Dependency broken since updated openapi-spec-validator

[svdgraaf]

Since the release of openapi-spec-validator yesterday (https://github.com/p1c2u/openapi-spec-validator/releases/tag/0.3.2), the resolved dependencies for openapi-core no longer work:

There are incompatible versions in the resolved dependencies:
  jsonschema<4.0.0,>=3.2.0 (from openapi-spec-validator==0.3.2->openapi-core==0.13.8
  jsonschema<5.0.0,>=4.0.0 (from openapi-schema-validator==0.3.0a1->openapi-core==0.13.8

You can still get it to work by forcing the previous release of openapi-spec-validator to 0.3.1.

I think openapi-core needs a release with a fixed dependency list.

[p1c2u]

openapi-spec-validator was released with versions 0.3.3 and 0.4.0. Is it still the case?

[ghost]

This is still problematic. I changed my dependency in poetry to openapi-core = "^0.15 and did a poetry install. The resulting dependencies are wrong: openapi-schema-validator 0.2.3 and openapi-spec-validator 0.4.0 were installed. The openapi-core dependency ranges as shown in poetry show --tree are openapi-schema-validator >=0.2.0,<0.3.0 and openapi-spec-validator >=0.4.0,<5.0.0.

I'm not entirely sure how this is possible, considering the pyproject.toml and poetry.lock look correct.

Edit @p1c2u :
It looks like a problem with the builds / distributions / tagged versions. Both poetry add openapi-core and poetry add git+https://github.com/p1c2u/openapi-core.git#0.15.0 result in incorrect dependencies, as above. However, poetry add git+https://github.com/p1c2u/openapi-core.git#master installs the correct dependencies (0.3.4 and 0.5.1 at this time).

[p1c2u]

Hi @robinmackaij-kadaster

The resulting dependencies are wrong: openapi-schema-validator 0.2.3 and openapi-spec-validator 0.4.0 were installed. The openapi-core dependency ranges as shown in poetry show --tree are openapi-schema-validator >=0.2.0,<0.3.0 and openapi-spec-validator >=0.4.0,<5.0.0.

Considering dependency matrix this is correct.

Future release version (current master) will be compatible with openapi-schema-validato 0.3.x and openapi-spec-validator 0.5.x which will introduce OpenAPI 3.1 support.

[ghost]

Hi @robinmackaij-kadaster

The resulting dependencies are wrong: openapi-schema-validator 0.2.3 and openapi-spec-validator 0.4.0 were installed. The openapi-core dependency ranges as shown in poetry show --tree are openapi-schema-validator >=0.2.0,<0.3.0 and openapi-spec-validator >=0.4.0,<5.0.0.

Considering dependency matrix this is correct.

Future release version (current master) will be compatible with openapi-schema-validato 0.3.x and openapi-spec-validator 0.5.x which will introduce OpenAPI 3.1 support.

Ah yes. I looked at the pyproject.toml at master and it lists the version as 0.15.0 and the dependencies '^0.3.0' and '^0.5.0so I assumed these were the requirements for the0.15.0` release.