search

avryhof / ambient_api

Python module for accessing the Ambient Weather API
MIT License
32 stars 18 forks source link

Potential dependency conflicts between ambient-api and urllib3 #7

Open NeolithEra opened 4 years ago

NeolithEra commented 4 years ago

Hi, as shown in the following full dependency graph of ambient-api, ambient-api requires *_urllib3 _ , while the installed version of requests(2.22.0) requires _urllib3 <1.26,>=1.21.1**_.

According to Pip's “first found wins” installation strategy, urllib3 1.25.7 is the actually installed version.

Although the first found package version urllib3 1.25.7 just satisfies the later dependency constraint (urllib3 <1.26,>=1.21.1), it will lead to a build failure once developers release a newer version of urllib3.

Dependency tree--------

ambient-api - 1.5.2
| +- requests(install version:2.22.0 version range:*)
| | +- certifi(install version:2019.11.28 version range:>=2017.4.17)
| | +- chardet(install version:3.0.4 version range:<3.1.0,>=3.0.2)
| | +- idna(install version:2.8 version range:>=2.5,<2.9)
| | +- urllib3(install version:1.25.7 version range:<1.26,>=1.21.1)
| +- urllib3(install version:1.25.7 version range:*)

Thanks for your attention. Best, Neolith

NeolithEra commented 4 years ago

Suggested Solution

  1. Fix your direct dependencies to be urllib3 <1.26.
  2. Ask your upstream project request to losse the version range of urllib3 to be >=1.21.1.

@avryhof Which solution do you prefer, 1 or 2? Please let me know your choice. May I pull a request to solve this issue?

avryhof commented 4 years ago

Ahh probably because I let dpendbot apply the change. I can take care of it.