Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dependency on old pydantic causes conflicts with other packages #495

Open
washeck opened this issue Jan 19, 2024 · 15 comments
Open

dependency on old pydantic causes conflicts with other packages #495

washeck opened this issue Jan 19, 2024 · 15 comments
Assignees
@yeisonvargasf
Labels
enhancement Suggests an improvement or new feature.

Comments

@washeck
Copy link

washeck commented Jan 19, 2024
edited
Loading

  • safety version: 3.0.0
  • Python version: 3.11
  • Operating System: linux

Description

safety 3.0.0 depends on pydantic <2, while other packages require v2 (e.g. django-qr-code depends on pydantic >2.5)

What I Did

$ poetry add safety
Using version ^3.0.0 for safety
...
Because no versions of safety match >3.0.0,<4.0.0
 and safety (3.0.0) depends on pydantic (>=1.10.12,<2.0), safety (>=3.0.0,<4.0.0) requires pydantic (>=1.10.12,<2.0).
And because django-qr-code (4.0.1) depends on pydantic (>=2.5), safety (>=3.0.0,<4.0.0) is incompatible with django-qr-code (4.0.1).
@yeisonvargasf yeisonvargasf self-assigned this Jan 19, 2024
@yeisonvargasf yeisonvargasf added the enhancement Suggests an improvement or new feature. label Jan 19, 2024
@yeisonvargasf
Copy link
Member

@washeck, that's correct; we expect to migrate to pydantic > 2.5 inside safety-schemas soon.

@washeck
Copy link
Author

washeck commented Jan 22, 2024

Well, until this is fixed, we cannot use safety because there is no way for the new and old pydantic to cooexist in one project and we cannot drop library used in our production system just because of development support tool.

I understand this is more a problem caused by pydantic authors, but IMHO you should consider not requiring the users of safety to install pydantic. See e.g. jedi-language-server changelog:

Removed pydantic dependency; it made distributing jedi-language-server harder than it needed to be.

@frwickst
Copy link

We have run into this issue as well. Just for the Safety folks here, there are ways to support both Pydantic 2 and 1 in the same version. As Pydantic 2 actually includes the entire v1 lib.

This means that you can upgrade to version 2 with minimal changes (mainly import changes) and then migrate to the actual v2 features later down the line.

Documentation: https://docs.pydantic.dev/latest/migration/#continue-using-pydantic-v1-features

PS. If you want an example of a big project that is facing the same type of issues, you can have a look at Home Assistant and more specifically this issue home-assistant/core#99218

@akjmicro
Copy link

Yeah, safety folks, this is a big one. Working here at my company on an airflow container ecosystem, this is only dependency causing compatibility issues ATM.

@yeisonvargasf
Copy link
Member

Hi folks, thanks for the report here. We should get this resolved next week.

@frwickst, thanks for the hints.

@washeck, in the short term, we aren't considering dropping Pydantic, this dependency conflict will be solved soon.

This was referenced Jan 30, 2024
Closed
Merged
@matthiaskoenig
Copy link

Thanks. Same issue here.

@yeisonvargasf
Copy link
Member

Hi, thanks for the patience here, we will soon release an update that supports 1.x and 2.x

@yeisonvargasf
Copy link
Member

A safety_schemas version 0.0.2 is available, which includes compatibility for Pydantic 1.x and 2.x.

Can you try to install Safety, Pydantic 2.x, and safety_schemas 0.0.2 with pip? Safety 3.0.1 still has the specifier for pydantic<2.0; we will remove it once we get some feedback from users.

@dotlambda
Copy link

@yeisonvargasf Works on NixOS. Thanks a lot!

@Pacheco95
Copy link

@yeisonvargasf didn't work for python:3.12 container:

fastapi~=0.109.2
pydantic-settings~=2.1.0

ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
pydantic-settings 2.1.0 requires pydantic>=2.3.0, but you have pydantic 1.10.14 which is incompatible.

@sobolevbel
Copy link

sobolevbel commented Feb 18, 2024
edited
Loading 

pip-compile --upgrade requirements/tests.in

Could not find a version that matches pydantic<2.0,<3.0.0,>=1.10.12,>=2.5.3 (from safety==3.0.1->-r requirements/tests.in (line 8))

...

There are incompatible versions in the resolved dependencies:
  pydantic<3.0.0,>=2.5.3 (from maison==1.4.3->autoimport==1.4.0->-r requirements/tests.in (line 33))
  pydantic<2.0,>=1.10.12 (from safety==3.0.1->-r requirements/tests.in (line 8))
  pydantic (from safety-schemas==0.0.2->safety==3.0.1->-r requirements/tests.in (line 8))

Kindly ask you to take into consideration removing pydantic from your dependencies if it isn't crucial.

@FluxZA
Copy link

FluxZA commented Feb 19, 2024

@yeisonvargasf Working for us on Py 3.11

@RafaelWO RafaelWO mentioned this issue Mar 2, 2024
Merged
12 tasks
@sobolevbel
Copy link

sobolevbel commented Mar 6, 2024
edited
Loading

Sorry for asking, but we're waiting for the fix. Do you know when will it be available for everyone?

@yeisonvargasf
Copy link
Member

The upper range limit was removed on Safety 3.1.0 version.

@washeck washeck mentioned this issue Apr 3, 2024
Open
@RafaelWO
Copy link

RafaelWO commented May 5, 2024

Great! I believe this can be closed then, right? 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yeisonvargasf yeisonvargasf

Labels
enhancement Suggests an improvement or new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@washeck @matthiaskoenig @frwickst @dotlambda @Pacheco95 @yeisonvargasf @akjmicro @sobolevbel @RafaelWO @FluxZA