kalliope icon indicating copy to clipboard operation
kalliope copied to clipboard

Published 20 hours ago verified publisher icon kalliope-project

Revise urllib3’s version constraint to remove the potential dependency conflicts

Open NeolithEra opened this issue 5 years ago • 2 comments

Hi, as shown in the following full dependency graph of kalliope, kallioperequires urllib3 (the latest version), while the installed version of requests(2.22.0) requires urllib3>=1.21.1,<1.26.

According to pip's “first found wins” installation strategy, urllib3 1.25.3 is the actually installed version.

Although the first found package version urllib3 1.25.3 just satisfies the later dependency constraint (urllib3>=1.21.1, <1.26), it will lead to a build failure once developers release a newer version of urllib3.

Dependency tree--------

kalliope(version range:)
| +-pyyaml(version range:>=5.1)
| +-six(version range:>=1.12.0)
| +-SpeechRecognition(version range:>=3.8.1)
| +-markupsafe(version range:>=1.1.1)
| +-pyaudio(version range:>=0.2.11)
| +-pyasn1(version range:>=0.4.5)
| +-ansible(version range:>=2.8.1)
| +-jinja2(version range:>=2.10.1)
| +-cffi(version range:>=1.12.3)
| +-ipaddress(version range:>=1.0.17)
| +-flask(version range:>=1.0.3)
| | +-Werkzeug(version range:>=0.15)
| | +-Jinja2(version range:>=2.10.1)
| | +-itsdangerous(version range:>=0.24)
| | +-click(version range:>=5.1)
| +-Flask-Restful(version range:>=0.3.7)
| +-flask_cors(version range:>=3.0.8)
| +-requests(version range:>=2.22.0)
| | +-chardet(version range:>=3.0.2,<3.1.0)
| | +-idna(version range:>=2.5,<2.9)
| | +-urllib3(version range:>=1.21.1,<1.26)
| | +-certifi(version range:>=2017.4.17)
| +-httpretty(version range:>=0.8.14)
| | +-six(version range:)
| +-mock(version range:>=3.0.5)
| +-Flask-Testing(version range:>=0.7.1)
| | +-Flask(version range:)
| | | +-Werkzeug(version range:>=0.15)
| | | +-Jinja2(version range:>=2.10.1)
| | | +-itsdangerous(version range:>=0.24)
| | | +-click(version range:>=5.1)
| +-apscheduler(version range:>=3.6.0)
| +-GitPython(version range:>=2.1.11)
| +-packaging(version range:>=19.0)
| +-transitions(version range:>=0.6.9)
| | +-six(version range:)
| +-sounddevice(version range:>=0.3.13)
| +-SoundFile(version range:>=0.10.2)
| +-pyalsaaudio(version range:>=0.8.4)
| +-sox(version range:>=1.3.7)
| +-paho-mqtt(version range:>=1.4.0)
| +-voicerss_tts(version range:>=1.0.6)
| +-gTTS(version range:>=2.0.3)
| +-urllib3(version range:>=1.25.3)

Thanks for your attention. Best, Neolith

NeolithEra avatar Aug 03 '19 06:08 NeolithEra

Solution

  1. Fix your direct dependencies to be urllib3>=1.21.1,<1.26 and requests==2.22.0, to remove this conflict. I have checked this revision will not affect your downstream projects now.

  2. Remove your direct dependency urllib3, and use urllib3 transitively introduced by requests.

@Sispheor Please let me know your choice. I can submit a PR to solve this issue. Build a good dependency ecosystem for python projects is our common goal ^_^.

NeolithEra avatar Aug 03 '19 06:08 NeolithEra

Hi, thanks for pointing this out. The second solution looks good. @monf what do you think?

Sispheor avatar Aug 03 '19 07:08 Sispheor