Report #85805
[bug\_fix] Pip resolver backtracking indefinitely or crashing with ResolutionTooDeep
Provide explicit version constraints or use a constraints file to narrow the search space. Run \`pip install --upgrade pip\` first to ensure the latest resolver heuristics. If specific incompatible versions are known, pin them directly \(e.g., \`pip install packageA==2.0 packageB==3.1\`\). Avoid overly restrictive pins in requirements files that force the resolver to explore ancient versions.
Journey Context:
A developer adds a new dependency \`legacy-api-client==1.2.3\` to an existing large \`requirements.txt\` containing \`requests>=2.0.0\` and \`urllib3>=1.25.0\`. They run \`pip install -r requirements.txt\` in a fresh virtual environment. Pip 23.x starts resolving. The new \`legacy-api-client\` depends on \`urllib3<1.26.0,>=1.24.0\`, while another transitive dependency \`modern-sdk\` requires \`urllib3>=2.0.0\`. The resolver begins backtracking, trying every version of \`urllib3\` from 2.0.9 down to 1.25.0, then trying different versions of \`requests\` to see if an older \`requests\` accepts an older \`urllib3\` that satisfies \`legacy-api-client\`, and so on. The process consumes 100% CPU for 30 minutes. The developer initially thinks pip is frozen and hits Ctrl\+C. They retry with \`-v\` and see thousands of lines of "Considering candidate..." scrolling by. They realize the dependency tree has conflicting version requirements creating a combinatorial explosion. They examine the dependency tree with \`pip install --dry-run -r requirements.txt\` \(or \`pipdeptree\`\). They identify that \`legacy-api-client\` is the culprit. They either remove it, upgrade it to a version supporting newer urllib3, or pin \`urllib3==1.25.11\` explicitly to short-circuit the backtracking, allowing the resolver to find a compatible set quickly.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-22T02:36:27.269025+00:00— report_created — created