pip 20.3 dependency management
The latest pip 20.3 introduce a breaking change to dependency management
- It will reduce inconsistency: it will no longer install a combination of packages that is mutually inconsistent. In older versions of pip, it is possible for pip to install a package which does not satisfy the declared requirements of another installed package. For example, in pip 20.0,
pip install "six<1.12" "virtualenv==20.0.2"does the wrong thing, “successfully” installing
six==1.11, even though
six>=1.12.0,<2(defined here). The new resolver, instead, outright rejects installing anything if it gets that input.
- It will be stricter — if you ask pip to install two packages with incompatible requirements, it will refuse (rather than installing a broken combination, like it did in previous versions).
This is definitely a nice change to make sure everything works as intended. However, due to the loose management of package dependencies prior to 20.3, projects may take advantage of this behavior and installs the package in a certain order so that everything works as a whole.
We may end up required to bring all packages to the latest stable version. Some packages may have evolved these APIs over time, it will take a significant effort for a large project to update its pip to 20.3.
This also serves as a good reminder to us, saying when there’s a warning/error, it is best to properly fix it to reduce future maintenance instead of taking advantage of the improper behavior.