Bump pytest from 8.3.4 to 9.0.3 #61
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,2 @@ | ||
| eth-ape==0.8.48 | ||
| pytest==9.0.3 | ||
|
Check failure on line 2 in requirements.txt
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🔴 pytest==9.0.3 is incompatible with eth-ape==0.8.48, which declares a hard dependency constraint of pytest<9.0,>=8.0. Running pip install -r requirements.txt with these two pinned versions will fail with a ResolutionImpossible error — the requirements.txt as changed is uninstallable.
Extended reasoning...
What the bug is and how it manifests
eth-ape==0.8.48 ships with a hard upper-bound on pytest, declaring
pytest<9.0,>=8.0in its requires_dist metadata on PyPI. This PR bumps pytest from 8.3.4 to 9.0.3. Because 9.0.3 satisfies>=9.0, it directly violates the strict<9.0ceiling set by eth-ape. pip's dependency resolver treats this as a conflict and cannot produce a valid environment.The specific code path that triggers it
When a user (or CI) runs
pip install -r requirements.txt, pip collects botheth-ape==0.8.48andpytest==9.0.3as direct requirements, then resolves their transitive dependencies. eth-ape's metadata adds the constraintpytest<9.0to the resolution set. pytest==9.0.3 does not satisfy<9.0, so pip raises aResolutionImpossibleerror and the install fails entirely — no packages are installed.Why existing code doesn't prevent it
Dependabot only inspects the direct version bump it is proposing (pytest 8.3.4 → 9.0.3) and checks for known compatibility scores for that one package. It does not automatically cross-check the transitive dependency constraints declared by other pinned packages in the same requirements file. There is no pip-compile lock file or pre-install CI step that would catch this before the PR is merged.
What the impact would be
Any developer, CI runner, or deployment pipeline that clones the repo at this commit and runs
pip install -r requirements.txtwill get a hard failure. The repository will be left in a broken state where its declared test/dev environment cannot be installed at all.How to fix it
Two options: (1) Keep pytest pinned below 9.0 (e.g.,
pytest==8.3.4orpytest>=8.0,<9.0) until eth-ape publishes a release that lifts the upper-bound; or (2) upgrade eth-ape to a version whose requires_dist permitspytest>=9.0and update that pin in requirements.txt at the same time as this pytest bump.Step-by-step proof
eth-ape==0.8.48andpytest==9.0.3.https://pypi.org/pypi/eth-ape/0.8.48/json→ requires_dist includespytest<9.0,>=8.0.pytest==9.0.3must satisfy<9.0from eth-ape. 9.0.3 < 9.0 is false.ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/stable/topics/dependency-resolution/.