Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Urllib3, requirements.txt, README, pip install #82

Closed
yoonjoh opened this issue Jun 4, 2019 · 3 comments
Closed

Urllib3, requirements.txt, README, pip install #82

yoonjoh opened this issue Jun 4, 2019 · 3 comments

Comments

@yoonjoh
Copy link

yoonjoh commented Jun 4, 2019

Following just the README as it relates to the installation of the project, I downloaded through pip install instead of the conventional git clone because of the explicit specification of the pip install capabilities, in that it was stated that this project was originally created “as an exercise for creating […] first PyPi package.” However, not long after I got the error of:“ERROR: requests 2.20.0 has requirement urllib3<1.25,>=1.21.1, but you'll have urllib3 1.25.2 which is incompatible.”

After some research into the matter, with similar issues arising in both the project in question, as well as other projects on Github, I saw that some people suggested either downloading the urlib that would work (this was assuming you had too old of a version, instead of too new of a version, which was my issue), or also modifying the requirements.txt such that the urlib specifications could be corrected.

Ironically, when I examined the requirements.txt file, I saw that the project had actually made that exact update recently. Therefore, I realized that I should just download the project in the more conventional manner of git clone, and not pip install, since it appeared that that had not been updated as well to match the git clone download. This corrected the issue. Might I suggest, citing the discrepancy in the README, or perhaps updating the pip install capabilities as well to match the requirements.txt as it related to the urllib specifications?
@jaebradley
Copy link
Owner

jaebradley commented Jun 4, 2019
edited
Loading

@yoonjoh thanks for opening this issue - it seems to me to be a duplicate of #81 ?

I think probably the right thing to do is downgrade urllib and publish a patch version update with the downgraded PyPi package.

I will try and get that done in the next 24 to 48 hours unless I run into any unexpected issues.

@jaebradley jaebradley mentioned this issue Jun 5, 2019
Merged
jaebradley added a commit that referenced this issue Jun 5, 2019
@jaebradley
Downgrade urllib3 to 1.24.3 to fulfill requests@2.20.0 requirements (#83
7545416 
)

Related to #81 and #82.

I had bumped `urllib3` to the latest version at the time (`1.25.2`) in #80 to resolve a security vulnerability in `urllib3 < 1.24.2`.

However, this meant that the required `requests` version, `2.20.0` had the wrong `urllib3` version.

`urllib3@1.24.3` both avoids the security vulnerability and fulfills `requests`' `urllib3` version requirements.
@jaebradley
Copy link
Owner

@yoonjoh v4.2.3 should no longer have the message about urllib3 1.25.2 incompatibility.

Feel free to close if this issue has been resolved.

@jaebradley
Copy link
Owner

This seems to be resolved so I will be closing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jaebradley @yoonjoh