Skip to content

fix(pip): Set some dep lower-bound to fix ResolutionTooDeep#613

Open
matthewgrossman wants to merge 5 commits into
mainfrom
mgrossman/6428309-resolution-too-deep
Open

fix(pip): Set some dep lower-bound to fix ResolutionTooDeep#613
matthewgrossman wants to merge 5 commits into
mainfrom
mgrossman/6428309-resolution-too-deep

Conversation

@matthewgrossman

@matthewgrossman matthewgrossman commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Signed-off-by: Matthew Grossman mgrossman@nvidia.com

What

Add lower/upper version bounds on two transitive dependencies to stop pip's
backtracking resolver from failing with ResolutionTooDeep: 200000 on
pip install "nemo-platform[all]".

In plugins/nemo-agents/pyproject.toml:

"litellm>=1.83.14",
"pyopenssl>=26.0.0,<27.0.0",

These flow through make vendor into the generated nemo-agents-plugin extra
in packages/nemo_platform/pyproject.toml, which [all] pulls in via
[services][plugins].

Why

nemo-platform doesn't depend on litellm directly — it comes in transitively
via nvidia-nat-langchainlangchain-litellmlitellm, and nvidia-nat-langchain
also requires pyopenssl directly. litellm has ~1,200 released versions on
PyPI and enters the graph unbounded, so pip's resolvelib backtracker explores
a huge candidate space and blows past its 200,000-round ResolutionTooDeep cap.

The two bounds restate the effective floors nvidia-nat-langchain already
imposes (langchain-litellm>=0.6.5 requires litellm>=1.83.14; nvidia-nat-langchain
requires pyopenssl>=26.0.0,<27.0.0). Surfacing them at the top level collapses
pip's candidate set and lets the resolver converge. This mirrors the existing
ASTD-164 pins in the same file, which do the same thing for the
aioboto3/langchain-aws chain.

Verification

Reproduced the reporter's exact environment (pip 24.0, Python 3.12.12,
pip install "<wheel>[all]" in a clean venv):

Before After
Outcome ResolutionTooDeep: 200000 ✅ success (exit 0)
Time ~2 h → fail ~4.5 min

CI wheel build + test jobs (which install [services] via uv across py3.11–3.14)
continue to pass.

Notes / follow-ups (out of scope)

  • These bounds track today's PyPI state; a future litellm/langchain-litellm
    release could shift the backtracking again, same as the existing ASTD-164 pins.
    This is mitigation, not a permanent cure.
  • pip install "nemo-platform[all]" remains broken on Python 3.13/3.14
    independent of this change, because litellm and nemo-safe-synthesizer
    declare Requires-Python <3.14. pip strictly enforces that cap; uv does not,
    which is why CI (uv) is green there. Worth a separate issue to either bump the
    upstream deps or narrow nemo-platform's advertised requires-python.

Summary by CodeRabbit

  • Bug Fixes
    • Improved installation reliability for the platform and agents plugin bundles by tightening optional dependency requirements.
    • Added explicit compatible version bounds for key dependencies to reduce resolution backtracking and lower the chance of install-time failures.

Signed-off-by: Matthew Grossman <mgrossman@nvidia.com>
@matthewgrossman matthewgrossman requested review from a team as code owners July 8, 2026 19:38
@github-actions github-actions Bot added the fix label Jul 8, 2026
@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 45552261-bad6-4bfe-b876-e790db44a99c

📥 Commits

Reviewing files that changed from the base of the PR and between 6846dd5 and ca6feba.

⛔ Files ignored due to path filters (1)
  • uv.lock is excluded by !**/*.lock
📒 Files selected for processing (2)
  • packages/nemo_platform/pyproject.toml
  • plugins/nemo-agents/pyproject.toml
✅ Files skipped from review due to trivial changes (1)
  • packages/nemo_platform/pyproject.toml
🚧 Files skipped from review as they are similar to previous changes (1)
  • plugins/nemo-agents/pyproject.toml

📝 Walkthrough

Walkthrough

Added minimum version constraints for litellm and pyopenssl in both pyproject.toml files, with comments in the plugin file explaining the resolver-related bounds.

Changes

Dependency version pins

Layer / File(s) Summary
Add litellm/pyopenssl version floors
plugins/nemo-agents/pyproject.toml, packages/nemo_platform/pyproject.toml
Adds explicit litellm>=1.83.14 and pyopenssl>=26.0.0,<27.0.0 constraints, with comments in the plugin file documenting the bounds.

Suggested reviewers: svvarom

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title matches the main change: adding dependency lower bounds to avoid pip ResolutionTooDeep failures.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch mgrossman/6428309-resolution-too-deep

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor
Suite Lines Covered Line Rate Branch Rate
Unit Tests 23349/30529 76.5% 61.2%
Integration Tests 13615/29209 46.6% 19.8%

Signed-off-by: Matthew Grossman <mgrossman@nvidia.com>
Signed-off-by: Matthew Grossman <mgrossman@nvidia.com>

@mckornfield mckornfield left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lol uv.lock 485 changes on this one pin

Signed-off-by: Matthew Grossman <mgrossman@nvidia.com>
Signed-off-by: Matthew Grossman <mgrossman@nvidia.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants