Conflicts between mockerena and werkzeug

[NeolithEra]

Hi, users are unable to run mockerena due to dependency conflict with werkzeug package. As shown in the following full dependency graph of mockerena, eve requires werkzeug ==0.15.4，while flask requires werkzeug >=0.15.

According to pip’s “first found wins” installation strategy, werkzeug 0.16.0 is the actually installed version. However, werkzeug 0.16.0 does not satisfy ==0.15.4.

Dependency tree-----------

mockerena - 1.2.0
| +- eve(install version:0.9.2 version range:>=0.9.0)
| | +- cerberus(install version:1.3.2 version range:>=1.1)
| | | +- setuptools(install version:42.0.2 version range:*)
| | +- events(install version:0.3 version range:<0.4,>=0.3)
| | +- flask(install version:1.1.1 version range:>=1.0)
| | | +- click(install version:7.0 version range:>=5.1)
| | | +- itsdangerous(install version:1.1.0 version range:>=0.24)
| | | +- jinja2(install version:2.10.3 version range:>=2.10.1)
| | | | +- markupsafe(install version:1.1.1 version range:>=0.23)
| | | +- werkzeug(install version:0.15.4 version range:>=0.15)
| | +- pymongo(install version:3.9.0 version range:>=3.7)
| | +- simplejson(install version:3.17.0 version range:>=3.3.0,<4.0)
| | +- werkzeug(install version:0.15.4 version range:==0.15.4)
| +- exrex(install version:0.10.5 version range:>=0.10.5)
| +- faker(install version:3.0.0 version range:>=2.0.0)
| +- flasgger(install version:0.9.4.dev2 version range:>=0.9.0)
| | +- flask(install version:1.1.1 version range:>=0.10)
| | | +- click(install version:7.0 version range:>=5.1)
| | | +- itsdangerous(install version:1.1.0 version range:>=0.24)
| | | +- jinja2(install version:2.10.3 version range:>=2.10.1)
| | | | +- markupsafe(install version:1.1.1 version range:>=0.23)
| | | +- werkzeug(install version:0.15.4 version range:>=0.15)
| | +- jsonschema(install version:3.2.0 version range:>=3.0.1)
| | +- mistune(install version:2.0.0a1 version range:*)
| | +- pyyaml(install version:5.2 version range:>=3.0)
| | +- six(install version:1.13.0 version range:>=1.10.0)
| +- flask(install version:1.1.1 version range:>=1.1.0)
| | +- click(install version:7.0 version range:>=5.1)
| | +- itsdangerous(install version:1.1.0 version range:>=0.24)
| | +- jinja2(install version:2.10.3 version range:>=2.10.1)
| | | +- markupsafe(install version:1.1.1 version range:>=0.23)
| | +- werkzeug(install version:0.16.0 version range:>=0.15)
| +- jinja2(install version:2.10.3 version range:>=2.10)
| | +- markupsafe(install version:1.1.1 version range:>=0.23)
| +- jsonschema(install version:2.6.0 version range:<3.0.0,>=2.6.0)
| +- pandas(install version:0.25.3 version range:>=0.25.0)
| +- py-healthcheck(install version:1.9.0 version range:>=1.9.0)
| | +- six(install version:1.13.0 version range:*)

Thanks for your help. Best, Neolith

[NeolithEra]

Suggested Solution

1. Ask your upstream project eve to loose the version range of werkzeug.
2. Fix your direct dependency to be eve<=0.9.0. I have checked this revision will not affect your downstream projects now.

@jlane93 Which solution do you prefer, 1 or 2? Please let me know your choice. I can submit a PR to solve this issue.

[jlane9]

Just to be certain, your suggestion for 1 is to loosen the versioning on urllib3 and not werkzeug?

[jlane9]

Also, it appears Eve has fixed the version for werkzeug because some of the newer versions have been breaking functionality.

https://github.com/pyeve/eve/issues/1267 https://github.com/pyeve/eve/issues/1325

[NeolithEra]

Could you add a new direct dependency werkzeug==0.15.4. I have checked this revision will not affect your downstream projects now. Now, werkzeug 0.16.0 is the actually installed version which is installed by flask. However, werkzeug 0.16.0 does not satisfy ==0.15.4.

[jlane9]

Thanks @NeolithEra I've pushed up changes that should resolve this. Also you uncovering this helped me find a breaking change with the newest version of faker 🙌