Requires 'idna<2.6,>=2.5' but installs 2.6

[benanderman]

On Ubuntu 16.04.2 LTS, I did a fresh clone, ./bootstrap.sh, and ./venv.sh, and I got this error when trying to run simp_le:

~/simp_le# ./venv/bin/simp_le
Traceback (most recent call last):
  File "./venv/bin/simp_le", line 6, in <module>
    from pkg_resources import load_entry_point
  File "/root/simp_le/venv/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2927, in <module>
    @_call_aside
  File "/root/simp_le/venv/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2913, in _call_aside
    f(*args, **kwargs)
  File "/root/simp_le/venv/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2940, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/root/simp_le/venv/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 637, in _build_master
    return cls._build_from_requirements(__requires__)
  File "/root/simp_le/venv/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 650, in _build_from_requirements
    dists = ws.resolve(reqs, Environment())
  File "/root/simp_le/venv/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 829, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'idna<2.6,>=2.5' distribution was not found and is required by requests

It was fixed like this:

pip install 'idna<2.6,>=2.5'
Collecting idna<2.6,>=2.5
  Downloading idna-2.5-py2.py3-none-any.whl (55kB)
    100% |████████████████████████████████| 61kB 7.8MB/s 
Installing collected packages: idna
  Found existing installation: idna 2.6
    Uninstalling idna-2.6:
      Successfully uninstalled idna-2.6
Successfully installed idna-2.5

But this seems like it shouldn't be necessary (note, idna-2.6 was installed in the venv, not in the system).

[zenhack]

@benanderman, thanks for the report. Looks like idna 2.6 was released yesterday -- yay for upstream breaking my release on the same day.

This looks like a sympom of https://github.com/pypa/pip/issues/988. basically what's happening is:

• pip goes down the list of dependencies, installing them.
• when gets to cryptography, it sees that cryptography needs idna >= 2.1, so installs the latest version, 2.6 (released yesterday).
• when it gets to requests, it sees the requirement for idna>=2.5,<2.6, sees that it already has a conflicting version of idna installed, and just gives up.

I've pushed a workaround where I just list requests first, which fixed the problem on my local machine. If it passes travis and works for you, I'll tag it as 0.5.1 and release it. I'd like a less precarious solution, but off the top of my head I can't really think of one short of freezing the entire transitive dependency graph (note that just doing exact versions one level deep wouldn't prevent this), and I don't like that.

[benanderman]

It works for me — thanks for the quick response!

[zenhack]

You're welcome! I've tagged/pushed/uploaded a new release with the fix. I'm going to close this.

[buchdag]

FYI, the conflict seems to be between cryptography and requests requirements.

cryptography has requirement of "idna >= 2.1" which pulls the most recent version

Until recently requests had requirement of "idna<2.7,>=2.5", and that caused the issue.

[NeftaliYagua]

pip install 'idna<2.9,>=2.5' This work for me!

[marwada98]

pip install 'idna<2.9,>=2.5' This work for me!