PyJWT out of date in setup.py

codemation / easyauth

Create a centralized Authentication and Authorization token server. Easily secure FastAPI endpoints based on Users, Groups, Roles or Permissions with very little database usage.

https://easyauth.readthedocs.io/en/latest/

MIT License

553 stars 52 forks source link

PyJWT out of date in setup.py #7

Closed tisboyo closed 2 years ago

tisboyo commented 3 years ago

Took me a minute to find, but PyJWT is out of date in setup.py causing a hang in pip when installing all requirements if PyJWT is specified in requirements.txt as 2.1.0.

codemation commented 3 years ago

@tisboyo - currently master version of setup.py specifies PyJWT==2.0.0 but requirements.txt does not provide a version. If dependencies are install via repo clone, users might run into issues, but via PIP this should follow setup.py BASE_REQUIREMENTS which has a static version of 2.0.0.

Will keep this open as a TODO for testing the updated version and determine the failure cause.

[ Test Updated PyJWT version ] - Determine what causes installation to fail via pip if 2.1.0 is used.

tisboyo commented 3 years ago

Ran into this one again today when rebuilding my containers. It seems related to me having Cryptography pinned to 3.4.7 which should meet the requirements of PyJWT 2.0.0, which was cryptography>=2.6,<4.0.0. PyJWT 2.1.0 has cryptography>=3.3.1,<4.0.0. Also I think all of the hangups in this have to do with the new dependency resolver in pip. So who knows there.. but just wanted to give an update on this one while I was arguing with it.