Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Unable to install a library (pact-python) which depends on fastapi because of starlette version conflict

See original GitHub issue

First Check

I added a very descriptive title to this issue.
I used the GitHub search to find a similar issue and didn’t find it.
I searched the FastAPI documentation, with the integrated search.
I already searched in Google “How to X in FastAPI” and didn’t find any information.
I already read and followed all the tutorial in the docs and didn’t find an answer.
I already checked if it is not related to FastAPI but to Pydantic.
I already checked if it is not related to FastAPI but to Swagger UI.
I already checked if it is not related to FastAPI but to ReDoc.

Commit to Help

I commit to help with one of those options 👆

Example Code

# requirements.txt

starlette==0.16.0

# This next one depends on fastapi
pact-python==1.4.0

Description

pip install -r requirements.txt

Operating System

macOS

Operating System Details

No response

FastAPI Version

0.67.0

Python Version

3.9

Additional Context

One fix I can think of is to make fastapi depend not on a fixed version of starlette starlette ==0.14.2" but on a range maybestarlette ~=0.14.2",. I wanted to open an issue first to discuss this as it has testing/release implications but I’m happy to investigate a PR if you think this is a good idea.

Was previously an issue with https://github.com/tiangolo/fastapi/issues/1407

Issue Analytics

State:
Created 2 years ago
Comments:9 (9 by maintainers)

Top GitHub Comments

2reactions

adriangbcommented, Aug 11, 2021

It might be beneficial for FastAPI to mark itself as “unstable” then and just accept (and integrate) any breaking changes coming from its dependencies. IMO everyone should have pinned dependencies in their deployables, so it shouldn’t be a problem for services/apps using FastAPI. It does generate more work for downstream libraries though.

A strong argument for this is: what happens if a critical vulnerability is found in Starlette right now? FastAPI is pinned to 0.14, but Starlette might release the fix in 0.16.2. Either FastAPI has to rush to bump the Starlette version, do a bunch of internal juggling to manage the breaking changes and release its own breaking change, or Starlette has to backport. This creates a situation where users have to introduce breaking changes just to get a security fix.

0reactions

meadstevecommented, May 10, 2022

@tiangolo my situation was a little complicated. In this case the project I was working on used Starlette itself. But it also used pact which depended on fastapi with a conflicting Starlette. So we had to pin Starlette.

So I’m not really sure what the best thing to do here is. It’s mostly just python packaging can be complicated 😆

Top Results From Across the Web

Release Notes - FastAPI

Highlights of this release: Upgraded Starlette. Now the TestClient is based on HTTPX instead of Requests.; There are some possible breaking changes in ......

ERROR: Cannot install en-core-web-trf because these ...

I uninstalled the python completely. Install Anaconda (latest version), while installing the Anaconda, the pip and python are also installed by ...

Starlette

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the...

fastapi Changelog - pyup.io

Bump Starlette to version `0.22.0` to fix bad encoding for query ... Fix grammar and add helpful links to dependencies in `docs/en/docs/async.md`.

Build a FastAPI Server - GINO 1.0.2.dev0 documentation

We'll be able to start a Uvicorn development server after that: $ poetry install Installing dependencies from lock file No dependencies to install...