-
Notifications
You must be signed in to change notification settings - Fork 494
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support urllib3 2.0.0 #2070
Comments
To add a bit more to the picture, lack of support for urllib3 >=2 already forces projects to either keep urllib3 in the past for Sentry or to keep Sentry in the past for urllib3, e.g. see Sentry bump pull request hartwork/jawanndenn#750 where merging is blocked due the dependency conflict. |
Related PR that blocked urllib3 v2: |
`sentry-sdk` and `botocore` pin the maximum version of `urllib3`, which causes the poetry dependency resolution to fail. This adds a direct dependency, pinning `urllib3` to `<2`. That direct dependency can be removed when the following issues are resolved and released: - boto/botocore#2926 - getsentry/sentry-python#2070
> poetry show -t
...
requests 2.30.0 Python HTTP for Humans.
├── ...
└── urllib3 >=1.21.1,<3
...
responses 0.23.1 A utility library for mocking out the `requests` Python library.
├── pyyaml *
├── requests >=2.22.0,<3.0
│ ├── ...
│ └── urllib3 >=1.21.1,<3
├── ...
└── urllib3 >=1.25.10
...
sentry-sdk 1.23.0 Python client for Sentry (https://sentry.io)
├── ...
└── urllib3 >=1.26.11,<2.0.0 Looks like Sentry is the last straddler... but I like Sentry! Looking through #2051 that introduced the restriction, there's this comment:
Could the required version The old AWS runtimes are not going away any time soon; GCP may be similar. So the problem won't disappear on its own. |
The ecosystem is making progress on support for urllib3 v2, e.g. see https://github.com/kevin1024/vcrpy/releases/tag/v4.3.1 . Any news from @getsentry on that front? |
My opinion is we should not be relying on any third party deps. Stdlib or vendored modules are the only way to avoid conflicts. (theres a reason we generally took the zero deps approach in the past, not sure when/why this changed) |
stdlib is rather painful and vendoring has its own set of problems. But let's decouple unblocking urllib3 v2 from getting rid of urllib3 please, there is no hard glue between these two topics. |
@dcramer urllib3 has been a dep of the sdk since the beginning. This is a major release of a package that is a core dependency of much of the ecosystem and it is common that this causes ripples through the ecosystem for a while till things eventually stabilize. We will release the unpinned version shortly, we just had to check nothing breaks since this is a major and I reactively pinned to the major temporarily because of the AWS etc runtime breakages (due to the implicit openssl dep). This is fine and many other packages in the ecosystem (boto for instance) did the same. |
@sentrivana the release was indeed able to unblock updating to urllib3 v2, thanks for your help! |
Works for me, thank you! |
Problem Statement
see if we need any changes and how the openssl support matrix works across runtimes (AWS lambdas etc)
https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html
The text was updated successfully, but these errors were encountered: