elyra icon indicating copy to clipboard operation
elyra copied to clipboard
verified publisher icon elyra-ai

urllib3 2.x compatibility blocked by appengine-python-standard dependency constraint

Open coderabbitai[bot] opened this issue 7 months ago • 2 comments

Problem Description

We are unable to update urllib3 to version 2.5.0 (required for CVE fixes) due to a dependency conflict in the odh-elyra package chain.

Dependency Conflict Chain

The conflict occurs through this dependency chain: odh-elyra==4.2.3appengine-python-standard==1.1.10urllib3>=1.26.2,<2

Error Details

When attempting to resolve dependencies with uv lock, we get:

❯ uv lock
Using CPython 3.12.0
  × No solution found when resolving dependencies for split (markers: python_full_version == '3.12.*' and implementation_name == 'cpython' and sys_platform == 'linux'):
  ╰─▶ Because appengine-python-standard==1.1.10 depends on urllib3>=1.26.2,<2 and odh-elyra==4.2.3 depends on appengine-python-standard==1.1.10, we can conclude that odh-elyra==4.2.3 depends on urllib3>=1.26.2,<2.

Context

  • We are working on updating urllib3 across all notebook images to version 2.5.0 to address security vulnerabilities
  • The appengine-python-standard package constraint urllib3<2 is blocking this security update
  • Related upstream issue: https://github.com/GoogleCloudPlatform/appengine-python-standard/issues/121

Request

Could you please:

  1. Update the appengine-python-standard dependency to a version that supports urllib3 2.x, or
  2. Remove the appengine-python-standard dependency if it's not essential, or
  3. Provide guidance on how to resolve this conflict while maintaining security updates

Additional Information

  • PR Context: https://github.com/opendatahub-io/notebooks/pull/1875
  • Comment Context: https://github.com/opendatahub-io/notebooks/pull/1875#discussion_r2310019051
  • Affected Package: odh-elyra==4.2.3
  • Target urllib3 Version: 2.5.0
  • Python Version: 3.12

This issue is blocking security updates across multiple notebook runtime environments. Any assistance would be greatly appreciated.

Thank you!

coderabbitai[bot] avatar Aug 29 '25 12:08 coderabbitai[bot]

appengine-python-standard was introduced in

  • https://github.com/elyra-ai/elyra/pull/3148

jiridanek avatar Aug 29 '25 12:08 jiridanek

See also

  • https://github.com/elyra-ai/elyra/pull/3323

jiridanek avatar Aug 29 '25 13:08 jiridanek