Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support urllib3 2.0.0 #2070

Closed
sl0thentr0py opened this issue May 3, 2023 · 10 comments · Fixed by #2148
Closed

Support urllib3 2.0.0 #2070

sl0thentr0py opened this issue May 3, 2023 · 10 comments · Fixed by #2148
Assignees
@sentrivana
Labels
Dependencies Pull requests that update a dependency file

Comments

@sl0thentr0py
Copy link
Member

sl0thentr0py commented May 3, 2023
edited
Loading

Problem Statement

see if we need any changes and how the openssl support matrix works across runtimes (AWS lambdas etc)
https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html
@sl0thentr0py sl0thentr0py added Dependencies Pull requests that update a dependency file Status: Backlog labels May 3, 2023
@sl0thentr0py sl0thentr0py self-assigned this May 3, 2023
This was referenced May 8, 2023
Closed
Merged
@hartwork
Copy link

hartwork commented May 8, 2023
edited
Loading

To add a bit more to the picture, lack of support for urllib3 >=2 already forces projects to either keep urllib3 in the past for Sentry or to keep Sentry in the past for urllib3, e.g. see Sentry bump pull request hartwork/jawanndenn#750 where merging is blocked due the dependency conflict.

@intgr
Copy link
Contributor

intgr commented May 9, 2023

Related PR that blocked urllib3 v2:

@HazAT HazAT assigned sentrivana and unassigned sl0thentr0py and sentrivana May 15, 2023
@jmsmkn jmsmkn mentioned this issue May 16, 2023
Merged
HarmvZ pushed a commit to comic/grand-challenge.org that referenced this issue May 16, 2023
@jmsmkn
Update dependencies by pinning urllib3 (#2850)
5295258 
`sentry-sdk` and `botocore` pin the maximum version of `urllib3`, which
causes the poetry dependency resolution to fail. This adds a direct
dependency, pinning `urllib3` to `<2`. That direct dependency can be
removed when the following issues are resolved and released:

- boto/botocore#2926
- getsentry/sentry-python#2070
@dimaqq
Copy link

dimaqq commented May 17, 2023 

> poetry show -t
...
requests 2.30.0 Python HTTP for Humans.
├── ...
└── urllib3 >=1.21.1,<3
...
responses 0.23.1 A utility library for mocking out the `requests` Python library.
├── pyyaml *
├── requests >=2.22.0,<3.0
│   ├── ...
│   └── urllib3 >=1.21.1,<3 
├── ...
└── urllib3 >=1.25.10
...
sentry-sdk 1.23.0 Python client for Sentry (https://sentry.io)
├── ...
└── urllib3 >=1.26.11,<2.0.0

Looks like Sentry is the last straddler... but I like Sentry!

Looking through #2051 that introduced the restriction, there's this comment:

The best fix here is actually to upgrade your runtime to Python 3.9+

Could the required version urllib3 be made conditional on the Python interpreter version?

The old AWS runtimes are not going away any time soon; GCP may be similar. So the problem won't disappear on its own.

@sentrivana sentrivana mentioned this issue May 23, 2023
Closed
4 tasks
@sentrivana sentrivana self-assigned this May 24, 2023
@hartwork
Copy link

The ecosystem is making progress on support for urllib3 v2, e.g. see https://github.com/kevin1024/vcrpy/releases/tag/v4.3.1 . Any news from @getsentry on that front?

@hartwork hartwork mentioned this issue May 29, 2023
Closed
@asottile-sentry asottile-sentry mentioned this issue May 31, 2023
Merged
@dcramer
Copy link
Member

dcramer commented May 31, 2023

My opinion is we should not be relying on any third party deps. Stdlib or vendored modules are the only way to avoid conflicts.

(theres a reason we generally took the zero deps approach in the past, not sure when/why this changed)

@hartwork
Copy link

stdlib is rather painful and vendoring has its own set of problems. But let's decouple unblocking urllib3 v2 from getting rid of urllib3 please, there is no hard glue between these two topics.

@sl0thentr0py
Copy link
Member Author

@dcramer urllib3 has been a dep of the sdk since the beginning.

This is a major release of a package that is a core dependency of much of the ecosystem and it is common that this causes ripples through the ecosystem for a while till things eventually stabilize.

We will release the unpinned version shortly, we just had to check nothing breaks since this is a major and I reactively pinned to the major temporarily because of the AWS etc runtime breakages (due to the implicit openssl dep). This is fine and many other packages in the ecosystem (boto for instance) did the same.

@sentrivana
Copy link
Contributor

@dimaqq @hartwork We've now released 1.25.0 which removes the <2.0.0 pin so you folks should be unblocked.

@hartwork
Copy link

hartwork commented Jun 2, 2023

@sentrivana the release was indeed able to unblock updating to urllib3 v2, thanks for your help!

@dimaqq
Copy link

dimaqq commented Jun 2, 2023

Works for me, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sentrivana sentrivana

Labels
Dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Revert "Pin urllib3 to <2.0.0 for now" getsentry/sentry-python
6 participants
@dcramer @intgr @dimaqq @hartwork @sl0thentr0py @sentrivana