Skip to content

Use version-pinned PyPI metadata to resolve prerelease sub-dependencies correctly#211

Merged
martinRenou merged 6 commits into
mainfrom
copilot/fix-pip-install-pre-releases
Jun 4, 2026
Merged

Use version-pinned PyPI metadata to resolve prerelease sub-dependencies correctly#211
martinRenou merged 6 commits into
mainfrom
copilot/fix-pip-install-pre-releases

Conversation

Copilot AI commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

Installing a prerelease root package (e.g. jupytergis-lite==0.16.0a0) could still pull stable sub-dependencies (0.15.0) because dependency metadata was read from the unversioned PyPI endpoint. This change makes sub-dependency resolution follow the exact selected package version metadata.

  • Dependency metadata source

    • In processRequirement, after selecting solved.version, fetches:
      • https://pypi.org/pypi/{package}/{version}/json
    • Uses that version’s info.requires_dist when present, instead of relying on unversioned package metadata.
  • Fallback and robustness

    • Keeps existing unversioned metadata as fallback when version-specific fetch fails.
    • Encodes package/version path segments and checks HTTP response status before parsing JSON.
    • Emits a warning when falling back, preserving current behavior while making failures visible.
  • Regression coverage

    • Adds a focused test in unittests/tests/pip/test-solver.ts for:
      • jupytergis-lite==0.16.0a0
    • Asserts transitive resolution selects:
      • jupytergis-core==0.16.0a0
      • jupytergis-lab==0.16.0a0
const versionResponse = await fetch(
  `https://pypi.org/pypi/${encodeURIComponent(requirement.package)}/${encodeURIComponent(solved.version)}/json`
);
const versionMetadata = await versionResponse.json();
const versionRequiresDist = versionMetadata?.info?.requires_dist as string[] | undefined;

if (versionRequiresDist?.length) {
  requiresDist = versionRequiresDist;
}

Copilot AI changed the title [WIP] Fix pip install to pick up pre-releases as sub-dependencies Use version-pinned PyPI metadata to resolve prerelease sub-dependencies correctly Jun 4, 2026
Copilot AI requested a review from martinRenou June 4, 2026 08:00
@martinRenou

Copy link
Copy Markdown
Member

@copilot please undo yarn.lock changes, you're using a different yarn version than us, I use 4.12.0

Copilot AI commented Jun 4, 2026

Copy link
Copy Markdown
Contributor Author

@copilot please undo yarn.lock changes, you're using a different yarn version than us, I use 4.12.0

Done in commit 9e933c3: yarn.lock has been reverted to the baseline version so the PR no longer includes lockfile changes from a different Yarn version.

@martinRenou martinRenou marked this pull request as ready for review June 4, 2026 08:24
@martinRenou martinRenou merged commit 5db1486 into main Jun 4, 2026
6 checks passed
@martinRenou martinRenou deleted the copilot/fix-pip-install-pre-releases branch June 4, 2026 08:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Pip install: pre-releases are not picked up when they are specified as sub-dependency

2 participants