bazelbuild
Thirdparty pip dependencies override root project's pip dependencies
🐞 bug report
Affected Rule
use_extension("@rules_python//python/extensions:pip.bzl", "pip")
Is this a regression?
Between old WORKSPACE rules and bzlmod, potentially yes - so long as you knew the order you were defining dependencies.
Description
A third party project called foo uses rules_python and bzlmod to bring in pip dependencies:
pip = use_extension("@rules_python//python/extensions:pip.bzl", "pip")
pip.parse(
hub_name = "foo_pip_deps",
python_version = "3.11",
requirements_lock = "@foo//:requirements_lock.txt",
)
use_repo(pip, "foo_pip_deps")
This dependency is implicitly used as part of a library this third party defines. This requirements_lock.txt uses a pip module matplotlib at v1.
load("@foo_pip_deps//:requirements.bzl", "requirement")
py_library(
name = "foo",
srcs = ["foo.py"],
imports = ["."],
visibility = ["//visibility:public"],
deps = [requirement("matplotlib")], #v1
)
My root project uses the pip extension and its own requirements_lock.txt file to bring in matplotlib at v2.
If I depend on the @foo project:
load("@bar_pip_deps//:requirements.bzl", "requirement")
py_binary(
name = "main",
srcs = ["main.py"],
deps = [
"@foo",
requirement("matplotlib"), #v2
],
)
The target will now use matplotlib at v1. Even though my root project specifically asks for v2.
🔬 Minimal Reproduction
🔥 Exception or Error
🌍 Your Environment
Operating System:
linux
Output of bazel version:
7.0.2
Rules_python version:
0.31.0
Anything else relevant?
This issue has been automatically marked as stale because it has not had any activity for 180 days. It will be closed if no further activity occurs in 30 days. Collaborators can add an assignee to keep this open indefinitely. Thanks for your contributions to rules_python!
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
