On 2021-01-13 20:36:06 +0100 (+0100), Radosław Piliszek wrote: [...]
As an example, I can give you [1] where we are experimenting with getting some extracurricular package into our containers, notably fluent-logger. The only dep of fluent-logger is msgpack but the latest msgpack (as in upper constraints: 1.0.2, or any 1.x for that matter) is not compatible. However, the pin was introduced in fluent-logger in its 0.9.5 release (0.9.6 is the latest). [...]
So just to clarify, your concern is that because you've tried to install newer msgpack, pip is selecting an older version of fluent-logger which doesn't declare an incompatibility with that newer version of msgpack. This seems technically correct. I'm willing to bet if you insisted on installing fluent-logger>0.9.5 you would get the behavior you're expecting. The underlying problem is that the package ecosystem has long based dependency versioning choices on side effect behaviors of pip's (lack of coherent) dep resolution. From the user side of things, if you want to install more than one package explicitly, you need to start specifying how new you want those packages to be. However surprising it is, pip seems to be working as intended here. -- Jeremy Stanley