search

aio-libs / aiomonitor

aiomonitor is module that adds monitor and python REPL capabilities for asyncio application
https://aiomonitor.aio-libs.org
Apache License 2.0
662 stars 42 forks source link

Relax aiohttp dependency #392

Closed baswelsh closed 7 months ago

baswelsh commented 11 months ago

Describe the bug

Is it straightforward to relax the constraint on the aiohttp dependency? We are getting the following error from pip check:

aiomonitor 0.6.0 has requirement aiohttp~=3.8.5, but you have aiohttp 3.9.1.

Please note that typically aiohttp~=3.8.5 would be fine but as of recently, aiohttp<=3.9 has a critical security vulnerability and containers that use it don't pass the relevant scans.

To Reproduce

Attempt to install a newer versions of aiohttp alongside aiomonitor: pip install aiohttp==3.9.1 aiomonitor==0.6.0.

Result: ERROR: Cannot install aiohttp==3.9.1 and aiomonitor==0.6.0 because these package versions have conflicting dependencies.

Expected behavior

The expected behavior is that the dependency constraint be aiohttp>=3.8.5

Logs/tracebacks

`ERROR: Cannot install aiohttp==3.9.1 and aiomonitor==0.6.0 because these package versions have conflicting dependencies.`

Python Version

3.10 and 3.11

aiomonitor Version

0.6.0

OS

MacOS

Additional context

Thank you for the help!

Code of Conduct

achimnol commented 7 months ago

Fixed in f156e5b5b63e0e04073b472481f2d0d276e86f72. Thanks!