search

jordanpotti / AWSBucketDump

Security Tool to Look For Interesting Files in S3 Buckets
MIT License
1.36k stars 240 forks source link

Installation fails due to conflicting urllib3 version #17

Open NeolithEra opened 5 years ago

NeolithEra commented 5 years ago

Hi, users are unable to run AWSBucketDump due to dependency conflict with urllib3 package. As shown in the following full dependency graph of AWSBucketDump, AWSBucketDump requires urllib3,while requests==2.20.0 requires urllib3>=1.21.1,<1.25.

According to pip’s “first found wins” installation strategy, urllib3==1.25.3 is the actually installed version. However, urllib3==1.25.3 does not satisfy urllib3>=1.21.1,<1.25.

Dependency tree------

AWSBucketDump-master
| +-certifi(version range:==2017.7.27.1)
| +-chardet(version range:==3.0.4)
| +-idna(version range:==2.6)
| +-requests(version range:==2.20.0)
| | +-certifi(version range:>=2017.4.17)
| | +-chardet(version range:<3.1.0,>=3.0.2)
| | +-idna(version range:>=2.5,<2.8)
| | +-urllib3(version range:>=1.21.1,<1.25)
| +-urllib3(version range:*)
| +-xmltodict(version range:==0.11.0)

Thanks for your help. Best, Neolith

NeolithEra commented 5 years ago

Solution

  1. Fix your direct dependency to be urllib3>=1.21.1,<1.25. I have checked this revision will not affect your downstream projects now.
  2. Remove your direct dependency urllib3, and use the urllib3 transitively introduced by requests.

Which solution do you prefer, 1 or 2? @jordanpotti Please let me know your choice. I can submit a PR to solve this issue.

jordanpotti commented 4 years ago

2