Relax aiohttp dependency

Question

Relax aiohttp dependency

baswelsh opened this issue a year ago · 1 comments

Describe the bug

Is it straightforward to relax the constraint on the aiohttp dependency? We are getting the following error from pip check:

aiomonitor 0.6.0 has requirement aiohttp~=3.8.5, but you have aiohttp 3.9.1.

Please note that typically aiohttp~=3.8.5 would be fine but as of recently, aiohttp<=3.9 has a critical security vulnerability and containers that use it don't pass the relevant scans.

To Reproduce

Attempt to install a newer versions of aiohttp alongside aiomonitor: pip install aiohttp==3.9.1 aiomonitor==0.6.0.

Result: ERROR: Cannot install aiohttp==3.9.1 and aiomonitor==0.6.0 because these package versions have conflicting dependencies.

Expected behavior

The expected behavior is that the dependency constraint be aiohttp>=3.8.5

Logs/tracebacks

`ERROR: Cannot install aiohttp==3.9.1 and aiomonitor==0.6.0 because these package versions have conflicting dependencies.`

Python Version

3.10 and 3.11

aiomonitor Version

0.6.0

OS

MacOS

Additional context

Thank you for the help!

Code of Conduct

I agree to follow the aio-libs Code of Conduct

Answer 1 · 2024-04-13T10:03:13.000Z

Fixed in f156e5b. Thanks!