Broken dependency evaluation. Pip will not recognize installed prerelease versions

[maarre]

The problem I have is that dependency evaluation will not recognize prerelase versions. The relevant specification: https://packaging.python.org/en/latest/specifications/version-specifiers/#handling-of-pre-releases.

Handling of pre-releases
Pre-releases of any kind, including developmental releases, are implicitly excluded from all version specifiers, unless they are already present on the system, explicitly requested by the user, or if the only available version that satisfies the version specifier is a pre-release.

By default, dependency resolution tools SHOULD:

accept already installed pre-releases for all version specifiers

accept remotely available pre-releases for version specifiers where there is no final or post release that satisfies the version specifier

exclude all other pre-releases from consideration

Dependency resolution tools MAY issue a warning if a pre-release is needed to satisfy a version specifier.

Dependency resolution tools SHOULD also allow users to request the following alternative behaviours:

accepting pre-releases for all version specifiers

excluding pre-releases for all version specifiers (reporting an error or warning if a pre-release is already installed locally, or if a pre-release is the only way to satisfy a particular specifier)

Dependency resolution tools MAY also allow the above behaviour to be controlled on a per-distribution basis.

Post-releases and final releases receive no special treatment in version specifiers - they are always included unless explicitly excluded.

I tried to file this as a pip bug. But it got closed. See the bug report here: pypa/pip#13089

When developing a module the dependencies are specified in the pyproject.toml file. This file should specify the release version. You never want to specify prerelease versions (or postrelease for that matter). This is because the pyproject.toml is a source file which should be tested and if found correct should be sent further down the build pipeline unmodified. If you open the pyproject.toml file all tests are invalidated.

If I specify a dependency as >=1.0 then 1.0a1 should be an acceptable version if there is no 1.0 available.

If you accept this as a valid bug I will do my best to try to fix it without breaking anything else.

[maarre]

We are migrating to nodejs.

[brettcannon]

How do you think we are not implementing the spec appropriately? Do you have a code sample or test case that you can share that points out how we are deviating from the spec?

[maarre]

Sample code will be with you shortly

[maarre]

dependencybug.zip

$ cd libraryexample/
$ python -m build -n
Successfully built verylongnameexamplelibrary-0.0.1a1234.tar.gz and verylongnameexamplelibrary-0.0.1a1234-py3-none-any.whl
$ python -m pip install dist/verylongnameexamplelibrary-0.0.1a1234-py3-none-any.whl
Successfully installed verylongnameexamplelibrary-0.0.1a1234
$ cd ../dependantexample/
$ python -m build -n
Successfully built mainexample-0.0.1b1234.tar.gz and mainexample-0.0.1b1234-py3-none-any.whl
$ python -m pip install dist/mainexample-0.0.1b1234-py3-none-any.whl
ERROR: Could not find a version that satisfies the requirement verylongnameexamplelibrary>=0.0.1 (from mainexample) (from versions: none)
ERROR: No matching distribution found for verylongnameexamplelibrary>=0.0.1
$ python -m pip install dist/mainexample-0.0.1b1234-py3-none-any.whl --no-deps
Successfully installed mainexample-0.0.1b1234
$ python -m dependant
hello world

[brettcannon]

Sorry, but that output doesn't cut down what the issue is clearly. Are you saying you have a verylongnameexamplelibrary>=0.0.1 requirement that you expect mainexample-0.0.1b1234-py3-none-any.whl to satisfy? That's working by "design".

I'm going to close this as a duplicate of #856 as I think your issue with upstream projects is similar.

[maarre]

I am happy that you realise this is a bug. For us it was a showstopper. We have successfully migrated to nodejs.