pylxd icon indicating copy to clipboard operation
pylxd copied to clipboard
verified publisher icon canonical

urllib3<2 is impacting library compatibility

Open jocado opened this issue 1 year ago • 1 comments

Hi,

Pinning urllib3<2 is causing some compatibility issues with including pylxd as a dependency in some projects. As it also forces requests< 2.32.0 that has some un-patched CVE.

Is there any chance it can be can be updated to urllib3>=2 ?

Thanks!

Cheers, Just

jocado avatar Jul 30 '24 16:07 jocado

Pinning the requests< 2.32.0 is unfortunately necessary for the moment because of https://github.com/canonical/pylxd/issues/579.

It is in our current plans for the next version to remove dependency on requests_unixsocket for this exact reason. This will enable us to update urllib3 as you suggested.

We should have more news on this topic soon, cheers.

hamistao avatar Aug 05 '24 04:08 hamistao

Fixed by #604

simondeziel avatar Oct 01 '24 12:10 simondeziel