importlib_metadata pinning is causing issue with Python 3.8

[Lawouach]

Describe the bug I think the importlib_metadata should be refined for Python 3.8

I have the following error from pipenv:

The conflict is caused by:
chaostoolkit-lib 1.28.0 depends on importlib-metadata~=1.2; python_version < "3.8"
flake8 5.0.4 depends on importlib-metadata<4.3 and >=1.1.0; python_version < "3.8"
keyring 23.8.2 depends on importlib-metadata>=3.6; python_version < "3.10"

My understanding is that for Python 3.8, importlib_metadata should be pinned to ~=1.4 but I'm guessing it pulls bigger than this with importlib-metadata>=3.6; python_version < "3.10"

Am I reading it wrong and the problem lies elsewhere?

[mitya57]

The problem is with flake8, which sets upper bound (importlib-metadata<4.3).

@jaraco, the maintainer of keyring, submitted a pull request to flake8 to port to new API of importlib-metadata (using a compatibility shim) but it was closed because the flake8 maintainer did not want an additional depenedency (PyCQA/flake8#1011).

Other people asked flake8 developers to unpin importlib-metadata and use new API, but the issues were also closed (PyCQA/flake8#1438, PyCQA/flake8#1522).

I think a potential way forward may be to make flake8 support both old and new APIs without need for a new dependency (maybe with try/except blocks), and finally remove upper bound on importlib-metadata.

[Lawouach]

Thanks @mitya57 for the clear context. I'm sorry if I aimed at the wrong project. Though it doesn't seem like opening a new issue on flake8 will help anyway. sigh.

Thanks a bunch. I'll close this one.