Potential dependency conflicts between automation-tools and urllib3

[NeolithEra]

Hi, as shown in the following full dependency graph of automation-tools, automation-tools requires urllib3 (the latest version), while the installed version of requests(2.22.0) requires urllib3>=1.21.1,<1.26.

According to Pip's “first found wins” installation strategy, urllib3 1.25.3 is the actually installed version.

Although the first found package version urllib3 1.25.3 just satisfies the later dependency constraint （urllib3>=1.21.1,<1.26), it will lead to a build failure once developers release a newer version of urllib3.

Dependency tree--------

automation-tools-master
| +-amclient(version range:==1.0.0rc2)
| +-enum34(version range:*)
| +-flake8(version range:==3.4.1)
| +-flake8-import-order(version range:==0.13)
| +-metsrw(version range:==0.3.8)
| +-mock(version range:*)
| +-pytest(version range:*)
| +-requests(version range:<3.0)
| | +-chardet(version range:>=3.0.2,<3.1.0)
| | +-idna(version range:>=2.5,<2.9)
| | +-urllib3(version range:>=1.21.1,<1.26)
| | +-certifi(version range:>=2017.4.17)
| +-six(version range:*)
| +-sqlalchemy(version range:*)
| +-urllib3(version range:*)
| +-vcrpy(version range:>=1.0.0)

Thanks for your attention. Best, Neolith

[NeolithEra]

Solution

1. Fix your direct dependencies to be urllib3>=1.21.1,<1.26 and requests==2.22.0, to remove this conflict. I have checked this revision will not affect your downstream projects now.

2. Remove your direct dependency urllib3, and use urllib3 transitively introduced by request.

@Hwesta Please let me know your choice. I can submit a PR to solve this issue. Build a good dependency ecosystem for python projects is our common goal ^_^.