PyJWT dependency version

[paolodina]

Hi, I'm using django-eventstream in a project. Now I have to add djoser as a new dependency but pip says there is a version conflict on PyJWT.

ERROR: pip's dependency resolver does not currently take into account all the packages that are installed.
This behaviour is the source of the following dependency conflicts.
django-eventstream 4.1.0 requires PyJWT<2,>=1.5,
but you have pyjwt 2.1.0 which is incompatible.

So, pip installed PyJWT 2.1.0 anyway and django-eventstream still works. Or at least, I only use send_event and it still works.

I wonder if I can safely keep 2.1.0 or if there would be some issue with something else (I'll have to use a channel manager class with custom authorization logic). After all if setup.py specifies PyJWT>=1.5,<2 maybe there is a reason.

Any opinion?

PS. if it matters, PyJWT was at v1.7.1 before pip install djoser.

[jkarneges]

There was a reason. But it was not too hard to fix. Released 4.2.0 with support for PyJWT 2.

Let me know if you run into any issues.

[foucdeg]

Hi @jkarneges , I'm still having this issue (possibly due to using poetry which has a strict version conflict policy).

It is because django-eventstream depends on django-grip (resolved as 3.0.0) which depends on pubcontrol (resolved as 3.0.0) which depends on PyJWT <2.0.

This was reported by my upgrade bot, with detailed output : https://github.com/foucdeg/passe-un-dessin/pull/1113

EDIT looks like it ran before pubcontrol 3.2.0 was out, I'll try to rerun it.