Skip to content

installing google-cloud-python libraries leads to accidentally installing release candidates of dependencies #13585

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 task done
jku opened this issue Mar 3, 2025 · 0 comments · Fixed by googleapis/gapic-generator-python#2347
Closed
1 task done

installing google-cloud-python libraries leads to accidentally installing release candidates of dependencies #13585

jku opened this issue Mar 3, 2025 · 0 comments · Fixed by googleapis/gapic-generator-python#2347
Assignees
@parthea
Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.

Comments

@jku
Copy link

jku commented Mar 3, 2025
edited
Loading

Determine this is the right repository

  • I determined this is the correct repository in which to report this bug.

Summary of the issue

Context

Installing release versions of google-cloud-python libraries with current pip leads to accidentally installing release candidates of indirect dependencies.

As an example, if I do pip install google-cloud-kms==3.4.0 I currently end up getting grpcio version 1.71.0rc2 -- a release candidate.

This behaviour is a result of

  • pip fixing its pre-release specifier behaviour: "Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <2.0dev can include 1.0rc1)" (https://github.com/pypa/pip/blob/main/NEWS.rst#2501-2025-02-09)
  • All google-cloud-python libraries using dependency specifiers like googleapis-common-protos<2.0.0dev -- this is incorrect and should never include "dev"

Expected Behavior:

  • Installing google-cloud-python projects should not lead to installing release candidates of indirect dependencies
  • pre-release version specifiers (such as "X.Y.Zdev") should not be used when defining library dependencies

Actual Behavior:

google-cloud-kms projects use pre-release version specifiers (specifically <X.Y.Zdev) in their dependencies. This leads to accidentally installing release candidates of indirect dependencies.

API client name and version

No response

Reproduction steps:

# start with empty virtualenv. Upgrade to current pip
pip install -U pip 
# Install a release version of a google-cloud-python package
pip install google-cloud-kms==3.4.0

Reproduction steps: actual results

$ pip show grpcio | grep Version
Version: 1.71.0rc2

Reproduction steps: expected results

$ pip show grpcio | grep Version
Version: 1.70.0

OS & version + platform

No response

Python environment

Python 3.12.8

Python dependencies

Package Version

pip 25.0.1

Additional context

No response
@jku jku added triage me I really want to be triaged. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Mar 3, 2025
@parthea parthea added priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. and removed triage me I really want to be triaged. labels Mar 3, 2025
@parthea parthea self-assigned this Mar 3, 2025
@jku jku mentioned this issue Mar 3, 2025
Closed
This was referenced Mar 3, 2025
Merged
Merged
parthea added a commit that referenced this issue Mar 3, 2025
@parthea
build: remove dev from post processing scripts (#13588)
5cb7709 
Towards #13585

Remove `dev` from post processing scripts
@parthea parthea mentioned this issue Mar 4, 2025
Merged
parthea added a commit that referenced this issue Mar 4, 2025
@parthea
build: remove dev from post processing scripts (#13609)
350e491 
Similar to #13588.

Towards #13585

Remove `dev` from post processing scripts
This was referenced Mar 5, 2025
Merged
Merged
Merged
Open
Merged
Merged
Merged
Merged
Merged
Merged
Closed
Merged
@ohmayr ohmayr mentioned this issue Mar 10, 2025
Closed
parthea added a commit to parthea/pipelines that referenced this issue Mar 13, 2025
@parthea
fix: resolve issue where pre-release versions of dependencies are ins…
0c2ba70 
…talled

See googleapis/google-cloud-python#13585

Signed-off-by: Anthonios Partheniou <[email protected]>
This was referenced Mar 13, 2025
Open
Closed
Merged
parthea added a commit that referenced this issue Mar 13, 2025
@parthea
fix: resolve issue where pre-release versions of dependencies are ins…
ab4fa6e 
…talled

See #13585
This was referenced Mar 13, 2025
Merged
Merged
vchudnov-g pushed a commit that referenced this issue Mar 14, 2025
@parthea
fix: resolve issue where pre-release versions of dependencies are ins…
ae9565a 
…talled (#13653)

See #13585
@parthea parthea mentioned this issue Apr 8, 2025
Merged
copybara-service bot pushed a commit to grpc/grpc that referenced this issue Apr 17, 2025
@parthea @copybara-github
fix: resolve issue where pre-release versions of protobuf are install…
38a825f 
…ed (#38986)

Remove `dev` from `setup.py` to avoid installing pre-release versions of dependency `protobuf`. See googleapis/google-cloud-python#13585 for more information.

If possible, we should back port this fix to active release branches.

https://github.com/pypa/pip/blob/main/NEWS.rst#2501-2025-02-09

![image](https://github.com/user-attachments/assets/bd031558-6066-40f3-b0e6-ad5398ab5472)

Closes #38986

PiperOrigin-RevId: 748592011
sreenithi pushed a commit to sreenithi/grpc that referenced this issue May 7, 2025
@parthea @sreenithi
fix: resolve issue where pre-release versions of protobuf are install…
5618595 
…ed (grpc#38986)

Remove `dev` from `setup.py` to avoid installing pre-release versions of dependency `protobuf`. See googleapis/google-cloud-python#13585 for more information.

If possible, we should back port this fix to active release branches.

https://github.com/pypa/pip/blob/main/NEWS.rst#2501-2025-02-09

![image](https://github.com/user-attachments/assets/bd031558-6066-40f3-b0e6-ad5398ab5472)

Closes grpc#38986

PiperOrigin-RevId: 748592011
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@parthea parthea

Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Milestone
No milestone
2 participants
@jku @parthea