ansible lint 25.9.x breaks with checkov 3.2.47x over importlib-metadata #7328
Description
Describe the feature
We are updating checkov along with some other tools regularly with ansible.builtin.pip:
- name: Installing pip-packages for linting with fixed Versions
block:
- name: Installing pip-packages for linting with fixed Versions for user
ansible.builtin.pip:
name:
- "autoflake=={{ pypi_version_autoflake }}"
- "black=={{ pypi_version_black }}"
- "pre-commit=={{ pypi_version_pre_commit }}"
- "yamllint=={{ pypi_version_yamllint }}"
- "checkov=={{ pypi_version_checkov }}"
- "pylint=={{ pypi_version_pylint }}"
- "ansible-lint=={{ pypi_version_ansible_lint }}"
- "yamale=={{ pypi_version_yamale }}"
virtualenv_command: "python3 -m venv"
virtualenv: "{{ basics_virtualenvs_path }}/{{ venv_name }}"And after ansible-lint 25.9.0 was introduce we run into a conflict in importlib-metadata with checkov.
INFO: pip is looking at multiple versions of ansible-lint to determine which version is compatible with other requirements. This could take a while.\n\nThe conflict is caused by:\n checkov 3.2.473 depends on importlib-metadata<8.0.0 and >=6.0.0\n ansible-lint 25.9.1 depends on importlib-metadata>=8.7.0\n\nTo fix this you could try to:\n1. loosen the range of package versions you've specified\n2. remove package versions to allow pip to attempt to solve the dependency conflict\n\n\n:stderr: ERROR: Cannot install ansible-lint==25.9.1 and checkov==3.2.473 because these package versions have conflicting dependencies.From what I can see adoption to uv.lock in 25.9.0 in ansible-lint, particularly moving from importlib-metadata==8.7.0 to importlib-metadata>=8.70 seems to have made this conflict impossible to solve for pip.
ansible-lint suggests to update importlib-metadata in checkov which currently is set to importlib-metadata<8.0.0 and >=6.0.0 can this be updated? We'd like to use both these tools.
Examples
~ pip install ansible-lint==25.9.1 checkov==3.2.473