Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto extra requires outdated types-cryptography type annotation stubs #804

Closed
lautat opened this issue Sep 19, 2022 · 1 comment · Fixed by #805
Closed

crypto extra requires outdated types-cryptography type annotation stubs #804

lautat opened this issue Sep 19, 2022 · 1 comment · Fixed by #805

Comments

@lautat
Copy link
Contributor

lautat commented Sep 19, 2022

Type annotation stub packages are usually only needed for static type analyzers like mypy. Type annotations of dependencies might not be useful in any way for the user of this library if it's not necessary to use the dependency directly. Thus, type annotations of dependencies should be always optional, and definitely not included in the crypto extra. Also, annotations in types-cryptography are outdated or incomplete for the latest version of cryptography. This dependency was added in #784.

cryptography package has included type annotations which are usable by mypy and other tools since version 3.4.4. Metadata in the typeshed repository also suggests that those annotations are obsolete for cryptography versions 3.4.4 and later. For some reason, mypy prefers the external stubs over the type information from the source code and gives incorrect output for later versions of cryptography when types-cryptography is installed. For example, a project could use cryptography, and also depend on pyjwt[crypto], in which case mypy could give incorrect errors for direct use cryptography. Thus, I'd suggest not installing types-cryptography unless you're running tests and static type analysis against the oldest supported version of cryptography.

Expected Result

pip install 'pyjwt[crypto]' should not install types-cryptography and mypy should not print any errors for the included code snippet.

Actual Result

pip install 'pyjwt[crypto]' installs types-cryptography and prints the following error for the code snippet.

error: Module "cryptography.hazmat.primitives.ciphers.aead" has no attribute "AESOCB3"

Reproduction Steps

Install pyjwt with crypto extra, e.g. pip install 'pyjwt[crypto]', the output should show that types-cryptography was installed. Run mypy on the following code snippet, which simply imports a cipher that was added in cryptography version 36.0:

from cryptography.hazmat.primitives.ciphers.aead import AESOCB3

System Information

{
  "cryptography": {
    "version": "38.0.1"
  },
  "implementation": {
    "name": "CPython",
    "version": "3.10.6"
  },
  "platform": {
    "release": "5.19.7-arch1-1",
    "system": "Linux"
  },
  "pyjwt": {
    "version": "2.5.0"
  }
}
@alex
Copy link

alex commented Sep 19, 2022

Just want to note, as one of the pyca/cryptographer maintainers, that I concur with this: our own type annotations are definitely preferable to do the external types package.

Perhaps it'd be easier to set a minimum bound of >=3.4 if you want to ensure type hints are always available.

jpadilla pushed a commit that referenced this issue Sep 19, 2022
This is not needed for using the project with `cryptography`. Also, the
typing information is incorrect or incomplete for the latest version of
`cryptography`.

Fixes #804
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants