job-forge/docs/lessons-learned/001-dependency-version-conflicts.md

Lesson Learned #001: Dependency Version Conflicts

Issue Name

Dependency Version Conflicts in Requirements Files

Date

2025-08-02

Description

During project setup, encountered version conflicts with Python package dependencies:

• pytest-dash==2.5.0 - Version did not exist in PyPI (max available: 2.1.2)
• python-bcrypt==4.1.2 - Incorrect package name (should be bcrypt==4.1.2)

Error Messages

ERROR: Could not find a version that satisfies the requirement pytest-dash==2.5.0 
(from versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.2.0rc1, 0.2.0rc2, 0.2.0rc3, 1.0.0, 1.0.1, 1.1.0, 2.0.0rc1, 2.0.0rc2, 2.0.0rc3, 2.0.0rc4, 2.0.0rc5, 2.0.0, 2.1.0, 2.1.1, 2.1.2)

ERROR: Could not find a version that satisfies the requirement python-bcrypt==4.1.2 
(from versions: 0.3.1, 0.3.2)

Root Cause

1. Incorrect package versions specified without checking PyPI availability
2. Wrong package name used for bcrypt library

Solution Applied

1. Updated pytest-dash version:

   • Changed from pytest-dash==2.5.0 to pytest-dash==2.1.2
   • Verified latest available version on PyPI

2. Fixed bcrypt package name:

   • Changed from python-bcrypt==4.1.2 to bcrypt==4.1.2
   • Used correct package name

Files Modified

• requirements-backend.txt - Fixed bcrypt package name
• requirements-frontend.txt - Updated pytest-dash version

Prevention Strategy

1. Always verify package versions exist on PyPI before adding to requirements
2. Use pip search or check PyPI website for correct package names
3. Consider using version ranges instead of exact pins for non-critical dependencies
4. Implement CI/CD checks to validate requirements files

Impact

• ✅ All dependencies now install successfully
• ✅ Project setup process is streamlined
• ✅ Development environment can be started without version conflicts