please support newer version of h11

wapiti-scanner / wapiti

Web vulnerability scanner written in Python3

https://github.com/wapiti-scanner/wapiti

GNU General Public License v2.0

1.2k stars 180 forks source link

please support newer version of h11 #346

Closed QuixoticGitHub closed 1 year ago

QuixoticGitHub commented 1 year ago

https://github.com/python-hyper/h11 version 0.12 is apparently a requirement?

raise VersionConflict(dist, req).with_context(dependent_req) pkg_resources.ContextualVersionConflict: (h11 0.14.0 (/usr/lib/python3.10/site-packages), Requirement.parse('h11<0.13,>=0.11'), {'httpcore'})

I think 0.14 is standard in my arch based distro

polyedre commented 1 year ago

According to its Changelog, httpcore added support for h11==0.14 in version 0.16.0 (https://github.com/encode/httpcore/blob/master/CHANGELOG.md#0160).

Wapiti currently relies on the latest version of httpx : 0.23.0 (https://github.com/encode/httpx/releases/tag/0.23.0). httpx itself requires httpcore>=0.15.0,<0.16.0.

A discussion on the httpx project addresses the last errors (two failing tests). When the project supports httpcore 0.16.0, we can support h11==0.14.

devl00p commented 1 year ago

h11 is also blocked by two dependencies : respx and mitmproxy.

Moving to the next version of mitmproxy will certainly remove support of python < 3.9

devl00p commented 1 year ago

It works well for python 3.9 and 3.10 but upgrading to 3.11 is blocked due to nassl < 5.0.0 having no python 3.11 release

This is a dependency tied to sslyze (issue https://github.com/nabla-c0d3/sslyze/issues/582)

devl00p commented 1 year ago

It should unblock h11 users unless they are also using Python 3.11