jtroussard
commented
6 months ago I agree. While the project is re-published we should take advantage of the situation and following semantic versioning and create a major release so that users understand the api has changed (python 2.7 dropped, some other compliance hooks were dropped)
Just wanted to supplement that post with this reminder that the version should be 2.4.0 on next release to better communicate the type of changes and help users avoid breaking their projects if they, for whatever reasons, need to keep using 2.7 or the older compliance hooks.
JonathanHuot
With #529 Python 2 support was removed, and that change was released with 1.4.0. But https://github.com/requests/requests-oauthlib/blob/eee74a2d02f81cb61b819496d8d16b7cd1b0c5b0/setup.py#L46 was not modified to include this change. Now Python 2.7 code that imports requests-oauthlib will always pull in 1.4.0 which will immediately break.
Most code owners will simply pin requests-oauthlib, but we encountered an issue with a transient dependency pulling down this now broken 2.7 code (we absolutely know that we shouldn't be using 2.7, but we have some lasting tests that require testing in 2.7 and these are now failing).
We will simply pin our dependency for 2.7, but I suggest that 2.7 is officially removed from the list in setup.py and the 1.4.0 that is out there is yanked (so that it won't be installed in any 2.7 envs) and re-published.