Bug#1055824: python3-rich: violates Python package metadata with dependency package 'python3-markdown-it' 3.0.0-2

2023-11-14 Thread Ben Finney 
Control: tags -1 + upstream patch

On 12-Nov-2023, Ben Finney wrote:
> Either:
> 
> * The upstream version constraint needs to be relaxed by the upstream
>   project, to allow ‘python3-rich’ version “3.0.0-2” to satisfy the
>   dependency.

This is the resolution indicated by the upstream code base. In versions
starting at “13.4.2”, the upstream project declares dependencies that allow
‘markdown-it-py’ version “3.0.0” also.

https://github.com/Textualize/rich/commit/f232e9d95bbe4747f12459d5935cfa2a42c08069>

This can be applied with a simple patch:

=
diff --git old/pyproject.toml new/pyproject.toml
--- old/pyproject.toml
+++ new/pyproject.toml
@@ -30,7 +30,7 @@
 typing-extensions = { version = ">=4.0.0, <5.0", python = "<3.9" }
 pygments = "^2.14.0"
 ipywidgets = { version = ">=7.5.1,<9", optional = true }
-markdown-it-py = "^2.1.0"
+markdown-it-py = ">=2.1.0"
 
 [tool.poetry.extras]
 jupyter = ["ipywidgets"]
=

or by upgrading Debian's ‘rich’ package source, to upstream's version
“13.4.2” or later.

-- 
 \   “You can never entirely stop being what you once were. That's |
  `\   why it's important to be the right person today, and not put it |
_o__) off until tomorrow.” —Larry Wall |
Ben Finney 


signature.asc
Description: PGP signature

Bug#1055824: python3-rich: violates Python package metadata with dependency package 'python3-markdown-it' 3.0.0-2

2023-11-12 Thread Ben Finney 
On 12-Nov-2023, Sandro Tosi wrote:

> > The inconsistent constraints need to be resolved;
> 
> no they dont. debian uses apt not pip to install packages.

The ‘pip’ command-line tool can also query which packages Python knows are
installed, and that uses the database derived from Python package metadata.

So, the Python metadata installed by the Debian package needs to be
consistent with the dependencies.

> from a packaging perspective, what matter is "does rich work?" and since
> the answer is "yes"

In the aspect of Python giving the correct answer from a query using ‘pip’,
it isn't working. This is because the query is not of the Debian package
database, but the Python metadata.

This can be resolved by making the Debian dependencies and the Python
metadata declared dependencies, consistent.

Please address this so that the Python standard ‘pip’ tool can get the
correct information from the Python metadata installed by these Debian
packages.

-- 
 \ “Science is a way of trying not to fool yourself. The first |
  `\ principle is that you must not fool yourself, and you are the |
_o__)   easiest person to fool.” —Richard P. Feynman, 1964 |
Ben Finney 


signature.asc
Description: PGP signature

Bug#1055824: python3-rich: violates Python package metadata with dependency package 'python3-markdown-it' 3.0.0-2

2023-11-11 Thread Ben Finney 
Package: python3-rich
Version: 13.3.1-2
Severity: normal

Howdy,

The Debian binary package ‘python3-rich’ declares:

Depends: python3-markdown-it

with no version constraint. On this machine, the dependency is satisfied by
the only available version ‘python3-markdown-it’ version “3.0.0-2”.

The Python metadata installed by the Debian ‘python3-rich’ package declares
a constrained version range for that corresponding dependency:

Requires-Dist: markdown-it-py (>=2.1.0,<3.0.0)

This results in the Python ‘pip’ package dependency graph reporting
(correctly) that its version constraints are not satisfied by the installed
packages:

INFO: pip is looking at multiple versions of rich to determine which 
version is compatible with other requirements. This could take a while.
ERROR: Could not find a version that satisfies the requirement 
markdown-it-py<3.0.0,>=2.1.0 (from rich) (from versions: none)

The inconsistent constraints need to be resolved; the Python package
metadata dependency declarations need to be satisfied when the Debian
package is installed. Either:

* The upstream version constraint needs to be relaxed by the upstream
  project, to allow ‘python3-rich’ version “3.0.0-2” to satisfy the
  dependency.

or

* The Debian package needs to constrain its dependency on ‘python3-rich’ to
  match upstream's declared constraints.


-- System Information:
Debian Release: trixie/sid
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.0-3-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_AU.UTF-8), LANGUAGE=en_AU.UTF-8
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3-rich depends on:
ii  python3 [python3-supported-min]  3.11.4-5+b1
ii  python3-markdown-it  3.0.0-2
ii  python3-pygments 2.15.1+dfsg-1
ii  python3-typing-extensions4.7.1-2

python3-rich recommends no packages.

python3-rich suggests no packages.

-- no debconf information