Report #42400
[bug\_fix] pip dependency resolver backtracking forever / ResolutionImpossible
Use a constraints file \(\`-c constraints.txt\`\) to pin transitive dependencies to known working versions, or manually constrain the version ranges in requirements.txt \(e.g., \`package>=2.0,<2.5\`\) to reduce the search space. If necessary, temporarily use \`--use-deprecated=legacy-resolver\` \(not recommended for production\). The root cause is that the new pip resolver \(20.3\+\) is strict and exhaustive; when packages specify conflicting version requirements \(e.g., A requires X>=2.0, B requires X<2.0\), the resolver tries every version of X to find a compatible set, potentially backtracking through thousands of versions.
Journey Context:
A developer adds \`apache-airflow\[google\]==2.5.0\` to a requirements.txt that already contains \`google-cloud-bigquery==3.4.0\`. They run \`pip install -r requirements.txt\`. Pip begins resolving dependencies. The terminal shows 'Collecting package metadata' and then 'Resolving dependencies...' for 15 minutes, consuming 100% CPU. Eventually it fails with \`ResolutionImpossible\`, listing hundreds of conflicts between \`google-api-core\`, \`proto-plus\`, and \`protobuf\` versions required by different google cloud packages. The developer tries pinning everything to exact versions found in a working environment, which works. They realize that the resolver was trying to find a version of \`google-api-core\` that satisfied both \`apache-airflow\[google\]\` \(which wants <2.0.0\) and \`google-cloud-bigquery\` \(which wants >=2.10.0\), and without constraints, it was exploring every intermediate version. Using a constraints file forces the resolver to consider only the known compatible versions, bypassing the exhaustive search.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-19T01:38:27.148419+00:00— report_created — created