Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revise urllib3’s version constraint to remove the potential dependency conflicts #569

Open
NeolithEra opened this issue Aug 3, 2019 · 2 comments
Open

Revise urllib3’s version constraint to remove the potential dependency conflicts #569

NeolithEra opened this issue Aug 3, 2019 · 2 comments

Comments

@NeolithEra
Copy link

Hi, as shown in the following full dependency graph of kalliope, kallioperequires urllib3 (the latest version), while the installed version of requests(2.22.0) requires urllib3>=1.21.1,<1.26.

According to pip's “first found wins” installation strategy, urllib3 1.25.3 is the actually installed version.

Although the first found package version urllib3 1.25.3 just satisfies the later dependency constraint (urllib3>=1.21.1, <1.26), it will lead to a build failure once developers release a newer version of urllib3.

Dependency tree--------

kalliope(version range:)
| +-pyyaml(version range:>=5.1)
| +-six(version range:>=1.12.0)
| +-SpeechRecognition(version range:>=3.8.1)
| +-markupsafe(version range:>=1.1.1)
| +-pyaudio(version range:>=0.2.11)
| +-pyasn1(version range:>=0.4.5)
| +-ansible(version range:>=2.8.1)
| +-jinja2(version range:>=2.10.1)
| +-cffi(version range:>=1.12.3)
| +-ipaddress(version range:>=1.0.17)
| +-flask(version range:>=1.0.3)
| | +-Werkzeug(version range:>=0.15)
| | +-Jinja2(version range:>=2.10.1)
| | +-itsdangerous(version range:>=0.24)
| | +-click(version range:>=5.1)
| +-Flask-Restful(version range:>=0.3.7)
| +-flask_cors(version range:>=3.0.8)
| +-requests(version range:>=2.22.0)
| | +-chardet(version range:>=3.0.2,<3.1.0)
| | +-idna(version range:>=2.5,<2.9)
| | +-urllib3(version range:>=1.21.1,<1.26)
| | +-certifi(version range:>=2017.4.17)
| +-httpretty(version range:>=0.8.14)
| | +-six(version range:)
| +-mock(version range:>=3.0.5)
| +-Flask-Testing(version range:>=0.7.1)
| | +-Flask(version range:)
| | | +-Werkzeug(version range:>=0.15)
| | | +-Jinja2(version range:>=2.10.1)
| | | +-itsdangerous(version range:>=0.24)
| | | +-click(version range:>=5.1)
| +-apscheduler(version range:>=3.6.0)
| +-GitPython(version range:>=2.1.11)
| +-packaging(version range:>=19.0)
| +-transitions(version range:>=0.6.9)
| | +-six(version range:)
| +-sounddevice(version range:>=0.3.13)
| +-SoundFile(version range:>=0.10.2)
| +-pyalsaaudio(version range:>=0.8.4)
| +-sox(version range:>=1.3.7)
| +-paho-mqtt(version range:>=1.4.0)
| +-voicerss_tts(version range:>=1.0.6)
| +-gTTS(version range:>=2.0.3)
| +-urllib3(version range:>=1.25.3)

Thanks for your attention.
Best,
Neolith
@NeolithEra
Copy link
Author

NeolithEra commented Aug 3, 2019
edited

Solution

  1. Fix your direct dependencies to be urllib3>=1.21.1,<1.26 and requests==2.22.0, to remove this conflict.
    I have checked this revision will not affect your downstream projects now.

  2. Remove your direct dependency urllib3, and use urllib3 transitively introduced by requests.

@Sispheor Please let me know your choice. I can submit a PR to solve this issue.
Build a good dependency ecosystem for python projects is our common goal ^_^.

@Sispheor
Copy link
Member

Sispheor commented Aug 3, 2019

Hi, thanks for pointing this out.
The second solution looks good. @monf what do you think?

@NeolithEra NeolithEra mentioned this issue Aug 4, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Sispheor @NeolithEra