Version 5.5.0/5.5.1 have too strict urllib2 requirements

[edmorley]

Hi!

Upgrading from 5.4.0 to either 5.5.0 or 5.5.1 causes our Travis run to start failing with:

$ pip check
elasticsearch 5.5.1 has requirement urllib3<1.22,>=1.21.1, but you have urllib3 1.22.

It looks like perhaps there was a rebasing issue, since #636 loosened the requirements but this isn't present in 5.5.0/5.5.1, even though it's on master?

Compare 5.5.0/5.5.1:
https://github.com/elastic/elasticsearch-py/blob/5.5.0/setup.py#L15
https://github.com/elastic/elasticsearch-py/blob/5.5.1/setup.py#L15

...with master:

elasticsearch-py/setup.py

Line 15 in 4e6a05f

'urllib3<1.23,>=1.21.1',

Many thanks :-)

[alex-oleshkevich]

+1, this also breaks Pipfile.lock (not possible to lock dependencies)

Adding elasticsearch-dsl>=5.0.0,<6.0.0 to Pipfile's [packages]…
Locking [dev-packages] dependencies…
Locking [packages] dependencies…
Warning: Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies.
  You can use $ pipenv install --skip-lock to bypass this mechanism, then run $ pipenv graph to inspect the situation.
Could not find a version that matches urllib3<1.22,<1.23,==1.22,>=1.21.1
Tried: 0.3, 1.0, 1.0.1, 1.0.2, 1.1, 1.2, 1.2.1, 1.2.2, 1.3, 1.4, 1.5, 1.6, 1.7, 1.7.1, 1.8, 1.8.2, 1.8.3, 1.9, 1.9.1, 1.10, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.11, 1.11, 1.12, 1.12, 1.13, 1.13,1.13.1, 1.13.1, 1.14, 1.14, 1.15, 1.15, 1.15.1, 1.15.1, 1.16, 1.16, 1.17, 1.17, 1.18, 1.18, 1.18.1, 1.18.1, 1.19, 1.19, 1.19.1, 1.19.1, 1.20, 1.20, 1.21, 1.21, 1.21.1, 1.21.1, 1.22, 1.22

[edmorley]

The 6.0.0 release is affected by this too
Bah read the wrong Travis log, 6.0.0 is fine.

[patrys]

FYI: https://requires.io/ currently marks urllib3==1.21.1 as "insecure".

EDIT: resolved this with Requires, it seems that was a false positive.

[edmorley]

It looks like there was a backport of the #636 fix to the 5.5.x and 5.x branches:
ea5d5fd
b8b1c14

...I don't suppose it would be possible to spin a 5.5.2 release containing it? :-)

[reupen]

5.5.2 has been released as elasticsearch5: https://pypi.python.org/pypi/elasticsearch5

Unfortunately, it's not clear to me how to use elasticsearch5 with elasticsearch-dsl 5.x, as the latter still depends on elasticsearch (not elasticsearch5).

[honzakral]

The dependency is still there but you can always just pass in your own client instance by instantiating elasticsearch5.Elasticsearch and passing it in to the connections object of elasticsearch_dsl:

from elasticsearch_dsl.connections import connections
from elasticsearch5 import Elasticsearch
connections.add_connection(Elasticsearch())

Note, however, that you don't have to use elasticsearch5 unless you have a requirement to use multiple versions next to each other in the same code base.

[reupen]

The problem with using elasticsearch5 is that it results in version conflicts when using elasticsearch-dsl 5.4.0 (when using pip check, pip-compile etc.)

For example:

10:08 $ pip install -U "elasticsearch-dsl<6" elasticsearch5
...
10:08 $ pip check
elasticsearch 5.5.1 has requirement urllib3<1.22,>=1.21.1, but you have urllib3 1.22.

Or when using pip-comile, you'll get:

Could not find a version that matches urllib3<1.22,<1.23,==1.22,>=1.21.1

So, it would probably be useful having elasticsearch 5.5.2 available under elasticsearch as well.

[RemiCardona]

The change of python module name and pypi package name is completely jaw-dropping for a patch release. A simple dependency bugs is turning into a maintenance nightmare for the entire ES/python ecosystem (and for my own work projects).

I'm stunned…

[honzakral]

the rename is only for convenience for people that have need of running multiple versions in the same code base, same version will be released as elasticsearch, it was an oversight that it hasn't been already for which I apologize.

[fxdgear]

@RemiCardona I'm sorry about the confusion here and it's my fault.

I'm trying to help @honzakral and relieve him of some responsibilities here wrt this code base. We talked about the release process and I didn't grok that there was 3 release artifacts. i thought there was just elasticsearch5 and elasticsearch (which is now 6). So I didn't release elalsticsearch==5.5.2 the other day. That is my fault i am sorry.

I did just release the 5.5.2 version of elasticsearch this morning. So please let me know if this alleviates the urllib3 version issue.

Thanks

edit typo

[edmorley]

Many thanks for the elasticsearch==5.5.2 release - working great now :-)

[fxdgear]

Fantastic. Thank you for closing. :)