Allow for urllib3 < 2.x

gmetzker commented 4 months ago

[X] I have looked into the Readme and Examples, and have not found a suitable solution or answer.
[X] I have looked into the API documentation and have not found a suitable solution or answer.
[X] I have searched the issues and have not found a suitable solution or answer.
[X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
[X] I agree to the terms within the Auth0 Code of Conduct.

This issue is, when using AWS lambda with python 3.9 urllib 2.x is not supported, infact the botocore library pin urllib3 < 1.27 for python < 3.10. See: https://github.com/boto/botocore/blob/develop/setup.py#L28

At the moment we cannot yet update to python 3.10+, so I'm getting conflicts with botocore when trying to use the latest auto0-python library.

Do you 100% need the urllib3 pin to 2.x? Or could you allow <1.27 for Python <= 3.9

Change the dependency pinning so urllib < 2.x can be used for python 3.9

At the moment I'm considering updating using auth0-python version 4.5.

No response

imnotjames commented 4 months ago

Seconding this. Happy to open a PR making that requirement a bit less strict.

This is probably a dependabot thing? Seems it automatically bumps the version a bunch -- but that's just the poetry lock, right?

gmetzker commented 4 months ago

@evansims Any thoughts on this?

Would you accept a PR putting python version specific constraints on urllib3? Here is what botocore has in their setup.py:

requires = [
    # ...
    'urllib3>=1.25.4,<1.27 ; python_version < "3.10"',
    'urllib3>=1.25.4,<2.1 ; python_version >= "3.10"',
]

auth0 / auth0-python