How can we upgrade urllib?

[neilferreira]

Users (myself included) reported that all of a sudden the following error was raised by the Arlo API

401 Client Error: Unauthorized for url: https://my.arlo.com/hmsweb/login/v2

@jeffreydwalter made the discovery that this relates to the version of urlllib being used @ https://github.com/jeffreydwalter/arlo/issues/146#issuecomment-847345892 and resolved the issue via https://github.com/jeffreydwalter/arlo/commit/aac7582e5bcd9626f2d4717eba44dd9811e3e80f

This version conflicts with boto3 (The AWS SDK) @ https://github.com/boto/botocore/blob/develop/setup.py#L29 , do we have any idea WHAT exactly urllib was doing incorrectly that resulted in the Arlo API causing the original issue?

The conflict is caused by:
     arlo 1.2.50 depends on urllib3==1.24
     botocore 1.20.88 depends on urllib3<1.27 and >=1.25.4

To reproduce:

requirements.txt

arlo==1.2.50
boto3==1.17.88

Dockerfile

FROM python:3.8-slim

ADD requirements.txt ./

RUN pip install -r requirements.txt

> $ docker build .

[3/3] RUN pip install -r requirements.txt:

7 0.852 Collecting arlo==1.2.50

7 0.948 Downloading arlo-1.2.50-py2.py3-none-any.whl (27 kB)

7 1.165 Collecting boto3==1.17.88

7 1.173 Downloading boto3-1.17.88-py2.py3-none-any.whl (131 kB)

7 1.232 Collecting urllib3==1.24

7 1.239 Downloading urllib3-1.24-py2.py3-none-any.whl (117 kB)

7 1.272 Collecting sseclient==0.0.22

7 1.279 Downloading sseclient-0.0.22.tar.gz (6.5 kB)

7 1.497 Collecting requests

7 1.504 Downloading requests-2.25.1-py2.py3-none-any.whl (61 kB)

7 1.529 Collecting PySocks

7 1.536 Downloading PySocks-1.7.1-py3-none-any.whl (16 kB)

7 1.553 Collecting monotonic

7 1.561 Downloading monotonic-1.6-py2.py3-none-any.whl (8.2 kB)

7 1.864 Collecting botocore<1.21.0,>=1.20.88

7 1.873 Downloading botocore-1.20.88-py2.py3-none-any.whl (7.6 MB)

7 3.066 Collecting s3transfer<0.5.0,>=0.4.0

7 3.074 Downloading s3transfer-0.4.2-py2.py3-none-any.whl (79 kB)

7 3.102 Collecting jmespath<1.0.0,>=0.7.1

7 3.110 Downloading jmespath-0.10.0-py2.py3-none-any.whl (24 kB)

7 3.140 Collecting six

7 3.148 Downloading six-1.16.0-py2.py3-none-any.whl (11 kB)

7 3.159 INFO: pip is looking at multiple versions of urllib3 to determine which version is compatible with other requirements. This could take a while.

7 3.160 INFO: pip is looking at multiple versions of sseclient to determine which version is compatible with other requirements. This could take a while.

7 3.160 INFO: pip is looking at multiple versions of to determine which version is compatible with other requirements. This could take a while.

7 3.160 INFO: pip is looking at multiple versions of boto3 to determine which version is compatible with other requirements. This could take a while.

7 3.160 INFO: pip is looking at multiple versions of arlo to determine which version is compatible with other requirements. This could take a while.

7 3.160

7 3.160 The conflict is caused by:

7 3.160 arlo 1.2.50 depends on urllib3==1.24

7 3.160 botocore 1.20.88 depends on urllib3<1.27 and >=1.25.4

7 3.160

7 3.160 To fix this you could try to:

7 3.160 1. loosen the range of package versions you've specified

7 3.160 2. remove package versions to allow pip attempt to solve the dependency conflict

7 3.160

7 3.160 ERROR: Cannot install -r requirements.txt (line 1) and boto3 because these package versions have conflicting dependencies.

7 3.160 ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/user_guide/#fixing-conflicting-dependencies

---

executor failed running [/bin/sh -c pip install -r requirements.txt]: exit code: 1

[neilferreira]

I'll be using an older version of boto3 for the time being to work around this ✌️

[jeffreydwalter]

The issue is not urllib3 per se, the problem is in requests using urllib3 (see https://github.com/psf/requests/issues/5817). I would go there and encourage them to fix the issue.