You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, google-resumable-media depends on requests>=2.18. On import, the package checks that this dependency is valid and met. This then checks that all dependencies down the chain are also valid and met.
The issue here is that then a pkg_resources.ContextualVersionConflict is raised when a dependency of requests isn't met when calling the version-check pkg_resources.require('requests >= 2.18.0').
For example, if requests has the requirement urllib3>=1.21,<1.25, but a package further up the chain (eg sentry-sdk) had the requirement urllib3, then the latest version of urllib3 (which is v1.25) will be installed. pip then warns the user that requests requirement won't be met, but in my experience these warnings have not caused issues in the past.
This package never actually imports anything from requests: instead, the requests-specific bits require that the client pass through a transport which is compatible with requests.Session (with authentication). ISTM that we could therefore drop the runtime pkg_resources.require check, since passing in an appropriate transport is the caller's responsibility. @crwilcox, can you please comment?
Even if we drop the runtime check, I recommend leaving the extra in place, to avoid breaking clients who pick up requests via a transitive dependency on google-resumable-media[requests].
Currently,
google-resumable-media
depends onrequests>=2.18
. On import, the package checks that this dependency is valid and met. This then checks that all dependencies down the chain are also valid and met.The issue here is that then a
pkg_resources.ContextualVersionConflict
is raised when a dependency ofrequests
isn't met when calling the version-checkpkg_resources.require('requests >= 2.18.0')
.For example, if
requests
has the requirementurllib3>=1.21,<1.25
, but a package further up the chain (egsentry-sdk
) had the requirementurllib3
, then the latest version ofurllib3
(which is v1.25) will be installed.pip
then warns the user thatrequests
requirement won't be met, but in my experience these warnings have not caused issues in the past.Four solutions I can think of:
requests
allowurllib3=1.25
(see this issue)urllib3<1.25
in the applicationrequests
dependency validity at run-timerequests
when checking for dependency validity at run-timeThe text was updated successfully, but these errors were encountered: