stuart909
commented
7 months ago Thanks for pointing this out. We went ahead and fixed the code base to make use of the 3.0 werkzeug.
Closed mvetom closed 7 months ago
stuart909
commented
7 months ago Thanks for pointing this out. We went ahead and fixed the code base to make use of the 3.0 werkzeug.
Just wanted to submit the updated requirement.txt file for review. (Werkzeug==2.3.8 at the top) Users should be able to install these dependencies and run successfully without the "SHA" error that is caused by using Werkzeug 3.0.1, OR the Password Too Long error you will see in the sha256-Correction branch.
(sha256-Correction attempts to bring its hash method up to Werkzeug 3.0.1's standards)
CAUTION: Apparently there are ways this attempt to force pip to install Werkzeug 2.3.8 could fail - such as if some subsequent dependency needs a higher version. That's not happening to me right now, but it's something to consider for the future. It all depends on if another dependency eventually tries to force us up to Werkzeug 3.0.+ before we're ready.
If this pull is rejected in favor of the --no-dependencies flag option, please advise which versions or version caps of each dependency we should "freeze " the requirements.txt at.