Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Inconsistent urllib3 version requirements between setup.py and init.py

See original GitHub issue

With https://github.com/requests/requests/commit/ac944b7439009ffbf7a10dfee35202f1ac090e76 the maximum allowed version of urllib3 in setup.py was increased to 1.23. However, in https://github.com/requests/requests/blob/master/requests/__init__.py#L57-L63 the version is still required to be <= 1.22.

This is a bug since the release of requests 1.23 yesterday: https://pypi.org/project/urllib3/#history

Expected Result

Installation of requests via pip should work with urllib3 version 1.23

Actual Result

e.g.

/usr/local/lib/python2.7/dist-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.23) or chardet (3.0.4) doesn't match a supported version!
  RequestsDependencyWarning)
ContextualVersionConflict: urllib3 1.23

Reproduction Steps

pip install urllib3==1.23
pip install requests

import requests

Issue Analytics

State:
Created 5 years ago
Reactions:8
Comments:24 (9 by maintainers)

Top GitHub Comments

13reactions

jessemyerscommented, Jun 7, 2018

I totally understand the motivation of this design decision to generate warnings on untested urllib3 versions… but this behavior is definitely breaking in some cases (and not just a warning).

Simple test case; create a distribution with an entry_point. For example:

#!/usr/bin/env python
from setuptools import find_packages, setup

setup(
    name="test",
    version="0.1.0",
    packages=find_packages(),
    install_requires=[
        "requests==2.18.4",
        "urllib3==1.23",
    ],
    entry_points={
        "example": [
            # it doesn't matter if test.foo exists
            "foo = test.foo",
        ],
    },
)

Create a test program that resolves this entry point (we don’t even have to load it):

#!/usr/bin/env python
from pkg_resources import iter_entry_points


for entry_point in iter_entry_points(group="example"):
    entry_point.require()

Then install the distribution:

python3 -m venv test
source test/bin/activate
pip install -U -e

This works fine. Even though we have version conflicts, pip lets us continue.

But then try to ask setuptools to resolve the entry point:

> python3 ./test.py
Traceback (most recent call last):
  File "./test.py", line 6, in <module>
    entry_point.require()
  File "/private/tmp/test/test/lib/python3.6/site-packages/pkg_resources/__init__.py", line 2346, in require
    items = working_set.resolve(reqs, env, installer, extras=self.extras)
  File "/private/tmp/test/test/lib/python3.6/site-packages/pkg_resources/__init__.py", line 783, in resolve
    raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (urllib3 1.23 (/private/tmp/test/test/lib/python3.6/site-packages), Requirement.parse('urllib3<1.23,>=1.21.1'), {'requests'})

TL/DR; putting an upper bound on urllib3 versions is breaking for any application that uses entry points in this way and “happens” to upgrade dependencies. That might be your intention, but this behavior definitely goes beyond “warnings” and definitely breaks some workflows (e.g. ours).

9reactions

kirillgroshkovcommented, Sep 3, 2018

Here’s how I solved it yesterday:

pip install --upgrade "urllib3==1.22" awscli awsebcli

Top Results From Across the Web

urllib3 (1.9.1) or chardet (2.3.0) doesn't match a supported ...

Two options: either downgrade requests to the version from your OS distribution (see what's available with apt show python-requests ), or ...

How to Publish an Open-Source Python Package to PyPI

In this step-by-step tutorial, you'll learn how to create a Python package for your project and how to publish it to PyPI, the...

Changelog - pip documentation v22.3.1

Deprecate installation with 'setup.py install' when no-binary is enabled for source ... Allow using a pre-release version to satisfy a build requirement.

pip's dependency resolver does not currently take into account ...

ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the...

Specifying dependencies in Python | Cloud Functions ...

Private dependencies from other repositories · Copy your dependency into a local directory: pip install -t. DIRECTORY DEPENDENCY · Add an empty __init__.py...