e3-pypi-closure: Add yanked management #667
Conversation
As stated in PEP_592, a yanked package should not be installed unless it is the only one matching a version specifier. It used to be possible for e3-pypi-closure to choose a yanked package, if it was simply the most recent version of the package. With this patch, no yanked package will be installed without explicit use of the --allow-yanked option.
leocardao
force-pushed
the
mr/cardao/e3-pypi-closure-manage-yanked
branch
from
90d76b8 to
7cc70c6
Compare
|
No additional tests ? |
|
@grouigrokon I don't know if this is feasible, but in any case, the current code doesn't seem to allow it easily. Currently, in the tests, we generate a setup.py for this, but I haven't found any information to mark a package "yanked" in this file. So we'd have to create a fake pypi server. If you think it's worth it, I'll do it, but this PR is expected by other teams so I suggest you do it in another PR. Do you agree? |
|
I agree that it would be a bit of work. Let's keep it for later.
|
Perfect, I'll open the issue and merge this PR. Thank you. |
|
For the record: @grouigrokon your method doesn't seem to work. I just downloaded the setuptools-scm wheel version 8.0.0, which is a yanked package. There is unfortunately no trace of "yanked", in the metadata. I think it's pypi who says if something is yanked, not the wheels. It is therefore necessary to simulate pypi. I put the issue with the label |
|
Ok, this information seems to be coming from the pypi server :'( |
As stated in PEP_592, a yanked package should not be installed unless it is the only one matching a version specifier.
It used to be possible for e3-pypi-closure to choose a yanked package, if it was simply the most recent version of the package.
With this patch, no yanked package will be installed without explicit use of the --allow-yanked option.
Also add minor improvement to e3-pypi-closure --help.