pypi-types: fix lenient requirement parsing #1529

BurntSushi · 2024-02-16T19:03:50Z

This fixes a bug where uv pip install failed to install polars:

$ uv pip install polars==0.14.0
error: Failed to download: polars==0.14.0
  Caused by: Couldn't parse metadata of polars-0.14.0-cp37-abi3-manylinux_2_12_x86_64.manylinux2010_x86_64.whl from https://files.pythonhosted.org/packages/5c/c6/749022b096895790c971338de93e610210331ea6cb7c1c2cc32b7f433c4f/polars-0.14.0-cp37-abi3-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
  Caused by: Operator >= cannot be used with a wildcard version specifier
pyarrow>=4.0.*; extra == 'pyarrow'
       ^^^^^^^

Since pyarrow>=4.0.*; extra == 'pyarrow' is invalid and it comes
from the metadata of a dependency (that isn't under the control of the
end user), we actually attempt to "fix" it. Namely, wildcard
dependency specifications are only allowed with == and !=, as per
the Version Specifiers spec. (They aren't explicitly forbidden in
these cases, but instead only have specified behavior for the == and
!= operators.)

This is all fine, but it turns out that when we fix the >=4.0.*
component, we also strip the quotes around pyarrow. (Because some
dependency specifications include stray quotes.) We fix this by making
our quote stripping a bit more selective. (We require that it appear
adjacent to a digit or a *.)

Note that #1477 also reports this error:

$ uv pip install 'requests>=2.30.*'
error: Failed to parse `requests>=2.30.*`
  Caused by: Operator >= cannot be used with a wildcard version specifier
requests>=2.30.*

However, we specifically keep that error message since it's something
under the end user's control. And similarly for a dependency
specification in a requirements.txt file.

Fixes #1477

charliermarsh · 2024-02-16T20:23:39Z

crates/pypi-types/src/lenient_requirement.rs

 /// Ex) `!=3.0*`
 static MISSING_DOT: Lazy<Regex> = Lazy::new(|| Regex::new(r"(\d\.\d)+\*").unwrap());
 /// Ex) `>=3.6,`
 static TRAILING_COMMA: Lazy<Regex> = Lazy::new(|| Regex::new(r",\s*$").unwrap());
 /// Ex) `>= '2.7'`, `>=3.6'`
-static STRAY_QUOTES: Lazy<Regex> = Lazy::new(|| Regex::new(r#"['"]"#).unwrap());
+static STRAY_QUOTES: Lazy<Regex> = Lazy::new(|| Regex::new(r#"['"]([*\d])|([*\d])['"]"#).unwrap());
+// static STRAY_QUOTES: Lazy<Regex> = Lazy::new(|| Regex::new(r#"['"]"#).unwrap());


Nit: remove?

This fixes a bug where `uv pip install` failed to install `polars`: ``` $ uv pip install polars==0.14.0 error: Failed to download: polars==0.14.0 Caused by: Couldn't parse metadata of polars-0.14.0-cp37-abi3-manylinux_2_12_x86_64.manylinux2010_x86_64.whl from https://files.pythonhosted.org/packages/5c/c6/749022b096895790c971338de93e610210331ea6cb7c1c2cc32b7f433c4f/polars-0.14.0-cp37-abi3-manylinux_2_12_x86_64.manylinux2010_x86_64.whl Caused by: Operator >= cannot be used with a wildcard version specifier pyarrow>=4.0.*; extra == 'pyarrow' ^^^^^^^ ``` Since `pyarrow>=4.0.*; extra == 'pyarrow'` is invalid *and* it comes from the metadata of a dependency (that isn't under the control of the end user), we actually attempt to "fix" it. Namely, wildcard dependency specifications are only allowed with `==` and `!=`, as per the [Version Specifiers spec]. (They aren't explicitly forbidden in these cases, but instead only have specified behavior for the `==` and `!=` operators.) This is all fine, but it turns out that when we fix the `>=4.0.*` component, we also strip the quotes around `pyarrow`. (Because some dependency specifications include stray quotes.) We fix this by making our quote stripping a bit more selective. (We require that it appear adjacent to a digit or a `*`.) Note that #1477 also reports this error: ``` $ uv pip install 'requests>=2.30.*' error: Failed to parse `requests>=2.30.*` Caused by: Operator >= cannot be used with a wildcard version specifier requests>=2.30.* ``` However, we specifically keep that error message since it's something under the end user's control. And similarly for a dependency specification in a `requirements.txt` file. Fixes #1477 [Version Specifiers spec]: https://packaging.python.org/en/latest/specifications/version-specifiers/

## Summary Avoid removing quotes from markers, e.g. `numpy (>=1.19) ; python_version >= "3.7"` should not be rewritten. Fixes #2551. This PR also makes fixups a bit more flexible internally for fixes that aren't simple to implement with a pure regex replacement, like this one. #1529 fixed a similar problem but the current regex is still not smart enough to avoid all markers completely (like `python_version`). ## Test Plan Added a few unit tests.

BurntSushi requested a review from charliermarsh February 16, 2024 19:04

charliermarsh reviewed Feb 16, 2024

View reviewed changes

charliermarsh approved these changes Feb 16, 2024

View reviewed changes

charliermarsh added the bug Something isn't working label Feb 16, 2024

BurntSushi force-pushed the ag/fix-i1477 branch from 42b6bfe to dae6c2e Compare February 16, 2024 20:34

BurntSushi merged commit a97c207 into main Feb 16, 2024
7 checks passed

BurntSushi deleted the ag/fix-i1477 branch February 16, 2024 20:52

branchvincent mentioned this pull request Feb 17, 2024

uv 0.1.3 Homebrew/homebrew-core#163022

Merged

charliermarsh mentioned this pull request Feb 22, 2024

uv pip compile does not find a package that pip-compile does (nltk==3.6) #1528

Closed

ibraheemdev mentioned this pull request Apr 23, 2024

Avoid Removing Quotes From Requirement Markers #3214

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

pypi-types: fix lenient requirement parsing #1529

pypi-types: fix lenient requirement parsing #1529

BurntSushi commented Feb 16, 2024

charliermarsh Feb 16, 2024

pypi-types: fix lenient requirement parsing #1529

pypi-types: fix lenient requirement parsing #1529

Conversation

BurntSushi commented Feb 16, 2024

charliermarsh Feb 16, 2024

Choose a reason for hiding this comment