Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential dependency conflicts between autosubtakeover and idna #6

Open
NeolithEra opened this issue Dec 27, 2019 · 1 comment
Open

Potential dependency conflicts between autosubtakeover and idna #6

NeolithEra opened this issue Dec 27, 2019 · 1 comment

Comments

@NeolithEra
Copy link

NeolithEra commented Dec 27, 2019
edited
Loading

Hi, as shown in the following full dependency graph of autosubtakeover, tldextract requires idna * , while the installed version of requests(2.22.0) requires idna >=2.5,<2.9.

According to Pip's “first found wins” installation strategy, idna 2.8 is the actually installed version.

Although the first found package version idna 2.8 just satisfies the later dependency constraint (idna >=2.5,<2.9), it will lead to a build failure once developers release a newer version of idna.

Dependency tree--------


autosubtakeover - 0.1
| +- aiodns(install version:2.0.0 version range:*)
| | +- pycares(install version:3.0.0 version range:>=3.0.0)
| | | +- cffi(install version:1.13.2 version range:>=1.5.0)
| | +- typing(install version:3.7.4.1 version range:*)
| +- asyncio(install version:3.4.3 version range:*)
| +- click(install version:7.0 version range:*)
| +- pycares(install version:3.0.0 version range:*)
| | +- cffi(install version:1.13.2 version range:>=1.5.0)
| +- tldextract(install version:2.2.2 version range:*)
| | +- idna(install version:2.8 version range:*)
| | +- requests(install version:2.22.0 version range:>=2.1.0)
| | | +- certifi(install version:2019.9.11 version range:>=2017.4.17)
| | | +- chardet(install version:3.0.4 version range:<3.1.0,>=3.0.2)
| | | +- idna(install version:2.8 version range:>=2.5,<2.9)
| | | +- urllib3(install version:1.25.7 version range:<1.26,>=1.21.1)
| | +- requests-file(install version:1.4.3 version range:>=1.4)
| | | +- requests(install version:2.22.0 version range:>=1.0.0)
| | | | +- certifi(install version:2019.9.11 version range:>=2017.4.17)
| | | | +- chardet(install version:3.0.4 version range:<3.1.0,>=3.0.2)
| | | | +- idna(install version:2.8 version range:>=2.5,<2.9)
| | | | +- urllib3(install version:1.25.7 version range:<1.26,>=1.21.1)
| | | +- six(install version:1.13.0 version range:*)
| | +- setuptools(install version:42.0.1 version range:*)
| +- tornado(install version:6.0.3 version range:*)

Thanks for your attention.
Best,
Neolith
@NeolithEra
Copy link
Author

Suggested Solution

  1. Ask your upstream project tldextract to fix his direct dependencies to be idna <2.9.
  2. Ask your upstream project requests to lose the version range of idna to be >=2.5.

@JordyZomer Which solution do you prefer, 1 or 2?
Please let me know your choice. May I pull a request to solve this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@NeolithEra