InconsistentCandidate: Pre-Release not allow #257
Description
I'm using Open Source Review Toolkit to resolve the dependencies of a poetry.project. Within the pyproject.tom, a pre-release version of a dependency is used: genai_endpoints = { version = "0.2.2rc20251105201257", source = "GENAI" } which is resolved to poetry.lock as
[[package]]
name = "genai-endpoints"
version = "0.2.2rc20251105201257"
description = "Semvox genAI endpoints"
optional = false
python-versions = ">=3.12,<4.0"
groups = ["main", "dev"]
files = [
{file = "genai_endpoints-0.2.2rc20251105201257-py3-none-any.whl", hash = "sha256:23f0d77f01d07c4c08a44045c3d8876affd88e48cf4de6e5953ee3d8a60f931e"},
{file = "genai_endpoints-0.2.2rc20251105201257.tar.gz", hash = "sha256:0f4a6fd239ea18cafe3f9c468f81048adbb710a8e6235f25defe436f590dc1c1"},
]
and with poetry export to requirements.txt: genai-endpoints==0.2.2rc20251105201257 ; python_version == "3.12"
but python-inspector fails with :
Running 'python-inspector --python-version 312 --operating-system linux --json-pdt /tmp/ort-PythonInspector17489324190711353943/python-inspector9615377530813343324.json --analyze-setup-py-insecurely --requirement /tmp/ort-Poetry2549011213989081689/requirements6460697747488281912.txt --prefer-source' in '/tmp/ort-Poetry2549011213989081689' failed with exit code 1:
10:06:45 Traceback (most recent call last):
10:06:45 File "/opt/python/versions/3.13.5/lib/python3.13/site-packages/python_inspector/resolve_cli.py", line 259, in resolve_dependencies
10:06:45 resolution_result: Dict = resolver_api(
10:06:45 ~~~~~~~~~~~~^
10:06:45 requirement_files=requirement_files,
10:06:45 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
10:06:45 ...<15 lines>...
10:06:45 generic_paths=generic_paths,
10:06:45 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
10:06:45 )
10:06:45 ^
10:06:45 File "/opt/python/versions/3.13.5/lib/python3.13/site-packages/python_inspector/api.py", line 283, in resolve_dependencies
10:06:45 resolution, purls = resolve(
10:06:45 ~~~~~~~^
10:06:45 direct_dependencies=direct_dependencies,
10:06:45 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
10:06:45 ...<8 lines>...
10:06:45 printer=printer,
10:06:45 ^^^^^^^^^^^^^^^^
10:06:45 )
10:06:45 [...skipping 2 lines...]
10:06:45 resolved_dependencies, packages = get_resolved_dependencies(
10:06:45 ~~~~~~~~~~~~~~~~~~~~~~~~~^
10:06:45 requirements=requirements,
10:06:45 ^^^^^^^^^^^^^^^^^^^^^^^^^^
10:06:45 ...<8 lines>...
10:06:45 printer=printer,
10:06:45 ^^^^^^^^^^^^^^^^
10:06:45 )
10:06:45 ^
10:06:45 File "/opt/python/versions/3.13.5/lib/python3.13/site-packages/python_inspector/api.py", line 465, in get_resolved_dependencies
10:06:45 resolver_results = resolver.resolve(requirements=requirements, max_rounds=max_rounds)
10:06:45 File "/opt/python/versions/3.13.5/lib/python3.13/site-packages/resolvelib/resolvers/resolution.py", line 601, in resolve
10:06:45 state = resolution.resolve(requirements, max_rounds=max_rounds)
10:06:45 File "/opt/python/versions/3.13.5/lib/python3.13/site-packages/resolvelib/resolvers/resolution.py", line 513, in resolve
10:06:45 failure_criterion = self._attempt_to_pin_criterion(name)
10:06:45 File "/opt/python/versions/3.13.5/lib/python3.13/site-packages/resolvelib/resolvers/resolution.py", line 235, in _attempt_to_pin_criterion
10:06:45 raise InconsistentCandidate(candidate, criterion)
10:06:45 resolvelib.resolvers.exceptions.InconsistentCandidate: Provided candidate Candidate(name='genai-endpoints', version=<Version('0.2.2rc20251105201257')>, extras=set()) does not satisfy <Requirement('genai-endpoints==0.2.2rc20251105201257; python_version == "3.12"')>, <Requirement('genai-endpoints<0.3.0,>=0.2.1')>
10:06:45
IS there any way to either allow-prereleases or pin a version to conditions?