search

Azure / msrest-for-python

The runtime library "msrest" for AutoRest generated Python clients.
MIT License
41 stars 64 forks source link

`requests` version tied to `2.16` #118

Closed dlapiduz closed 6 years ago

dlapiduz commented 6 years ago

msrest is currently using requests~=2.16. This makes it hard to include the msrest derived libraries (like the azure ones) into other python packages that also use requests with other versions.

Would you consider changing it so we have requests>=2.12 in here: https://github.com/Azure/msrest-for-python/blob/master/setup.py#L50?

I can send the PR but wanted to ask about this first. In particular the package that I am looking at is https://github.com/certbot/certbot.

lmazuel commented 6 years ago

Hi @dlapiduz Actually, 2.16 is not random, it's when requests started to unvendor all the dependencies. If we put it back to 2.12, this means we have to re-patch imports where we call urllib3 (try from vendor folder, if ImportError try plain). Note that 2.16 was released 1.5 years ago, it's not like I'm using the absolute latest :).

Why this requirement would be a problem for certbot? I didn't find the setup.py that is causing problems, could you explain in more details where the incompatibilities is? Thanks,

dlapiduz commented 6 years ago

Thanks for the quick answer @lmazuel, I assumed it was not random but I was trying to figure out the reasoning.

Certbot requirements are a bit hidden away: https://github.com/certbot/certbot/blob/master/letsencrypt-auto-source/pieces/dependency-requirements.txt. You can use a newer version but the default uses 2.12

Is there a reason for the tilde vs greater than on the version? Is msrest not compatible with the latest requests module?

lmazuel commented 6 years ago

~=2.16 is a shortcut for >=2.16,==2.0, meaning in English "Any 2.x series after 2.16" https://www.python.org/dev/peps/pep-0440/#compatible-release

Meaning, I expect breaking changes from requests 3.0 (since they annunced async at PyCon), so I don't want it. And I want to avoid this kind of weird code:

try
   from requests.vendor.urllib3.util import Retry
except ImportError: # Could be Debian/Ubuntu than manually un-vendor requests, or >= 2.16
   from urllib3.util import Retry

They did massive black magic and aliases in the vendor package after 2.16 to avoid breaking changes, but if I can avoid calling black magic I do :)

dlapiduz commented 6 years ago

@lmazuel perfect, sorry I missed that!