-
Notifications
You must be signed in to change notification settings - Fork 964
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature] Lift version limitation for the PyJWT #8876
Comments
Well, it is a major version, so probably requires a bit extra of testing to make sure nothing is broken, not just lifting the version requirements, but might require changes in code (and then the opposite might happen, users stuck with older PyJWT might have incompatibilities). For example, they are dropping support for Python2 (which we still maintain for Conan 1.X so far), of the transitive cryptography >= 3, might be an issue. Lets check it. |
Pin pyjwt to 1.7.1 (the last of the 1.x series) to fix building conan: ERROR: Could not find a version that satisfies the requirement PyJWT<2.0.0,>=1.4.0 (from conan) Ref. upstream issue conan-io/conan#8876.
Pin pyjwt to 1.7.1 (the last of the 1.x series) to fix building conan: ERROR: Could not find a version that satisfies the requirement PyJWT<2.0.0,>=1.4.0 (from conan) Ref. upstream issue conan-io/conan#8876.
Please read my comments in #8952 (review):
So lets move it to Conan 2.0, where we will decouple the |
Closed in #8952, will be in the next 2.0-alpha.6 |
FYI, there's a CVE for PyJWT which now affects the latest released conan. |
Hi @bjornfor Latest Conan already upgraded to Thanks for reporting! |
@memsharded: Thanks for the info! (Sorry, I just assumed it wasn't part of a release yet based on parent message.) |
Yeah, probably this issue should have been updated too, but sometimes it is difficult, the activity in the repo is very high. Thanks for telling, it is always better to be sure! |
Currently Conan has version limitation for PyJWT like this:
PyJWT>=1.4.0, <2.0.0
Popular frameworks, like PyGithub, are gradually lifting minimal PyJWT version to the 2.0+, and it becomes problematic to use conan together with the rest of the scripting. Situation is temporary resolvable using virtuenv, but python version switching is yet another dimension for human mistakes, especially for non-experts in python.
It would be way easier if conan can be installed together with mainstream packages in a typical environment. Can PyJWT version limit be lifted to the 2.0+?
The text was updated successfully, but these errors were encountered: