Closed KSchopmeyer closed 6 months ago
Changes required to support urllib3 version 2.0+
DISCUSSION: Setting requirements, minimum requirements for urllib3.
NOTE: In pr # 3069 we made corrections so that pywbem works with both urllib3 1.26.5 and 2.0+.
Question 1: Should we limit the minimum version of urllib3 to urllib3 >= 2.0 or should we leave it at the current versions as follows:
urllib3>=1.25.9; python_version >= '3.7' and python_version <= '3.9'
urllib3>=1.26.5; python_version >= '3.10'
Obviously version 2.0+ is the preferred version if it is available.
Question 2: Should we document what to do if a user platform or target WBEM server does not suppor tOpenSSL 1.1.1?
My proposal is that we make the minimum in requirements.txt and constraints_minimum.txt urllib3 version 2.0:
Karl Action: Review the issue and confirm that we have reached a good conclusion (i.e changes, docuumentaion, etc. for all of the changes in urlib3 version 2.)
the urllib3 package did a major update in early may 2023 that included at least the following changes:
removing support for at least python version < 3.7 - Change requirements.txt
Removed support for non-OpenSSL TLS libraries (like LibreSSL and wolfSSL). No change for pywbem
Removed support for OpenSSL versions older than 1.1.1.
Removed support for Python implementations that aren’t CPython or PyPy3 (previously supported Google App Engine, Jython).
Removed the urllib3.contrib.ntlmpool module.
Deprecated several components that will be removed in version 2.1.0 including:
As a temporary measure to keep the tests running issue #3001 was created to limit the urllib3 versions to < 2.0
This will require a number of reviews and possible changes including:
We need to support this version but for the moment we limited our support to just versions < 2.0 to keep our tests running and until a compatible version of the requests package is available( compatible Requests now released). See issue #3003
Since pywbem is an infrastructure component, we will be required to support both the 1.x and 2.x versions of the package.
However, the list of changes means that it is going to take some time to sort through all of the changes for possible impact, not only on the code but also on other issues like OpenSSL version changes, etc. and we cannot upgrade until requests version compatible with urllib3 >2 is released. (It was released 26 Aug 2023)