-
-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor: rename import to python_multipart #166
Conversation
Signed-off-by: Henry Schreiner <[email protected]>
Wow, I knew this should be possible and played with the idea myself but was unsure how to actually tackle it. If this works, that would be extremely helpful to downstream developers. I'll test this myself as soon as I'll find the time. Very interesting solution. The pth file could be removed again after a couple of releases I guess? |
Signed-off-by: Henry Schreiner <[email protected]>
Ahh, sorry, I did find and run |
If you remove the |
So in my understanding it works like this:
If, for example, twisted decides to move from The only situation where this still breaks is when someone depends on Starlette and Twisted and only updates twisted. That does not sound like a common scenario. |
Yes, that's correct. |
Hard-rename the Python package to `python_multipart`, to avoid conflicts with the `multipart` PyPI package. Both `multipart` and `python-multipart` packages install using `multipart` import name, therefore both cannot be installed at the same time. Historically, we have included only the latter in Gentoo, since it was pulled in as a dependency of dev-python/starlette. However, the former was recently made the recommended replacement for the deprecated and removed `cgi` standard library module, therefore other packages started depending on it. Given that both packages intend to be maintained throughout the foreseeable future, it seems that the best workaround is to rename one of them. In this case, `python-multipart` uses an import name that does not match the package and seems to be have fewer reverse dependencies at this time, so rename it. There is already an open pull request upstream to do exactly that, so reuse parts of it. That said, since we can simply patch reverse dependencies, we do not need the compatibility layer (and probably do not want it, as it could yield confusing errors if the wrong package is installed). Bug: pypa/packaging-problems#818 Pull-Request: Kludex/python-multipart#166 Signed-off-by: Michał Górny <[email protected]>
Hard-rename the Python package to `python_multipart`, to avoid conflicts with the `multipart` PyPI package. Both `multipart` and `python-multipart` packages install using `multipart` import name, therefore both cannot be installed at the same time. Historically, we have included only the latter in Gentoo, since it was pulled in as a dependency of dev-python/starlette. However, the former was recently made the recommended replacement for the deprecated and removed `cgi` standard library module, therefore other packages started depending on it. Given that both packages intend to be maintained throughout the foreseeable future, it seems that the best workaround is to rename one of them. In this case, `python-multipart` uses an import name that does not match the package and seems to be have fewer reverse dependencies at this time, so rename it. There is already an open pull request upstream to do exactly that, so reuse parts of it. That said, since we can simply patch reverse dependencies, we do not need the compatibility layer (and probably do not want it, as it could yield confusing errors if the wrong package is installed). Bug: pypa/packaging-problems#818 Pull-Request: Kludex/python-multipart#166 Signed-off-by: Michał Górny <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't like that we are introducing another tool here (nox), but since it's your strong suit (and I don't want to work on this), I'll ignore it. 👀 👍
Thanks for this @henryiii 🙏
Hey Hey! This rare case seems to be happening: "If both python_multipart and multipart are installed, then there is already a conflict situation. This should be rare." I'm a beginner and I'm learning to code in python with the help of the bots (Claude, ChatGPT and phind) and they have suggested to install python_multipart to fix the issue of multipart module not found. I returned to 0.0.12 (after 3 hours of trying to understand haha) and now the error went away. This is what I was getting on Google Colab: ModuleNotFoundError Traceback (most recent call last) 6 frames ModuleNotFoundError: No module named 'multipart' |
How can I reproduce it? |
I can take a look later today! Is this just a basic colab notebook? Do you have both installed? You can’t use both packages at the same time, before or after this change. |
@Kludex if you’d like to yank 0.0.13, I can see if I can provide a work around if the loader isn’t run tomorrow. I do have an idea to try. I’m assuming this is a large enough issue to worry about because it was caught very quickly. (Colab should not force users to do this, but with Google’s entire Python team fired, I’m not expecting any improvements here for a long time) |
Sure. I'll yank it. Thanks @henryiii 🙏 |
I've yanked it. Thanks for helping here. |
This comment was marked as duplicate.
This comment was marked as duplicate.
FastAPI is broken now.
According to pip list no multipart module is installed.
How do I fix this mess? |
No. It's not. I've yanked the release. Remove your environment and install the packages again. |
Removing the installed modules and reinstalling them solved the issue. Thanks. |
@Kludex, thanks for your patience working out the releases! I was wondering, would it be better to not include the warning on the next release, and only add it in a subsequent release? That way there would be less pressure to try to release other packages like Starlette immediately to avoid the warning. |
Hmmm... That would save me some energy. If you can do that, it would be nice @henryiii Thanks 🙏 |
See #174. |
FWIW, the latest release still breaks FastAPI: $ pip install python-multipart
Collecting python-multipart
Using cached python_multipart-0.0.15-py3-none-any.whl.metadata (1.8 kB)
Using cached python_multipart-0.0.15-py3-none-any.whl (24 kB)
Installing collected packages: python-multipart
Successfully installed python-multipart-0.0.15
I 'fixed it' by pinning the version number to I feel like this change should be communicated to the FastAPI contributors / community, as they don't pin the correct version, and use some custom code to figure out if Related: |
I guess that's why import star is not recommended. |
I've fixed this on version 0.0.16. |
@Kludex No offense, but if you are the 'FastAPI expert' then why you keep breaking it? You are even a member of the FastAPI team - one of only five members. You should be able to coordinate and test these changes before you release them. Please be more careful in the future. |
Renaming a package is tricky, there are lots of edge cases that are really hard to find during local testing and only show up in strange environments (Google Colab) or once you push a release (packaging bugs). Three (or more) people looked at those PRs and mistakes still happened. That's life. Broken releases were yanked immediately after problems were reported, so this should not have affected any production environments. By the way, why does your project depend on a |
This is actually a good opportunity for me to write some of my thoughts, since I'm feeling sad about people on GitHub lately. I maintain (pretty much alone) Starlette and Uvicorn, and by "maintain" I don't mean commit wise, which is also the case: Most of the work actually comes by reviewing, replying discussions and triaging issues. I took I don't have as much as sponsors as I could have, because I didn't create anything relevant. I just maintain others' people's packages. Last year, I got around 325 euros every month, where 300 dollars were from encode. You may say: "oh, that's already more than a lot of other maintainer's receive"... Well... Considering my salary, and my qualifications, at this point, in an hour of consultancy I can get the same amount. 🤷♂️ Be aware that I'm likely one of the most active maintainers in the community. You can just see my history, or see my response time on issues if you doubt what I'm saying... This year, I get a bit more. I talked to the FastAPI creator about how I feel, and Sebastián Ramírez, started sponsoring me 500 dollars a month. Which now I receive exactly $859.00 per month ($500 FastAPI, $300 encode, and $59 from 13 other sponsors). About this issue on On the releases that happened here... I yanked them as fast I could. I may have done a poor review, probably because I respect @henryiii's work, and I may have been overconfident. 🤷♂️ I could have checked the wheel on build... 🤷♂️ I could have done a beta release?... 🤷♂️ I'm not sure if it matters. 🤷♂️ Easy to comment what to do after an incident happens. Any reasonable project needs to have a lockfile. It doesn't matter if it's on ZeroVer, or SemVer, or PotatoVer. Maintainers break packages by mistake. In any case, I've apologized... Multiple times... Wanna me to beg for forgiveness?
Well... I understand that from the outside that's how things look, but I never said I'm one of the FastAPI maintainers. Otherwise I'd publicly say that, it benefits me. I do not maintain FastAPI. I have close contact with Sebastián, and I notify him when needed, but I don't maintain FastAPI. Obviously, I don't want to break FastAPI... I do what is within my range.
Offense taken. I think you are being disrespectful. In any case, I think this improvement makes sense. It's a backwards-compatibility solution. I'm happy we did it. 🙏 |
@Kludex Sorry, but I have no time reading all of that since I am currently busy building a CI/CD for that really tiny FastAPI project to make sure I catch broken releases of python-multipart in the future. Thank you for your time and effort. Enjoy your day, gentlemen. |
Saying "no offense" before being an asshole doesn't make you any less of an asshole. In fact, it is a pretty clear indication that you realize you're being an asshole and you're trying to avoid responsibility for that. |
This renames the import to
python_multipart
, and installs a custom Finder that allows legacy code to continue to work unless the PyPImultipart
package is installed, in which case the custom Finder no longer does anything. A warning is shown asking the user toimport python_multipart
instead ofimport multipart
if they use this. This could be customized if you'd rather have it not show a warning at first (to give libraries time to update, but without a warning I don't know if they will know to update), or show a warning if multipart is installed saying "if you meant to use python_multipart, you are getting multipart instead since you have both installed" (but regular multipart users would unavoidably see that warning, so I don't think it's a great idea).I don't think this will support editable installs (Hatchling's
force_include
doesn't support editable installs), but if someone is doing an editable install, they can usepython_multipart
.I tested it using nox.
I think this will provide a smooth path forward for a painless rename, backward compatibility support for current users, and help users stuck and unable to install both packages in the long run. WDYT?
Cross-reference: #16 pypa/packaging-problems#818