fix: pin azure-ai-projects to <2.0.0 in tooling-extensions-azureaifoundry#233
Conversation
…ndry The build backend introduced on Apr 1 (fbdc187) injects the root constraint-dependencies into published wheel metadata. The root pinned azure-ai-projects >= 2.0.0b1, which conflicts with semantic-kernel's transitive requirement of azure-ai-projects~=1.0.0b12 (<2.0.0). Pin azure-ai-projects>=1.0.0b12,<2.0.0 explicitly in this package so the build backend leaves it unchanged (it skips deps that already have a version specifier). The <2.0.0 upper bound is also required because azure-ai-projects 2.x removed the Agents API used by this package (project_client.agents.update_agent).
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
There was a problem hiding this comment.
Pull request overview
This PR aims to resolve an installation-time dependency conflict by preventing microsoft-agents-a365-tooling-extensions-azureaifoundry from being stamped with azure-ai-projects >= 2.0.0 and instead requiring < 2.0.0.
Changes:
- Pin
azure-ai-projectsto>=1.0.0b12,<2.0.0in the Azure AI Foundry tooling extension package.
The centralized build backend (introduced Apr 1, fbdc187) stamps wheel metadata from the root constraint-dependencies. The previous entry 'azure-ai-projects >= 2.0.0b1' conflicted with semantic-kernel>=1.39.3 which requires azure-ai-projects~=1.0.0b12 (<2.0.0). Fix by updating the root pyproject.toml in two places: - constraint-dependencies: azure-ai-projects>=1.0.0b12,<2.0.0 - override-dependencies: azure-ai-projects>=1.0.0b12,<2.0.0 The <2.0.0 upper bound is also correct for tooling-extensions-azureaifoundry which uses the 1.x Agents API (project_client.agents.update_agent) that was removed in azure-ai-projects 2.x. Package-level pyproject.toml files keep bare 'azure-ai-projects' (no version specifier) to satisfy verify_constraints.py policy.
| # azure-ai-projects is capped at <2.0.0 because: | ||
| # 1. semantic-kernel>=1.39.3 requires azure-ai-projects~=1.0.0b12 (<2.0.0) | ||
| # 2. tooling-extensions-azureaifoundry uses the 1.x Agents API (project_client.agents.update_agent) | ||
| # which was removed in azure-ai-projects 2.x | ||
| override-dependencies = [ | ||
| "azure-ai-projects >= 2.0.0b1", | ||
| "azure-ai-projects>=1.0.0b12,<2.0.0", | ||
| ] |
There was a problem hiding this comment.
The PR title/description says the pin is in libraries/microsoft-agents-a365-tooling-extensions-azureaifoundry/pyproject.toml, but the actual pin is being applied globally in the root pyproject.toml via [tool.uv].override-dependencies / constraint-dependencies. Please align the PR metadata with the implementation (or change the implementation to match the described approach). Note: adding version specifiers directly to package pyproject.toml deps would also conflict with the repo’s verify-constraints checks, so if the root-level pin is intentional, it should be called out explicitly in the PR description.
| # --- Azure Services --- | ||
| "azure-ai-agents >= 1.0.0b251001", | ||
| "azure-ai-projects >= 2.0.0b1", | ||
| "azure-ai-projects>=1.0.0b12,<2.0.0", | ||
| "azure-identity >= 1.12.0", |
There was a problem hiding this comment.
uv.lock currently still records azure-ai-projects >= 2.0.0b1 in the manifest constraints/overrides. Since this PR changes the root constraint-dependencies to <2.0.0, consider regenerating and committing uv.lock so local uv sync --locked users (and anyone inspecting the lock) don’t get a stale 2.x resolution.
| # which was removed in azure-ai-projects 2.x | ||
| override-dependencies = [ | ||
| "azure-ai-projects >= 2.0.0b1", | ||
| "azure-ai-projects>=1.0.0b12,<2.0.0", |
There was a problem hiding this comment.
The new requirement strings omit the spaces used by the other entries in this file (e.g., "azure-ai-agents >= ..." vs "azure-ai-projects>=..."). For consistency/readability, consider using the same spacing convention for azure-ai-projects in both override-dependencies and constraint-dependencies.
| "azure-ai-projects>=1.0.0b12,<2.0.0", | |
| "azure-ai-projects >= 1.0.0b12, <2.0.0", |
What broke and why
On April 1st, PR #216 introduced a centralized build system that automatically stamps version numbers onto packages at build time. It set
azure-ai-projects >= 2.0.0as the default version for all packages.This caused a conflict at install time:
tooling-extensions-azureaifoundry(via the build stamp) requiredazure-ai-projects >= 2.0.0semantic-kernel(used byobservability-extensions-semantickernel) requiresazure-ai-projects < 2.0.0pip cannot satisfy both at once, so the CI
Install wheelsstep fails.The fix
Explicitly pin
azure-ai-projects>=1.0.0b12,<2.0.0intooling-extensions-azureaifoundry/pyproject.toml.The build system already has a rule: if a dependency already has a version specified, leave it alone. So this explicit pin bypasses the default
>= 2.0.0stamp.The
<2.0.0upper bound is also necessary for correctness:azure-ai-projects2.x is a breaking rewrite that removed the Agents API (project_client.agents.update_agent) that this package relies on.Change