Closed jeffrose-relay closed 1 month ago
👋 @jeffrose-relay
Thanks for reporting this! The discrepancy you're seeing is because our main branch is where we're developing the 3.X branch of Prefect. We release 2.X patches (including prefect-client) from https://github.com/PrefectHQ/prefect/tree/2.x , where you'll see the anyio pin.
There's currently a release candidate for 3.X that we're soliciting feedback from folks (like you!) -- you can install it by allowing prereleases in pip.
Prefect 3.X is compatible with anyio > 4, but I'm afraid Prefect 2.X will only be compatible with anyio < 4.
Thanks @aaazzam! This answers my question completely and I will close this out.
First check
Bug summary
When I look at https://github.com/PrefectHQ/prefect/blob/main/requirements-client.txt, I see the dependencies listed for anyio are:
anyio >= 4.0.0, < 5.0.0
However, when I install version 2.19.8 of prefect-client, it shows the dependencies for anyio as the following:
anyio<4.0.0,>=3.7.1
I am not sure if there is a bug or if I am misundestanding the purpose of the requirements-client.txt file? Thanks
Reproduction
Error
No response
Versions (
prefect version
output)Additional context
There is a security vulnerability in all versions of anyio prior to 4.4.0. This is why I am looking into this in the first place.