Webargs 7.0 breaks usage of unknown = EXCLUDE
See original GitHub issuePer the webargs changelog
Parser.use_args
, now requires you to set unknown=None
be passed or Parser.DEFAULT_UNKNOWN_BY_LOCATION
set if you your schema model parameter is to be respected it seems.
The result of this is that all our Schemas are defaulting to unknown=raise
which broke things. Workaround for this is to set a requirement of webargs<7.0.0
Issue Analytics
- State:
- Created 3 years ago
- Comments:13 (8 by maintainers)
Top Results From Across the Web
Upgrading to Newer Releases - webargs 8.2.0 documentation
In this case, under webargs 7.0 the schema unknown setting of EXCLUDE would be ignored. Instead, unknown=RAISE would be used.
Read more >webargs(1) - Arch manual pages
Webargs uses marshmallow under the hood. ... unknown = EXCLUDE app = Flask(__name__) # because unknown=None was passed, ... 7.0.1 (2020-12-14). Bug fixes:....
Read more >webargs Changelog - PyUp.io
Parser.use_args`` and ``use_kwargs`` can now be used to decorate ... webargs 7.x ... By default, webargs will pass ``unknown=EXCLUDE`` for all locations ...
Read more >ROS Index
Home · Repos · webargs; webargs. humble foxy rolling noetic melodic. Older. ardent; bouncy; crystal; eloquent; dashing; galactic; lunar; jade; indigo; hydro ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I just released 0.25.1 and 0.26.0 to address this.
Thanks @shughes-uk and @bryevdv for expressing your concerns.
Thanks @sirosen for sharing your wisdom.
I think it would be good for
flask-smorest
to put upper bounds on the versions of its dependencies. It’s more important if 1.0 is released and the classifier is switched from “Beta” to “Production” – then a stronger guarantee of compatibility will be offered.There’s not much harm in releasing new major versions of
flask-smorest
every time a major version of one of its dependencies ships. It’s slightly more work for us (yes, “us”: I’m willing to help out 😉 ), but IMO it’s worth it.But even without going to 1.0, I think it’s a better experience for users if
pip install 'flask-smorest==x.y.z'
always grabs the same major versions of the dependencies.FWIW, I don’t want to do another major version of
webargs
for a long while. I considered 7.0 necessary because of the usages like dict-schemas onlocation="headers"
. I’ll advocate for working up 8.0.0 if we find that 7.x is really problematic for some users and we can’t come up with a backwards-compatible way of handling it, but it may be worth noting that I’d like to slow down the pace of major releases a bit.I agree with this. The docs and readme don’t give users reason to expect that second-order dependencies could change in breaking ways, and change the behavior of this library.
If we’re looking at
flask
for an example, I think it’s also worth noting that their 0.12.x line has to pinwerkzeug
: https://github.com/pallets/flask/blob/79c71f24e4cb064852e2cbbfef78a0a051eb7ced/setup.py#L74By leaving their versions open, I think the pallets team is making it possible to release a
werkzeug 2.0
which is compatible withflask 1.x
but makes other breaking changes. I’m not sure that I want to follow their lead on this though. They’re committed much more strongly to not making backwards-incompatible changes: evenmarshmallow
moves much faster thanflask
.If we want to avoid restricting dependency versions (per above I think upper bounds would be good, but I’m also not a maintainer of this lib), I think the docs need to call that out. If the docs say “you need to pin your webargs version”, then the situation becomes very different.
This is not a fair assessment. The lockfile systems guarantee that “what worked today works tomorrow”.
flask-smorest
is compatible withwebargs>=7,<8
, so the tools should allow it. The point in time at which you introduce these things into a workflow matters –poetry
and its ilk only protect you from second- and third-order dependencies changing if you introduce them at time when your application works with the specified package versions.I don’t believe that there is a bug. The change in behavior in webargs – which does not respect
Meta.unknown
unless explicitly instructed to do so – is intentional and, from what @lafrech has said,flask-smorest
works fine with this version ofwebargs
.Aside: although unstated, I’m well aware that the change in
webargs
requires annoying fiddling for the OP and similar usages. My own use of the library is the same. But theunknown
behaviors were the best we could work out to handle other use-cases gracefully.Today, right now, this minute? No. I would recommend you add
webargs<7
,apispec<5
, andmarshmallow<4
to any requirements where you only haveflask-smorest
today. If we change how things are done inflask-smorest
, possibly something different will become possible.Agreed, with the state we’re in right now, it seems pretty weird. But it’s also pretty easy.
I think I’d do this if it were up to me in versions 0.26.0 and 0.27.0 . That solves things for the OP (just use
==0.26.0
) and gets things running smoothly again.