local/bin/python3 -m venv --without-pip /HAU/crs/environment
07:20:16  /HAU/crs/environment/bin/python get-pip.py -c /build/crsbuild/constraints.txt
07:20:19  Looking in indexes: https://pypi.org/simple, https://aurora-deploy-read:****@artifactory.haufedev.systems/artifactory/api/pypi/all-pypi/simple
07:20:19  Ignoring PasteDeploy: markers 'python_version == "3.7"' don't match your environment
07:20:19  Collecting pip
07:20:19    Downloading pip-23.1.2-py3-none-any.whl (2.1 MB)
07:20:20       ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.1/2.1 MB 7.5 MB/s eta 0:00:00
07:20:20  Collecting setuptools
07:20:20    Using cached setuptools-68.0.0-py3-none-any.whl (804 kB)
07:20:20  Collecting wheel
07:20:20    Using cached wheel-0.40.0-py3-none-any.whl (64 kB)
07:20:20  Installing collected packages: pip, setuptools, wheel
07:20:22  Successfully installed pip-23.1.2 setuptools-68.0.0 wheel-0.40.0

Nothing else changed in the build, especially constraints.txt and the PIP_USE_DEPRECATED=legacy-resolver settings were already present 4 days ago

[smoeinbbp]

at the moment maybe installing the previous pip version instead of upgrading it to the latest version can fix the issue. it's a temp fix:

pip install pip==23.1.2

[teytaud]

I don't close for now as this creates a ton of other issues

[teytaud]

I believed it was fixed but no --- error just a bit later: https://app.circleci.com/pipelines/github/facebookresearch/nevergrad/8658/workflows/d3e14a34-5059-4469-9b14-885d122e9aa3/jobs/27973

However things have moved, I try again.

[teytaud]

Successfully installed pip-23.2
Removed legacy.
Still crashing:

ERROR: Error while checking for conflicts. Please file an issue on pip's issue tracker: https://github.com/pypa/pip/issues/new
Traceback (most recent call last):
File "/home/circleci/repo/test_wheel/lib/python3.8/site-packages/pip/_internal/commands/install.py", line 575, in _determine_conflicts
return check_install_conflicts(to_install)
File "/home/circleci/repo/test_wheel/lib/python3.8/site-packages/pip/_internal/operations/check.py", line 108, in check_install_conflicts
would_be_installed = _simulate_installation_of(to_install, package_set)
File "/home/circleci/repo/test_wheel/lib/python3.8/site-packages/pip/_internal/operations/check.py", line 131, in _simulate_installation_of
dist = abstract_dist.get_metadata_distribution()
File "/home/circleci/repo/test_wheel/lib/python3.8/site-packages/pip/_internal/distributions/wheel.py", line 23, in get_metadata_distribution
assert self.req.local_file_path, "Set as part of preparation during download"
AssertionError: Set as part of preparation during download
Installing collected packages: numpy, cma, scipy, joblib, threadpoolctl, scikit-learn, colorama, bayesian-optimization, typing-extensions, six, python-dateutil, pytz, tzdata, pandas, nevergrad
ERROR: Exception:
Traceback (most recent call last):
File "/home/circleci/repo/test_wheel/lib/python3.8/site-packages/pip/_internal/cli/base_command.py", line 180, in exc_logging_wrapper
status = run_func(*args)
File "/home/circleci/repo/test_wheel/lib/python3.8/site-packages/pip/_internal/cli/req_command.py", line 248, in wrapper
return func(self, options, args)
File "/home/circleci/repo/test_wheel/lib/python3.8/site-packages/pip/_internal/commands/install.py", line 452, in run
installed = install_given_reqs(
File "/home/circleci/repo/test_wheel/lib/python3.8/site-packages/pip/_internal/req/init.py", line 72, in install_given_reqs
requirement.install(
File "/home/circleci/repo/test_wheel/lib/python3.8/site-packages/pip/_internal/req/req_install.py", line 805, in install
assert self.local_file_path
AssertionError

[ckw017]

Also running into this, we bisected the problem down to this commit: 5168881

In our case, it seems like before the commit metadata_file_data would be None and self.local_file_path would get populated correctly, but after the commit metadata_file_data gets set and somehow that causes self.local_file_path to never be set.

[pfmoore]

Thanks, that's helpful. Are you able to confirm (maybe by adding a print statement) what the URL/name of the metadata file is? Also, are you just using PyPI, or is there any other package index involved?

[ckw017]

I think(?) its just PyPI, not sure if there's a good way to check. Requirement is numpy>=1.17, on the previous commit (directly before breaking one) this ends up with the self.local_file_path /tmp/pip-unpack-236heq8i/numpy-1.25.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl. Trace from it being set on the previous commit:

  File "/home/ray/anaconda3/bin/pip", line 8, in <module>
    sys.exit(main())
  File "/home/ray/default/pip/src/pip/_internal/cli/main.py", line 79, in main
    return command.main(cmd_args)
  File "/home/ray/default/pip/src/pip/_internal/cli/base_command.py", line 101, in main
    return self._main(args)
  File "/home/ray/default/pip/src/pip/_internal/cli/base_command.py", line 223, in _main
    return run(options, args)
  File "/home/ray/default/pip/src/pip/_internal/cli/base_command.py", line 169, in exc_logging_wrapper
    status = run_func(*args)
  File "/home/ray/default/pip/src/pip/_internal/cli/req_command.py", line 248, in wrapper
    return func(self, options, args)
  File "/home/ray/default/pip/src/pip/_internal/commands/install.py", line 377, in run
    requirement_set = resolver.resolve(
  File "/home/ray/default/pip/src/pip/_internal/resolution/legacy/resolver.py", line 185, in resolve
    discovered_reqs.extend(self._resolve_one(requirement_set, req))
  File "/home/ray/default/pip/src/pip/_internal/resolution/legacy/resolver.py", line 509, in _resolve_one
    dist = self._get_dist_for(req_to_install)
  File "/home/ray/default/pip/src/pip/_internal/resolution/legacy/resolver.py", line 462, in _get_dist_for
    dist = self.preparer.prepare_linked_requirement(req)
  File "/home/ray/default/pip/src/pip/_internal/operations/prepare.py", line 516, in prepare_linked_requirement
    return self._prepare_linked_requirement(req, parallel_builds)
  File "/home/ray/default/pip/src/pip/_internal/operations/prepare.py", line 629, in _prepare_linked_requirement
    req.local_file_path = local_file.path
  File "/home/ray/default/pip/src/pip/_internal/req/req_install.py", line 190, in __setattr__
    traceback.print_stack()

[ckw017]

Docker repro:

docker pull rayproject/ray:2.5.1-py39
docker run -it rayproject/ray:2.5.1-py39  
# (In the container)
pip install pip==23.2
pip install --force-reinstall --use-deprecated=legacy-resolver datasets

[pfmoore]

Oh, sorry. I hadn't realised this was still with the legacy resolver. Does it fail with the standard resolver?

[ckw017]

Seems fine without legacy-resolver

[pfmoore]

The reason I'm asking is that there are some known restrictions on the PEP 658/714 code, because of some weird interactions with the internals of the requirement processing. In particular, we deferred some problems with sdist metadata, because it can never occur right now (PyPI doesn't serve separate metadata for sdists, and until metadata 2.2 is supported, sdist metadata isn't reliable anyway).

I wouldn't be surprised if the legacy resolver is behaving weirdly when faced with partially-downloaded requirement objects. The requirement preparation code is pretty complex and fragile, largely because there's a huge amount of code that's mainly there for backward compatibility 🙁

It's definitely a bug, but if switching to the new resolver addresses it, it's not as critical.

[teytaud]

Seems fine without legacy-resolver

THANKS, looks like this works. I had removed legacy-solver only at one place in the .circleci/config whereas it is at two places... now everything runs just fine:
facebookresearch/nevergrad#1540
https://app.circleci.com/pipelines/github/facebookresearch/nevergrad/8660/workflows/96766157-46de-4c18-9561-17024eef71af/jobs/27982

Thank you very much everyone. This helps a lot, I am very grateful for your help.

[edmorley]

Does adding an early return (conditional on the legacy resolver being enabled) somewhere here also work around the issue?

pip/src/pip/_internal/operations/prepare.py

Lines 364 to 374 in b252ad8

	def _fetch_metadata_only(
	self,
	req: InstallRequirement,
	) -> Optional[BaseDistribution]:
	if self.require_hashes:
	logger.debug(
	"Metadata-only fetching is not used as hash checking is required",
	)
	return None
	# Try PEP 658 metadata first, then fall back to lazy wheel if unavailable.
	return self._fetch_metadata_using_link_data_attr(

If so, that would seem a safer fix than making changes to the legacy resolver, since it would mean the metadata file fetching feature is just disabled entirely when using the legacy resolver - similar to how its already disabled when using hash-checking mode.

[ckw017]

^In a totally unscientific manner, changing if self.require_hashes to if True also fixes the repro, so probably.

[pfmoore]

Nice catch. The hard part is going to be finding out whether we're using the legacy resolver from that point in the code 😕

[pfmoore]

If someone can try #12163, I think that addresses this issue.

[ckw017]

^That also fixes my repro

[pradyunsg]

Keeping this open since the maintainers have been consolidating the various duplicates into this issue -- let's track the fix and close this when it's fixed.

[pfmoore]

On that note, if anyone who encounters this and gets redirected here can test with #12163, that would be a great help. If that PR fixes the issue, just "thumbs up" this comment. If it doesn't, please provide a reproducer.

[amirali-shfz]

@pfmoore Do you know how long it usually takes to get these fixes in specially since it seems like you already have a PR? Trying to understand if I should remove the flag or wait for the fix to be deployed.

[pfmoore]

I would strongly advise that regardless of when the fix is released, if removing the use of the legacy resolver works for you, you should do that. At some point we will remove the legacy resolver altogether, so you should not continue using it unless you have a very good reason to do so.

Having said that, the fix is likely to be included in a bugfix release of pip 23.2, which I hope to have done in the next few days, unless further issues arise. I'd like a few more confirmations that the fix PR works, so if you can test it that would be great.

[amirali-shfz]

I ended up removing the flag -- sorry I wasn't able to test it out due to time constraints. Thanks a lot for your help.

[sodul]

We run into the same issue.

While we would "love" to not use the legacy resolver it is unfortunately not possible due to a large dependency tree that include some projects that do not play well with the new resolver. As a matter of fact we actually have to call pip incrementally to 'ignore' false hard requirements found in some libraries. Not really pip fault but since there is no way to override some package claims about required versions our hand is forced.

[notatallshaw]

we would "love" to not use the legacy resolver it is unfortunately not possible due to a large dependency tree that include some projects that do not play well with the new resolver.

Do you have a public requirements list?

It's useful to have real world examples that could be tested against if other solutions are provided (could be with Pip or with tools that supplement it).

[pradyunsg]

With #12163 landed and at least 1 confirmation that this fixes things (and a couple of unrelated digressions about the legacy resolver), I'm gonna go ahead and say that this is resolved and closing this.

[sodul]

@notatallshaw Unfortunately we do not have a public requirements.txt to share. If I do get some spare time, I will try to disable the legacy resolver in a virtualenv and see if I can reproduce and provide a trimmed down version. No promises though.

[sodul]

@notatallshaw These are the packages that are giving us the most issues:
azure-cli and the other azure-xxxx packages and git+https://github.com/vmware/vsphere-automation-sdk-python (VMware does not release it on the registry, they do fix the dependency issues when reported, but it has frequent issues).

We were able to remove --use-deprecated=legacy-resolver by moving them into a separate requirement file, pip install these first, then pip install our remaining requirements.

We then get an error in the console output (but it does not actually fail the install):

ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
azure-cli 2.49.0 requires fabric~=2.4, but you have fabric 3.1.0 which is incompatible.
azure-cli 2.49.0 requires scp~=0.13.2, but you have scp 0.14.5 which is incompatible.
azure-cli-core 2.49.0 requires msal[broker]==1.20.0, but you have msal 1.23.0 which is incompatible.

The way we use the azure CLI means we never use ssh/scp, so the claimed incompatibility issues have zero consequence for us regardless of being true or not.

[notatallshaw]

Thanks for the info! If it comes up again or I work on an alternative approach to this problem I will use it as a test case.