Potential dependency conflicts between glastopf and chardet

[NeolithEra]

Hi, as shown in the following full dependency graph of glastopf, glastopf requires chardet (the latest version)， while the installed version of requests(2.22.0) requires chardet>=3.0.2,<3.1.0.

According to Pip's “first found wins” installation strategy, chardet 3.0.4 is the actually installed version.

Although the first found package version chardet 3.0.4 just satisfies the later dependency constraint (chardet>=3.0.2,<3.1.0), it will lead to a build failure once developers release a newer version of chardet in the near future, which is greater than 3.1.0.

Dependency tree--------

glastopf(version range:)
| +-beautifulsoup(version range:>=3.2.0)
| +-chardet(version range:)
| +-cssselect(version range:>=0.7.0)
| +-gevent(version range:>=1.0)
| +-hpfeeds(version range:)
| +-jinja2(version range:)
| +-libtaxii(version range:)
| | +-python-dateutil(version range:>=1.4.1)
| | +-six(version range:>=1.9.0)
| | +-lxml(version range:>=2.2.3)
| +-lxml(version range:)
| +-mysql-python(version range:)
| +-pylibinjection(version range:)
| | +-cython(version range:)
| +-pymongo(version range:>=2.4)
| +-pyopenssl(version range:)
| +-requests(version range:>=1.0.0)
| | +-chardet(version range:>=3.0.2,<3.1.0)
| | +-idna(version range:>=2.5,<2.9)
| | +-urllib3(version range:>=1.21.1,<1.26)
| | +-certifi(version range:>=2017.4.17)
| +-sqlalchemy(version range:>=0.8.0)
| +-webob(version range:>=1.2.0)

Thanks for your attention. Best, Neolith

[NeolithEra]

Solution

1. Fix your direct dependencies to be chardet>=3.0.2,<3.1.0 and requests==0.22.0, to remove this conflict. I have checked this revision will not affect your downstream projects now.

2. Remove your direct dependency chardet, and use the library chardet transitively introduced by requests.

Personally, I prefer solution 2. What's your opinion?

@johnnykv May I pull a request to solve this issue?

[glaslos]

Feel free to create a PR

[glaslos]

Merged