Azure-cli: Please support newer versions of humanfriendly
The azure-cli-core package currently depends on humanfriendly~=4.7 meaning the minimum version is 4.7 and the maximum version supported is 5.0.
The current upstream version is 7.1.1 (https://pypi.org/project/humanfriendly) and in openSUSE, humanfriendly got just bumped to 5.0 making azure-cli-core uninstallable.
I will try to relax the dependency of the openSUSE package a bit and see if it works with 5.0 as well, but in any case, it would be desirable if newer versions of humanfriendly could be supported.
glaubitz
All 13 comments
add to S167.
yonzhan
on 22 Feb 2020
This is causing ScoutSuite, a handy tool for auditing cloud environments, to crash regardless of which cloud a user wants to audit (e.g. even trying to audit AWS will cause it to crash) because of Azure CLI's very old crusty dependencies.
See https://github.com/nccgroup/ScoutSuite/issues/654
It would be good to keep your dependencies relatively up to date so that you play nicely with the rest of the ecosystem.
berney
on 25 Feb 2020
azure-cli no longer installs on OpenSuSe Tumbleweed:
Problem: nothing provides python3-humanfriendly < 5.0 needed by azure-cli-core-2.0.80-1.2.noarch
Solution 1: do not install azure-cli-2.0.80-1.1.noarch
Solution 2: break azure-cli-core-2.0.80-1.2.noarch by ignoring some of its dependencies
Zaita
on 28 Feb 2020
@Zaita You are on the wrong bug tracker, as this is the upstream project. But I happen to be in charge of those packages in openSUSE/SLE and the issue has already been fixed, just wait for the repositories to sync.
glaubitz
on 28 Feb 2020
As instructed by https://humanfriendly.readthedocs.io/en/latest/api.html#id12:
So if you鈥檙e using the humanfriendly package in your project, make sure to at least pin the major version number in order to avoid unexpected surprises.
The latest version on pypi is 8.0: https://pypi.org/project/humanfriendly/
Is it good if we pin to ~=8.0?
jiasli
on 6 Mar 2020
Does it really have to be this ~= mechanism? The Python system to not only specify a minimum but also a maximum version is always problematic for Linux distributions since other packages are eventually being updated.
But I guess ~=8.0 is okay.
(I have never understood why many Python developers can't keep their APIs stable like it's been good practice in C/C++ for decades :()
glaubitz
on 6 Mar 2020
I agree on the Python module's breaking change part. I can see from https://pkgs.org/download/python3-humanfriendly that different Linux distributions have different versions of humanfriendly. If we don't use ~=, different versions of humanfriendly may not be compatible and cause problems.
At least for the usage of Spinner in Azure CLI, 8.0 is compatible with 4.0, but with 8.0 we need to disable the linter error which says Spinner is not found, as it has been moved from humanfriendly.Spinners to humanfriendly.terminal.spinners.Spinner.
@glaubitz, any suggestions what we should use in setup.py?
jiasli
on 6 Mar 2020
I think you can use ~=8.0 because in the end there is currently no alternative since humanfriendly doesn't guarantee to be backwards-comptaible in future versions.
glaubitz
on 6 Mar 2020
Will it break the installation on openSUSE? Since it doesn't seem to have the latest 8.0.
jiasli
on 6 Mar 2020
@jiasli what's the status on this? Having such an outdated dependency is causing us significant headaches for the https://github.com/nccgroup/ScoutSuite project (and countless others I'm sure).
j4v
on 22 Mar 2020
@j4v, does it work if we set the dependency to humanfriendly>=4.7,<9.0?
jiasli
on 23 Mar 2020
@jiasli yes it will :+1:
j4v
on 23 Mar 2020
Done. Thank you for the feedback.
jiasli
on 25 Mar 2020
Related issues
williexu
路
3Comments
williexu
路
3Comments
dhermans
路
3Comments
derekbekoe
路
3Comments
seanknox
路
3Comments