Dependency resolution error

[bladeoflight16]

Using a clean venv, I get a dependency conflict between beckett and pokepy for the requests package:

(venv) PS> python --version
Python 3.8.1
(venv) PS> pip --version
pip 20.0.2 from c:\users\bladeoflight16\personal\pokemon\venv\lib\site-packages\pip (python 3.8)
(venv) PS> pip install pokepy
Collecting pokepy
  Using cached pokepy-0.6.0-py2.py3-none-any.whl (12 kB)
Collecting requests==2.21.*
  Using cached requests-2.21.0-py2.py3-none-any.whl (57 kB)
Collecting fcache==0.4.*
  Using cached fcache-0.4.7-py2.py3-none-any.whl (10 kB)
Collecting beckett==0.8.*
  Using cached beckett-0.8.0-py2.py3-none-any.whl (10 kB)
Collecting urllib3~=1.24.3
  Using cached urllib3-1.24.3-py2.py3-none-any.whl (118 kB)
Collecting certifi>=2017.4.17
  Using cached certifi-2019.11.28-py2.py3-none-any.whl (156 kB)
Collecting idna<2.9,>=2.5
  Using cached idna-2.8-py2.py3-none-any.whl (58 kB)
Collecting chardet<3.1.0,>=3.0.2
  Using cached chardet-3.0.4-py2.py3-none-any.whl (133 kB)
Collecting appdirs
  Using cached appdirs-1.4.3-py2.py3-none-any.whl (12 kB)
Collecting six==1.10.0
  Using cached six-1.10.0-py2.py3-none-any.whl (10 kB)
Collecting inflect==0.2.5
  Using cached inflect-0.2.5-py2.py3-none-any.whl (58 kB)
ERROR: beckett 0.8.0 has requirement requests==2.10.0, but you'll have requests 2.21.0 which is incompatible.
Installing collected packages: certifi, idna, urllib3, chardet, requests, appdirs, fcache, six, inflect, beckett, pokepy
Successfully installed appdirs-1.4.3 beckett-0.8.0 certifi-2019.11.28 chardet-3.0.4 fcache-0.4.7 idna-2.8 inflect-0.2.5 pokepy-0.6.0 requests-2.21.0 six-1.10.0 urllib3-1.24.3

It still installs, and I don't know whether it actually causes any problems. But still should be addressed.

[Kronopt]

Hi, bladeoflight16. I bumped the requestsversion to 2.21 because of this vulnerability with version <=1.20.

You can rest assured that it causes no problems as I have tested pokepy with these requirements and it works as intended. I know it looks bad on the install to have an error like that, but I can't do anything for now...

I'll keep this open as I will probably do something about beckett one of these days.

[Naramsim]

By bumping Beckett's requests would the issue be resolved?

[Kronopt]

Yes. I haven't tested beckett with a different requests version though.

[Naramsim]

We could send a PR there and check if the tests are passing

[Kronopt]

Yes, we could. I just don't think @phalt is interested in maintaining beckett anymore, as I've left some unanswered issues and a PR's there over the years. So I don't think it's worth it if the PR is going to be left unanswered.

If it's just to check whether beckett would work with requests 2.21 for the sake of pokepy's functionality, I don't think it's necessary, as the pokepy tests cover that.

[phalt]

I am no longer actively working on Beckett :)

[bladeoflight16]

@phalt Be that as it may, requests uses semantic versioning. This means that Beckett should be able to depend on any higher 2.x version of it without worrying about breaking compatibility. Would you consider a small update to loosen the versioning requirement? Assuming your testing is automated, that should be an extremely small change.

[phalt]

@bladeoflight16 when I get some free time I will try and make a release.

[phalt]

Alternatively, feel free to make a pull request!