Skip to content

Python: Handle multiple dependency specifiers for the same package #963

New issue
New issue
Open
Open
Python: Handle multiple dependency specifiers for the same package#963
Assignees
cobya
Labels
detector:pipThe pip detectorstatus:requirementsFull requirements are not yet known, so implementation should not be startedtype:refactorRefactoring or improving of existing code
@cobya

Description

@cobya
cobya
opened on Jan 11, 2024

In PythonResolver and SimplePythonResolver, as surfaced in #962 there is the potential for multiple package version specifications for the same package present in a .WHL file returned by pypi. PythonResolver and SimplePythonResolver will now resolve this mismatch by choosing the latest entry, but this logic may result in lost versions.

Investigate pypi responses and documentation to see if there is a better method of handling this case.

Example:
https://pypi.org/project/msal-extensions/
https://files.pythonhosted.org/packages/52/34/a8995d6f0fa626ff6b28dbd9c90f6c2a46bd484bc7ab343d078b0c6ff1a7/msal_extensions-1.0.0-py2.py3-none-any.whl

AB#2139080

Metadata

Metadata

Assignees

Labels

detector:pipThe pip detectorstatus:requirementsFull requirements are not yet known, so implementation should not be startedtype:refactorRefactoring or improving of existing code

Type

No type

Projects

Component Detection - Detector Improvements

Status

In review

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions