Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pip's dependency resolver error #1130

Open
Ana06 opened this issue Sep 3, 2024 · 1 comment
Open

pip's dependency resolver error #1130

Ana06 opened this issue Sep 3, 2024 · 1 comment
Assignees
@emtuls
Labels
🐛 bug Something isn't working
Milestone
FLARE-VM 2024 Q4-P1

Comments

@Ana06
Copy link
Member

Ana06 commented Sep 3, 2024

Details

Both locally and in daily CI, I see the following error in the log:

2024/09/03 09:29:54 [installer.vm] chocolateyinstall.ps1 [+] ERROR : Failed to install: magika.vm
2024/09/03 09:29:54 [installer.vm] chocolateyinstall.ps1 [+] ERROR : Failed to install: malware-jail.vm

It seems to be caused by:

ERROR: ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.

The tools appear to be installed correctly. So this is very confusing and should investigate how to fix it.
@Ana06 Ana06 added the 🐛 bug Something isn't working label Sep 3, 2024
@Ana06 Ana06 mentioned this issue Sep 3, 2024
Open
@Ana06 Ana06 mentioned this issue Sep 30, 2024
Closed
@emtuls
Copy link
Member

emtuls commented Nov 8, 2024
edited
Loading

NOTE: This is actually 2 separate issues. One for magika and separate issue affecting malware-jail.

This specific pip issue is mostly due to our installation of Python tools being installed separately and thus, Python's dependency resolver is unable to properly satisfy any dependency issues, which is what is displaying the error.

The primary underlying issue is that magika version 0.5.1 had an error in their code that was recently fixed in 0.6.0rc1 (currently unreleased on pypi) which is what made numpy version >=1.26 be required even for Python version <3.12 when it should have only needed >=1.24: google/magika@ebac72a

And because we have other python tools installed via libraries.python3.vm, their dependencies are not checked against this and thus more specifically we run into an issue because StringSifter requires numpy==1.24.4: https://github.com/mandiant/stringsifter/blob/33c0cd5538bf4dc499505b63f89bc045b191a0df/requirements.txt#L110
So when numpy is updated to 1.26 because of magika, we get an error:

ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
stringsifter 3.20230711 requires numpy==1.24.4, but you have numpy 1.26.4 which is incompatible.

image

This can be resolved immediately by just using magika version 0.5.0, and should hopefully be resolved when version 0.6.0 is officially released.

The second issue is that malware-jail has not been updated in a long time, and thus many packages it uses are deprecated, which in turn raises WARN issues within npm, causing the package to seem to "fail":
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emtuls emtuls

Labels
🐛 bug Something isn't working
Projects
None yet
Milestone
FLARE-VM 2024 Q4-P1
Development

No branches or pull requests
2 participants
@Ana06 @emtuls