Pip3 install from requirement file duplicate entries

wtaylor · June 18, 2020, 3:14pm

Hello Everyone,
I am running pip 20.1.1

From reading the pip documentation it doesn’t state that i am not allowed to have duplicate entries in my requirements file.

pip3 install -r requirements_py3.txt

I get
ERROR: Double requirement given: requests>=2.18.4 (from -r requirements_py3.txt (line 87)) (already in requests==2.23.0 (from -r requirements_py3.txt (line 84)), name=‘requests’)

When i run pip3 install “requests>=2.18.4”

it installs
pip3 list
Package Version

certifi 2020.4.5.2
chardet 3.0.4
idna 2.9
pip 20.1.1
requests 2.24.0
setuptools 41.2.0
urllib3 1.25.9

Can i get a hint about what is happening here i am confused. requests==2.23.0 is greater than 2.18.4 so the requests>=2.18.4 shouldn’t be blocked.

Personally I don’t like the duplicate entries and i would want to remove it. What is going on here?

pylang · June 18, 2020, 3:40pm

What does your requirements_py3.txt look like?

wtaylor · June 18, 2020, 4:22pm

Hello Py,

Thank you for the quick response.

The requirements file i pulled from the repo looks like this.
I see multiple duplicates and my gut feeling is to delete them and run it till it works but I would like to understand why this breaks.

thanks,

2to3==1.0
alabaster==0.7.12
appdirs==1.4.4
appnope==0.1.0
astroid==2.4.1
attrs==19.3.0
autopep8==1.5.3
Babel==2.8.0
backcall==0.1.0
bcrypt==3.1.7
black==19.10b0
boto==2.49.0
certifi==2020.4.5.1
cffi==1.14.0
chardet==3.0.4
click==7.1.2
ConfigArgParse==1.2.3
cryptography==2.9.2
decorator==4.4.2
deepdiff==4.3.2
dnspython==1.16.0
docutils==0.16
EasyProcess==0.3
Faker==4.1.0
Flask==1.1.2
Flask-BasicAuth==0.2.0
future==0.18.2
gevent==1.5a3
geventhttpclient==1.4.2
geventhttpclient-wheels==1.3.1.dev2
gitdb==4.0.5
GitPython==3.1.3
greenlet==0.4.16
idna==2.9
imagesize==1.2.0
importlib-metadata==1.6.1
ipdb==0.13.2
ipython==7.15.0
ipython-genutils==0.2.0
isort==4.3.21
itsdangerous==1.1.0
jedi==0.17.0
jenkins==1.0.2
Jinja2==2.11.2
lazy-object-proxy==1.4.3
locustio==0.14.5
lxml==4.5.1
MarkupSafe==1.1.1
mccabe==0.6.1
more-itertools==8.2.0
msgpack==1.0.0
mypy==0.770
mypy-extensions==0.4.3
netaddr==0.7.19
ordered-set==4.0.1
packaging==20.3
paramiko==2.4.0
parso==0.7.0
pathspec==0.8.0
pep8==1.7.1
pexpect==4.8.0
pickleshare==0.7.5
pip-review==1.1.0
pluggy==0.13.1
prompt-toolkit==3.0.5
psutil==5.7.0
ptyprocess==0.6.0
py==1.8.1
pyasn1==0.4.8
pycodestyle==2.6.0
pycparser==2.20
Pygments==2.6.1
pylint==2.4.4
PyNaCl==1.3.0
pyparsing==2.4.7
pyreadline==2.1
pytest==5.4.1
python-dateutil==2.6.1
pytz==2019.3
PyVirtualDisplay==0.2.1
PyYAML==5.3.1
pyzmq==19.0.1
regex==2020.4.4
requests==2.23.0
retrying==1.3.3
selenium==3.6.0
requests>=2.18.4
pytest==5.4.1
waiting<=1.4.1
netaddr<=0.7.19
PyVirtualDisplay<=0.2.1
paramiko==2.4.0
Faker<=0.7.11
boto<=2.48.0
python_dateutil<=2.6.1
dnspython<=1.15.0
GitPython==3.1.1
jenkins<=1.0.2
pexpect<=4.2.1
retrying<=1.3.3
PyYAML<=3.12
urllib3>=1.22
boto3==1.4.8
configparser==3.5.0
jira==1.0.10
ijson==2.3
lxml==4.1.1
tabulate==0.8.1
deepdiff==3.3.0
urlparse2==1.1.1
uritools==2.0.0
xunitmerge>=1.0.4
kubernetes==9.0.0
ruamel.yaml==0.16.5
netifaces==0.10.7
pyjwt==1.6.4
pycrypto==2.6.1
pandas==0.23.3
psycopg2==2.8.3
splunk-sdk==1.6.6
beautifulsoup4<=4.7.1
pem==19.2.0
pyarrow==0.16.0
future==0.18.2
hypothesis==5.10.4
cython==0.29.17
pytest-html==2.1.1
six==1.15.0
smmap==3.0.4
snowballstemmer==2.0.0
Sphinx==3.0.2
sphinxcontrib-applehelp==1.0.2
sphinxcontrib-devhelp==1.0.2
sphinxcontrib-htmlhelp==1.0.3
sphinxcontrib-jsmath==1.0.1
sphinxcontrib-qthelp==1.0.3
sphinxcontrib-serializinghtml==1.1.4
tabulate==0.8.7
text-unidecode==1.3
toml==0.10.1
traitlets==4.3.3
typed-ast==1.4.1
typing-extensions==3.7.4.2
urllib3==1.25.9
waiting==1.4.1
wcwidth==0.1.9
Werkzeug==1.0.1
wrapt==1.12.1
zipp==3.1.0
zope.event==4.4
zope.interface==5.1.0

pylang · June 18, 2020, 5:13pm

I’m not entirely sure. My guess is that pinned a dependency == is a constraint to use a specific version. Any other duplicate entry is either redundant or violates that constraint. There are experts here that can advise more. It’s likely safe to remove one of the duplicates.

Keep in mind, there is a new dependency resolver which will have new behavior in future versions of pip. It may be worth deleting duplicates and moving on.

brettcannon · June 18, 2020, 6:55pm

I suspect pip is being explicit/conservative in saying that while the two constraints agree in total, individually they don’t agree (i.e. one would allow requests==2.18.4 and the other one wouldn’t). And since having two rules is probably typically a user error, it’s easier/clearer to just say, “nope, you need to be very clear which constraint you want applied”.

wtaylor · June 18, 2020, 7:22pm

Hi Brett,
Thank you for responding. This helps out alot!

Topic		Replies	Views
Question: pip install through requirements.txt vs individual calls to pip install package-name Packaging	2	627	January 4, 2021
Constraints files with hashes Packaging	10	2063	August 31, 2022
Why can't install packages with requirements.txt? Python Help packaging-help	1	910	November 8, 2023
PEP 665, take 2 -- A file format to list Python dependencies for reproducibility of an application Packaging	180	13959	April 16, 2023
PEP 665: Specifying Installation Requirements for Python Projects Packaging	154	12106	November 3, 2021

Pip3 install from requirement file duplicate entries

Related Topics