search

ultralytics / yolov5

YOLOv5 πŸš€ in PyTorch > ONNX > CoreML > TFLite
https://docs.ultralytics.com
GNU Affero General Public License v3.0
51.03k stars 16.41k forks source link

yolov5-pip forced boto3 consumption invalidates py3.7-9 support #13312

Open lockwoodar opened 2 months ago

lockwoodar commented 2 months ago

Search before asking

YOLOv5 Component

Other

Bug

Problem

yolov5-pip (v7.0.13 PyPi packaging) is currently forcing end-users to consume boto3, which brings in transitive updates to botocore that constrain urllib3 on python version <3.10 due to security updates. This functionally ends yolov5 support for python versions 3, 3.7-9 based on end-user environment configuration.

(e.g. yolov5 cannot be installed in a py3.9 environment that is also using gradio>=4.27.0, which introduces a urllib3~=2.0 security constraint)

Ask / Potential Solution

yolov5 can retroactively continue to support python <3.10 environments by vending an optional configuration that omits enforced consumption of AWS-CLI dependencies (e.g. pip install yolov5[no-aws-cli] while not disrupting downstream end-users that are expecting the enforced consumption).

Environment

n/a - reproducible environment cannot solve due to above problem (see reproduction section for example)

Minimal Reproducible Example

Create a minimal conda environment (or use another preferred venv)

conda create -n yolov5-env -c conda-forge python=3.9 pip

Install any dependency that has enforced secops pins on urllib3>=2.0

pip install gradio==4.27.0

Install yolov5

pip install yolov5

Example failure:

vision, thop, ultralytics, yolov5
  Attempting uninstall: urllib3
    Found existing installation: urllib3 2.2.3
    Uninstalling urllib3-2.2.3:
      Successfully uninstalled urllib3-2.2.3
  Attempting uninstall: idna
    Found existing installation: idna 3.8
    Uninstalling idna-3.8:
      Successfully uninstalled idna-3.8
ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
gradio 4.27.0 requires urllib3~=2.0, but you have urllib3 1.26.20 which is incompatible.

Additional

No response

Are you willing to submit a PR?

UltralyticsAssistant commented 2 months ago

πŸ‘‹ Hello @lockwoodar, thank you for bringing this to our attention πŸš€! This is an automated response, and an Ultralytics engineer will assist you soon.

It looks like you're experiencing a compatibility issue with boto3 dependencies and Python environments below version 3.10 due to security constraints with urllib3. Let's go through potential solutions and some helpful practices:

Solution for boto3 Dependency Issue

As a workaround, you can attempt to create a custom environment without enforced AWS-CLI dependencies:

  1. Set up your environment:

    conda create -n yolov5-env -c conda-forge python=3.9 pip
conda activate yolov5-env

  2. Install gradio or any other dependency:

    pip install gradio==4.27.0

  3. Install yolov5 without boto3: Unfortunately, the capability to conditionally exclude packages like boto3 directly through pip options does not currently exist in yolov5, but we acknowledge the need for such a feature. A feasible workaround is to manually edit the requirements file before installation or create a new file excluding AWS packages.

Installation Best Practices

Future Steps

πŸ“– For more detailed setup instructions, please visit:

Stay tuned for support from our engineers, and thank you for your contribution by offering to submit a PR! Your initiative is appreciated and helps improve the project for everyone πŸŽ‰.

pderrenger commented 1 week ago

@lockwoodar thank you for bringing this to our attention. We recommend checking if the issue persists with the latest version of YOLOv5. If the problem continues, your suggestion for an optional configuration to omit AWS-CLI dependencies is valuable, and we welcome a pull request to address this.