You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Python doesn't handle this dependency situation on its own which leads to urllib3 2.0.0 being installed, which is out of bounds for requests
Steps to Reproduce
If the issue is predictable and consistently reproducible, please list the steps here.
install_requires=[
'twine',
'requests',
],
error: urllib3 2.0.0a3 is installed but urllib3<1.27,>=1.21.1 is required by {'requests'}
install_requires=[
'requests',
'twine',
],
error: urllib3 2.0.0a3 is installed but urllib3<1.27,>=1.21.1 is required by {'requests'}
Post Script
Now of course I realize twine might support 2.0 and beyond, but given it depends on requests itself this may cause issues anyways for some.
We were able to resolve this locally by defining our own urllib3 dependency with upper bounds but this is dependency smell in the long run. I don't necessarily know if it is twine's responsibility to set an upper bound and there is no accusation implied in this, but I would love to see some input on if others have seen this behavior.
The text was updated successfully, but these errors were encountered:
I'm not sure that twice needs an explicit dependency on urllib3. Requests isn't about to drop it was a dependency and the usage of urllib3 is purely to pass in advanced settings to Requests. I would suggest we do it from our requirements alright
I will note this issue doesn't appear using project management such as Hatch which performs proper dependency resolution, but it does cause issues on simple setup.py setups etc.
Your Environment
Thank you for taking the time to report an issue.
To more efficiently resolve this issue, we'd like to know some basic information about your system and setup.
Ubuntu 20.04.5 LTS
Python 3.8.10
venv + setup.py
I realize setup.py is largely deprecated, however it's still widely in use.
The Issue
urllib3 started introducing a 2.0.0a pre-release branch to pypi as of November 2022.
requests, and many other projects specify an upper bound such as https://github.com/psf/requests/blob/main/setup.py#L64
urllib3>=1.21.1,<1.27
and twine does not set an upper bound
urllib3>=1.26.0
Python doesn't handle this dependency situation on its own which leads to urllib3 2.0.0 being installed, which is out of bounds for requests
Steps to Reproduce
If the issue is predictable and consistently reproducible, please list the steps here.
error: urllib3 2.0.0a3 is installed but urllib3<1.27,>=1.21.1 is required by {'requests'}
error: urllib3 2.0.0a3 is installed but urllib3<1.27,>=1.21.1 is required by {'requests'}
Post Script
Now of course I realize twine might support 2.0 and beyond, but given it depends on requests itself this may cause issues anyways for some.
We were able to resolve this locally by defining our own urllib3 dependency with upper bounds but this is dependency smell in the long run. I don't necessarily know if it is twine's responsibility to set an upper bound and there is no accusation implied in this, but I would love to see some input on if others have seen this behavior.
The text was updated successfully, but these errors were encountered: