Installation fails due to conflicting Werkzeug version

[NeolithEra]

Hi, users are unable to run jawfish due to dependency conflict with Werkzeug package. As shown in the following full dependency graph of jawfish, jawfish requires Werkzeug==0.11.11，while flask>=0.12.3 requires Werkzeug>=0.15.

According to pip’s “first found wins” installation strategy, Werkzeug==0.11.11 is the actually installed version. However, Werkzeug==0.11.11 does not satisfy Werkzeug>=0.15.

Dependency tree

jawfish-master
| +-flask(version range:>=0.12.3)
| | +-click(version range:>=5.1)
| | +-itsdangerous(version range:>=0.24)
| | +-jinja2(version range:>=2.10.1)
| | | +-markupsafe(version range:>=0.23)
| | +-werkzeug(version range:>=0.15)
| +-flask-sslify(version range:==0.1.5)
| | +-flask(version range:*)
| | | +-click(version range:>=5.1)
| | | +-itsdangerous(version range:>=0.24)
| | | +-jinja2(version range:>=2.10.1)
| | | | +-markupsafe(version range:>=0.23)
| | | +-werkzeug(version range:>=0.15)
| +-itsdangerous(version range:==0.24)
| +-jinja2(version range:>=2.10.1)
| | +-markupsafe(version range:>=0.23)
| +-markupsafe(version range:==0.23)
| +-werkzeug(version range:==0.11.11)
| +-wtforms(version range:==2.1)

Thanks for your help. Best, Neolith

[NeolithEra]

Solution

1. Fix your direct dependency to be Werkzeug>=0.15. I have checked this revision will not affect your downstream projects now.

2. Remove your direct dependency Werkzeug, and use Werkzeug transitively introduced by flask.

Which solution do you prefer, 1 or 2?

@gingeleski Please let me know your choice. I can submit a PR to solve this issue.

[gingeleski]

2 - thanks.