Make pkg_resources
more forgiving of non-compliant versions
#3839
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In
#3772
we learned that some users have been finding trouble to install packages that follow PEP 440 if another package that does not follow PEP 440 is already installed. This is caused bypkg_resources
automatically "activating" an environment with all the installed distributions and trying to sort them whensetup.py install
orsetup.py develop
is invoked1.Summary of changes
hashcmp
string inpkg_resources
, use a fallback sanitized version in the case of parsing errors.Tests
I tested this is working based on the reproducer provided in a commend in #3772:
Problems with this approach:
pip
will not display the deprecation warning unless settingPYTHONWARNINGS=once
and using the verbose flag (pip -v
).Alternatives
A workaround already exists (the users just need to add
--use-pep517
to thepip install
command).pip
23.1 is supposed to use PEP 517 by default (no need for--use-pep517
flag), so I think most of the users will no longer face this error after the update.(Specially now that we are avoid importing
pkg_resources
unless absolutely necessary).Is it worthy to add such workaround to the codebase?
Pull Request Checklist
changelog.d/
.(See documentation for details)
Footnotes
So far those were the circumstances I could identify, but there might be others. ↩