Potential dependency conflicts between EagleEye and urllib3

[NeolithEra]

Hi, as shown in the following full dependency graph of EagleEye, EagleEye requires urllib3 (the latest version), while the installed version of requests(2.22.0) requires urllib3>=1.21.1,<1.26.

According to Pip's “first found wins” installation strategy, urllib3 1.25.3 is the actually installed version.

Although the first found package version urllib3 1.25.3 just satisfies the later dependency constraint （urllib3>=1.21.1,<1.26), it will lead to a build failure once developers release a newer version of urllib3.

Dependency tree--------

EagleEye(version range:)
| +-face-recognition(version range:)
| +-opencv-python(version range:)
| +-requests-html(version range:)
| | +-requests(version range:)
| | | +-chardet(version range:>=3.0.2,<3.1.0)
| | | +-idna(version range:>=2.5,<2.9)
| | | +-urllib3(version range:>=1.21.1,<1.26)
| | | +-certifi(version range:>=2017.4.17)
| | +-pyquery(version range:)
| | +-fake-useragent(version range:)
| | +-parse(version range:)
| | +-bs4(version range:)
| | | +-beautifulsoup4(version range:)
| | +-w3lib(version range:)
| | +-pyppeteer(version range:>=0.0.14)
| | | +-pyee(version range:)
| | | +-websockets(version range:)
| | | +-appdirs(version range:)
| | | +-urllib3(version range:)
| | | +-tqdm(version range:)
| +-selenium(version range:)
| +-termcolor(version range:)
| +-urllib3(version range:)
| +-weasyprint(version range:)

Thanks for your attention. Best, Neolith

[NeolithEra]

Solution

1. Fix your direct dependencies to be urllib3>=1.21.1,<1.26. I have checked this revision will not affect your downstream projects now.

2. Remove your direct dependency urllib3, and use the library chardet transitively introduced by requests.

Personally, I prefer solution 2. What's your opinion? @ThoughtfulDev May I pull a request to solve this issue?

[ThoughtfulDev]

Hey @NeolithEra Thank you for the issue.

It would be really nice if you could create a pull request which solves this issue.

Thanks in advance