Bug 1620221 - python-requests should require explicit versions of dependencies
Summary: python-requests should require explicit versions of dependencies
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: python-requests
Version: 31
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Charalampos Stratakis
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-08-22 17:49 UTC by Alfredo Moralejo
Modified: 2020-07-22 10:50 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-07-22 10:50:37 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Alfredo Moralejo 2018-08-22 17:49:13 UTC 
Description of problem:

Upstream requests has explicit requirements:

'chardet>=3.0.2,<3.1.0',
'idna>=2.5,<2.8',
'urllib3>=1.21.1,<1.24',

Also, it has code to check that compatible versions are installed or raise warnings:

https://github.com/requests/requests/blob/v2.19.1/requests/__init__.py#L68

So it should have explicit requirements in the RPM to ensure all dependencies are upgraded when installing or updating python-requests.
Comment 1 Jeremy Cline 2018-08-22 18:42:01 UTC 
Alternatively, it could have the compatibility check patched out. For the most part, when one of those libraries updates, upstream just bumps the upper bound.

Since these are in the setup.py, it's already a problem when one of those dependencies updates since importing it will raise those warnings. Putting the bounds in the specfile won't help with that, it'll just make it fail to install rather than fail to work without warnings.
Comment 2 Kevin Fenzi 2019-06-22 19:15:07 UTC 
Yeah, but if it's checked in the rpm/spec level you would just not be able to update and would hopefully keep the current version you have thats working.
Comment 3 Ben Cotton 2019-08-13 16:49:11 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to '31'.
Comment 4 Fedora Admin user for bugzilla script actions 2020-07-11 02:48:20 UTC 
This package has changed maintainer in the Fedora.
Reassigning to the new maintainer of this component.
Comment 5 Miro Hrončok 2020-07-22 10:50:37 UTC 
$ repoquery --releasever=33 --repo=fedora,updates --latest=1 --requires python3-requests
((python3.9dist(urllib3) < 1.25 or python3.9dist(urllib3) > 1.25) with (python3.9dist(urllib3) < 1.25.1 or python3.9dist(urllib3) > 1.25.1) with python3.9dist(urllib3) < 1.26 with python3.9dist(urllib3) >= 1.21.1)
(python3.9dist(chardet) < 4 with python3.9dist(chardet) >= 3.0.2)
(python3.9dist(idna) < 3 with python3.9dist(idna) >= 2.5)
python(abi) = 3.9


$ repoquery --releasever=32 --repo=fedora,updates --latest=1 --requires python3-requests
((python3.8dist(urllib3) < 1.25 or python3.8dist(urllib3) >= 1.25.0) with python3.8dist(urllib3) >= 1.21.1 with python3.8dist(urllib3) < 1.26 with (python3.8dist(urllib3) < 1.25.1 or python3.8dist(urllib3) >= 1.25.1.0))
(python3.8dist(chardet) >= 3.0.2 with python3.8dist(chardet) < 3.1)
(python3.8dist(idna) >= 2.5 with python3.8dist(idna) < 2.9)
python(abi) = 3.8
python3-chardet >= 3.0.2
python3-idna
python3-urllib3 >= 1.21.1

$ repoquery --releasever=31 --repo=fedora,updates --latest=1 --requires python3-requests
(python3.7dist(urllib3) < 1.25 or python3.7dist(urllib3) >= 1.25.0)
(python3.7dist(urllib3) < 1.25.1 or python3.7dist(urllib3) >= 1.25.1.0)
python(abi) = 3.7
python3-chardet >= 3.0.2
python3-idna
python3-urllib3 >= 1.21.1
python3.7dist(chardet) < 3.1
python3.7dist(chardet) >= 3.0.2
python3.7dist(idna) < 2.9
python3.7dist(idna) >= 2.5
python3.7dist(urllib3) < 1.26
python3.7dist(urllib3) >= 1.21.1

This is not perfect everywhere, but on rawhide, it is.
Note You need to log in before you can comment on or make changes to this bug.