feat: remove fetch depth limit for dependency resolution
Real package managers (pip, npm, Maven) don't have depth limits - they resolve the full dependency tree. We have other safeguards: - Loop prevention via fetch_attempted set - Timeout via auto_fetch_timeout setting - Dependency trees are finite
This commit is contained in:
Mondo Diaz
@@ -896,7 +896,6 @@ async def resolve_dependencies_with_fetch(
|
||||
base_url: str,
|
||||
storage: "S3Storage",
|
||||
registry_clients: Dict[str, "RegistryClient"],
|
||||
max_fetch_depth: int = 10,
|
||||
) -> DependencyResolutionResponse:
|
||||
"""
|
||||
Resolve all dependencies for an artifact recursively, fetching missing ones from upstream.
|
||||
@@ -916,7 +915,6 @@ async def resolve_dependencies_with_fetch(
|
||||
base_url: Base URL for download URLs
|
||||
storage: S3 storage for caching fetched artifacts
|
||||
registry_clients: Map of system project to registry client {"_pypi": PyPIRegistryClient}
|
||||
max_fetch_depth: Maximum depth for auto-fetching (prevents runaway fetching)
|
||||
|
||||
Returns:
|
||||
DependencyResolutionResponse with all resolved artifacts and fetch status
|
||||
@@ -924,7 +922,6 @@ async def resolve_dependencies_with_fetch(
|
||||
Raises:
|
||||
DependencyNotFoundError: If the root artifact cannot be found (even after fetch attempt)
|
||||
CircularDependencyError: If circular dependencies are detected
|
||||
DependencyConflictError: If conflicting versions are required
|
||||
"""
|
||||
# Track fetched artifacts for response
|
||||
fetched_artifacts: List[ResolvedArtifact] = []
|
||||
@@ -1024,7 +1021,6 @@ async def resolve_dependencies_with_fetch(
|
||||
dep_package: str,
|
||||
constraint: str,
|
||||
required_by: str,
|
||||
fetch_depth: int,
|
||||
) -> Optional[Tuple[str, str, int]]:
|
||||
"""
|
||||
Try to fetch a missing dependency from upstream registry.
|
||||
@@ -1039,13 +1035,6 @@ async def resolve_dependencies_with_fetch(
|
||||
)
|
||||
return None
|
||||
|
||||
# Check fetch depth
|
||||
if fetch_depth > max_fetch_depth:
|
||||
logger.info(
|
||||
f"Max fetch depth ({max_fetch_depth}) exceeded for {dep_project}/{dep_package}"
|
||||
)
|
||||
return None
|
||||
|
||||
# Build fetch key for loop prevention
|
||||
fetch_key = f"{dep_project}/{dep_package}@{constraint}"
|
||||
if fetch_key in fetch_attempted:
|
||||
@@ -1105,7 +1094,6 @@ async def resolve_dependencies_with_fetch(
|
||||
size: int,
|
||||
required_by: Optional[str],
|
||||
depth: int = 0,
|
||||
fetch_depth: int = 0,
|
||||
):
|
||||
"""Recursively resolve dependencies with fetch capability."""
|
||||
if depth > MAX_DEPENDENCY_DEPTH:
|
||||
@@ -1178,7 +1166,6 @@ async def resolve_dependencies_with_fetch(
|
||||
dep.dependency_package,
|
||||
dep.version_constraint,
|
||||
pkg_key,
|
||||
fetch_depth + 1,
|
||||
)
|
||||
|
||||
if fetched:
|
||||
@@ -1193,7 +1180,6 @@ async def resolve_dependencies_with_fetch(
|
||||
constraint=dep.version_constraint,
|
||||
required_by=pkg_key,
|
||||
fetch_attempted=was_attempted,
|
||||
fetch_error="Max fetch depth exceeded" if was_attempted and fetch_depth >= max_fetch_depth else None,
|
||||
))
|
||||
continue
|
||||
|
||||
@@ -1244,7 +1230,6 @@ async def resolve_dependencies_with_fetch(
|
||||
dep_size,
|
||||
pkg_key,
|
||||
depth + 1,
|
||||
fetch_depth + 1 if dep_artifact_id in [f.artifact_id for f in fetched_artifacts] else fetch_depth,
|
||||
)
|
||||
|
||||
visiting.remove(artifact_id)
|
||||
|
||||
@@ -7093,7 +7093,6 @@ async def resolve_artifact_dependencies(
|
||||
base_url=base_url,
|
||||
storage=storage,
|
||||
registry_clients=registry_clients,
|
||||
max_fetch_depth=settings.auto_fetch_max_depth,
|
||||
)
|
||||
else:
|
||||
# Fast, synchronous resolution without network calls
|
||||
|
||||
Reference in New Issue
Block a user