Question: pip dependencies

[7homasSutter]

Hi there, I would like to use exodus in my project but it seems that some of your dependencies are no longer up-to-date. Since pip 20.3 nowadays enforces dependency conflicts to be resolved before I can install something I would like to ask if you could change the strict (==) version specifiers to a minimum (>=) or compatible (~=) version specifier in your requirements.txt.

exodus-core 1.3.1 requires cryptography==2.6.1, but you have cryptography 3.2.1 which is incompatible.
exodus-core 1.3.1 requires Pillow==6.2.2, but you have pillow 8.0.1 which is incompatible.
exodus-core 1.3.1 requires requests==2.21.0, but you have requests 2.25.0 which is incompatible.

Changing of course would mean that you have to test more. However, it would help to stay up-to-date with the latest changes as well.

Thx

Tom

[pnu-s]

Hello @7homasSutter !

That's an interesting question, to be fair we have some troubles managing our dependencies, which are mostly sub-dependencies of other packages.

I think requests could be changed pretty safely, I'm not sure about the 2 other ones.

I made some cleaning in https://github.com/Exodus-Privacy/exodus-core/pull/42 I'll try to take a look at this next!

[burkhardtc]

Hello,

I solved most of the dependencies by using the packages of the distribution. By this way neither virtualEnv or Docker are necessary. Exodus works perfectly with Python from 3.5 until 3.9 on:

• Debian Stretch + Buster + Bullseye
• Ubuntu 18.04.5 + 20.04.1 + 20.10

I would prefer to see the dependencies set to a minimum (>=) in your requirements.txt like following:

androguard>=3.1.0
cryptography>=2.3.4
dhash>=1.3
jellyfish>=0.5.6
Pillow>=5.4.1
requests>=2.12.0
six>=1.10.0
traitlets>=4.3.2 

At least it works in my case until following versions:

androguard <= 3.4.0a1
cryptography <= 3.3.1
dhash = 1.3
jellyfish <= 0.8.2
Pillow <= 8.1.0
requests <= 2.25.1
six <= 1.15.0
traitlets <= 5.0.5

[7homasSutter]

Thx!