Requests: Urllib3 1.24

Created on 17 Oct 2018 · 11Comments · Source: psf/requests

Urllib3 released a new version today which has some breaking changes for Python 2.6. While we work out any other possible incompatibilities Requests will remain compatible with urllib3 1.21.1 to 1.23 for the next week.

If you’re experiencing issues due to pip’s dependency resolution, you will need to pin ˋurllib3==1.23` in your package requirements.

Source

nateprewitt

👍10

Most helpful comment

@Hrxn, just to be clear, we’ve just crossed the 24 hour threshold since the urllib3 release. We’ve provided both a work around and posted a patch with the fix for review within hours. This is the same release process that’s been in place for a couple years now.

Going around demanding immediate action from projects that are run solely by volunteers isn’t going to get things done faster. It will be ready when we are confident it’s ready and not going to introduce additional problems to a very large ecosystem.

nateprewitt on 17 Oct 2018

👍8 ❤5

All 11 comments

same problem with python 3.6 and urllib3 1.24 :
/usr/lib/python3.6/site-packages/requests/__init__.py:91: RequestsDependencyWarn ing: urllib3 (1.24) or chardet (3.0.4) doesn't match a supported version!
RequestsDependencyWarning)

Only warning don't block my program

laurentvv on 17 Oct 2018

Same issue here, with this message during pip install :

requests 2.19.1 has requirement urllib3<1.24,>=1.21.1, but you'll have urllib3 1.24 which is incompatible.

and this error at execution time :

/usr/lib/python2.7/site-packages/gitlab/__init__.py:29: in <module>
    import requests
/usr/lib/python2.7/site-packages/requests/__init__.py:112: in <module>
    from . import utils
/usr/lib/python2.7/site-packages/requests/utils.py:24: in <module>
    from . import certs
E   ImportError: cannot import name certs

Pinning urllib3==1.23 worked as a workaround

Lucas-C on 17 Oct 2018

👍4

Pinned for workaround but hopefully this is not a permanent solution.

siphr on 17 Oct 2018

#MeToo

PS E:\Test> pip check
requests 2.19.1 has requirement urllib3<1.24,>=1.21.1, but you have urllib3 1.24.
PS E:\Test>

https://pypi.org/project/urllib3/#history
https://pypi.org/project/requests/#history

New👏release👏now👏(soon?)

And if you allow me to enunciate a modest proposal:
Strive a bit for better coordination in the future in order to avoid releasing incompatible changes.
Isn't this Python after all? All grownup now, big and professional, supposedly.

Hrxn on 17 Oct 2018

👎2

nateprewitt on 17 Oct 2018

👍8 ❤5

My builds are now failing with

Collecting urllib3<1.24,>=1.21.1 (from requests->chancellor==0.0.5)
  Could not find a version that satisfies the requirement urllib3<1.24,>=1.21.1 (from requests->chancellor==0.0.5) (from versions: 1.24)

Not sure why the previous version can't be pulled by pip. Any suggestions?

ror6ax on 18 Oct 2018

@nateprewitt I don't demand anything, I'm just interested if urllib3 maintainers care to let you know compatibility will be broken?

ror6ax on 18 Oct 2018

@ror6ax Breaking changes were known on urllib3's side before release. The issue being seen by many is that despite requests pinning the urllib3 version to <1.24,>=1.21.1 the newly released version is still being installed (perhaps by another dependency in the user's list that isn't restrained). Pip isn't a dependency resolver, this is why it's important to pin application dependencies (at a minimum!) and optionally use a tool with a real dependency resolver like Pipenv or Poetry.

sethmlarson on 18 Oct 2018

👍1

Requests v2.20.0 has been uploaded to pypi.org. Issues should be resolved now. I'll leave this open for a bit for visibility, then close it out this evening.

nateprewitt on 18 Oct 2018

👍8

Thank you @nateprewitt for getting on this and fixing the issue in under 72 hours :)