Could you elaborate on what runtime errors you encountered? I'd like to understand how this is breaking downstream consumers before fixing. The only place we reference the dev branch of jmespath is in the requirements.txt file, which we only use for running our tests. pip install botocore will always pull in the locked version of jmespath from the setup.py.
pkg_resources.DistributionNotFound: The 'jmespath==0.7.1' distribution was not found and is required by botocore
Version 0.8.0 of jmespath was being installed into our site-packages instead of 0.7.1. I'm not sure exactly how pip manages transitive dependencies - I'll poke into that more and try to find the root problem.
I should have also mentioned that we pin our version of botocore to 1.1.6.
Ok. I think the problem is that because botocore has a dependency that's too strict, if something else pulls in a newer jmespath then you'll run into this problem. Pip doesn't seem to handle this well, for example, in a fresh virtualenv, if I install botocore, then boto3 I get:
What I would propose if relaxing the version constraint here. botocore doesn't actually need thing that's only in v0.7.1 so if change this to be the same as boto3, that is: jmespath>=0.6.2,<1.0.0 this should fix the issue.