aiomonitor icon indicating copy to clipboard operation
aiomonitor copied to clipboard

Published 20 hours ago verified publisher icon aio-libs

Relax aiohttp dependency

Open baswelsh opened this issue 1 year ago • 0 comments

Describe the bug

Is it straightforward to relax the constraint on the aiohttp dependency? We are getting the following error from pip check:

aiomonitor 0.6.0 has requirement aiohttp~=3.8.5, but you have aiohttp 3.9.1.

Please note that typically aiohttp~=3.8.5 would be fine but as of recently, aiohttp<=3.9 has a critical security vulnerability and containers that use it don't pass the relevant scans.

To Reproduce

Attempt to install a newer versions of aiohttp alongside aiomonitor: pip install aiohttp==3.9.1 aiomonitor==0.6.0.

Result: ERROR: Cannot install aiohttp==3.9.1 and aiomonitor==0.6.0 because these package versions have conflicting dependencies.

Expected behavior

The expected behavior is that the dependency constraint be aiohttp>=3.8.5

Logs/tracebacks

`ERROR: Cannot install aiohttp==3.9.1 and aiomonitor==0.6.0 because these package versions have conflicting dependencies.`

Python Version

3.10 and 3.11

aiomonitor Version

0.6.0

OS

MacOS

Additional context

Thank you for the help!

Code of Conduct

  • [X] I agree to follow the aio-libs Code of Conduct

baswelsh avatar Dec 21 '23 03:12 baswelsh