Diaoul
Potential dependency conflicts between subliminal and chardet
Hi, subliminal directly and transitively introduced multiple versions of urllib3.
As shown in the following full dependency graph of subliminal, subliminal requires chardet (the latest version), while the installed version of requests(2.22.0) requires chardet>=3.0.2,<3.1.0.
According to Pip's “first found wins” installation strategy, chardet 3.0.4 is the actually installed version.
Although the first found package version chardet 3.0.4 just satisfies the later dependency constraint (chardet>=3.0.2,<3.1.0), it will lead to a build failure once developers release a newer version of chardet.
Dependency tree--------
subliminal(version range:)
| +-guessit(version range:>=2.0.1)
| | +-rebulk(version range:)
| | | +-six(version range:)
| | +-babelfish(version range:)
| | +-python-dateutil(version range:)
| +-babelfish(version range:>=0.5.2)
| +-enzyme(version range:>=0.4.1)
| +-beautifulsoup4(version range:>=4.4.0)
| +-requests(version range:>=2.0)
| | +-chardet(version range:>=3.0.2,<3.1.0)
| | +-idna(version range:>=2.5,<2.9)
| | +-urllib3(version range:>=1.21.1,<1.26)
| | +-certifi(version range:>=2017.4.17)
| +-click(version range:>=4.0)
| +-dogpile.cache(version range:>=0.6.0)
| +-stevedore(version range:>=1.0.0)
| +-chardet(version range:>=2.3.0)
| +-pysrt(version range:>=1.0.1)
| | +-chardet(version range:)
| +-six(version range:>=1.9.0)
| +-appdirs(version range:>=1.3)
| +-rarfile(version range:>=2.7)
| +-pytz(version range:>=2012c)
Thanks for your attention. Best, Neolith
Solution
-
Fix your direct dependencies to be chardet>=3.0.2,<3.1.0 and requests==2.22.0, to remove this conflict. I have checked this revision will not affect your downstream projects now.
-
Remove your direct dependency urllib3, and use urllib3 transitively introduced by request.
@Diaoul Please let me know your choice. I can submit a PR to solve this issue. Build a good dependency ecosystem for python projects is our common goal ^_^.