Potential dependency conflicts between zhihu-crawler-people and urllib3
NeolithEra opened this issue · 1 comments
Hi, zhihu-crawler-people directly and transitively introduced multiple versions of urllib3.
as shown in the following full dependency graph of zhihu-crawler-people, zhihu-crawler-people requires urllib3 (the latest version), while the installed version of requests(2.22.0) requires urllib3>=1.21.1,<1.26.
According to pip's “first found wins” installation strategy, urllib3 1.25.3 is the actually installed version.
Although the first found package version urllib3 1.25.3 just satisfies the later dependency constraint (urllib3>=1.21.1,<1.26), it will lead to a build failure once developers release a newer version of urllib3.
Dependency tree--------
zhihu-crawler-people(version range:)
| +-beautifulsoup4(version range:==4.6.0)
| +-bs4(version range:==0.0.1)
| | +-beautifulsoup4(version range:)
| +-certifi(version range:==2017.4.17)
| +-chardet(version range:==3.0.4)
| +-idna(version range:==2.5)
| +-pymongo(version range:==3.4.0)
| +-redis(version range:==2.10.5)
| +-requests(version range:>=2.20.0)
| | +-chardet(version range:>=3.0.2,<3.1.0)
| | +-idna(version range:>=2.5,<2.9)
| | +-urllib3(version range:>=1.21.1,<1.26)
| | +-certifi(version range:>=2017.4.17)
| +-urllib3(version range:>=1.23)
Thanks for your attention.
Best,
Neolith
Solution
-
Fix your direct dependencies to be urllib3>=1.21.1,<1.26 and requests==2.22.0, to remove this conflict.
I have checked this revision will not affect your downstream projects now. -
Remove your direct dependency urllib3, and use urllib3 transitively introduced by request.
@elliotxx Please let me know your choice. I can submit a PR to solve this issue.
Build a good dependency ecosystem for python projects is our common goal ^_^.