Bug 1620221

Summary: python-requests should require explicit versions of dependencies
Product: [Fedora] Fedora Reporter: Alfredo Moralejo <amoralej>
Component: python-requestsAssignee: Charalampos Stratakis <cstratak>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 31CC: aurelien, cstratak, infra-sig, jcline, jeremy, kevin, mhroncok
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-22 10:50:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alfredo Moralejo 2018-08-22 17:49:13 UTC 
Description of problem:

Upstream requests has explicit requirements:

'chardet>=3.0.2,<3.1.0',
'idna>=2.5,<2.8',
'urllib3>=1.21.1,<1.24',

Also, it has code to check that compatible versions are installed or raise warnings:

https://github.com/requests/requests/blob/v2.19.1/requests/__init__.py#L68

So it should have explicit requirements in the RPM to ensure all dependencies are upgraded when installing or updating python-requests.
Comment 1 Jeremy Cline 2018-08-22 18:42:01 UTC 
Alternatively, it could have the compatibility check patched out. For the most part, when one of those libraries updates, upstream just bumps the upper bound.

Since these are in the setup.py, it's already a problem when one of those dependencies updates since importing it will raise those warnings. Putting the bounds in the specfile won't help with that, it'll just make it fail to install rather than fail to work without warnings.
Comment 2 Kevin Fenzi 2019-06-22 19:15:07 UTC 
Yeah, but if it's checked in the rpm/spec level you would just not be able to update and would hopefully keep the current version you have thats working.
Comment 3 Ben Cotton 2019-08-13 16:49:11 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to '31'.
Comment 4 Fedora Admin user for bugzilla script actions 2020-07-11 02:48:20 UTC 
This package has changed maintainer in the Fedora.
Reassigning to the new maintainer of this component.
Comment 5 Miro HronĨok 2020-07-22 10:50:37 UTC 
$ repoquery --releasever=33 --repo=fedora,updates --latest=1 --requires python3-requests
((python3.9dist(urllib3) < 1.25 or python3.9dist(urllib3) > 1.25) with (python3.9dist(urllib3) < 1.25.1 or python3.9dist(urllib3) > 1.25.1) with python3.9dist(urllib3) < 1.26 with python3.9dist(urllib3) >= 1.21.1)
(python3.9dist(chardet) < 4 with python3.9dist(chardet) >= 3.0.2)
(python3.9dist(idna) < 3 with python3.9dist(idna) >= 2.5)
python(abi) = 3.9


$ repoquery --releasever=32 --repo=fedora,updates --latest=1 --requires python3-requests
((python3.8dist(urllib3) < 1.25 or python3.8dist(urllib3) >= 1.25.0) with python3.8dist(urllib3) >= 1.21.1 with python3.8dist(urllib3) < 1.26 with (python3.8dist(urllib3) < 1.25.1 or python3.8dist(urllib3) >= 1.25.1.0))
(python3.8dist(chardet) >= 3.0.2 with python3.8dist(chardet) < 3.1)
(python3.8dist(idna) >= 2.5 with python3.8dist(idna) < 2.9)
python(abi) = 3.8
python3-chardet >= 3.0.2
python3-idna
python3-urllib3 >= 1.21.1

$ repoquery --releasever=31 --repo=fedora,updates --latest=1 --requires python3-requests
(python3.7dist(urllib3) < 1.25 or python3.7dist(urllib3) >= 1.25.0)
(python3.7dist(urllib3) < 1.25.1 or python3.7dist(urllib3) >= 1.25.1.0)
python(abi) = 3.7
python3-chardet >= 3.0.2
python3-idna
python3-urllib3 >= 1.21.1
python3.7dist(chardet) < 3.1
python3.7dist(chardet) >= 3.0.2
python3.7dist(idna) < 2.9
python3.7dist(idna) >= 2.5
python3.7dist(urllib3) < 1.26
python3.7dist(urllib3) >= 1.21.1

This is not perfect everywhere, but on rawhide, it is.