cachecontrol is incompatible with Requests 2.30.0
pgjones opened this issue Β· 34 comments
What would make more sense here? Pinning requests so it's <2.30? Or updating the logic so strict isn't referenced?
The comment on that issue suggests this is from urllib3 >= 2 being used: psf/requests#6437 (comment)
this appears to be an incompatibility in cachecontrol with the new release of urllib3 2.0. strict is no longer a supported argument on the HTTPResponse class. For the time being you'll likely need to pin to an older version of urllib3 or work with the cachecontrol team to update their usage.
Perhaps the fix would be to check urllib3's major version and expect a different HTTPResponse shape based on whether it is 1 or greater than 1.
Based on this diff it looks like strict isn't supported at all in python 3. Could we just do a plain ole getattr call to default to 0 if it's not present? Looks like that's what was happening upstream of this library anyways
I believe the issue is actually urllib > 2.
Here is the issue in the urllib3 repo. As a work around pinning urllib version works.
The suggested gettattr solution seems like a clean fix in cachcontrol.
You can fix it by pinning:
urllib3==1.26.15 # https://pypi.org/project/urllib3/
Maintainer of urllib3 here! I'd recommend the getattr approach regardless of what gets done in urllib3 in the short-term, long-term the property won't be available on HTTPResponse or HTTPConnection (and defaults to True in terms of behavior).
This issue came up today for us; the workaround was to use requests 2.29.0
This issue came up today for us; the workaround was to use requests 2.29.0
It didn't help...
Any other solution?
We fixed by pinning urllib3:
urllib3==1.26.15 # https://pypi.org/project/urllib3/
The problem is not requests.
The lightest workaround is to set urllib3<2.
We fixed by pinning urllib3:
urllib3==1.26.15 # https://pypi.org/project/urllib3/The problem is not
requests.
didn't work..
The lightest workaround is to set
urllib3<2.
Tried this one too... same error
The lightest workaround is to set
urllib3<2.Tried this one too... same error
I'm pretty sure this fixes the problem. I've deployed it on hundreds of projects using poetry that stopped working because of this.
Can you elaborate what's not working? More details will help understand. :)
@sethmlarson Hey! Is it safe to just drop the strict completely?
Seems like Python std library dropped support way back in Python 3.4:
Changed in version 3.4: The strict parameter was removed. HTTP 0.9-style βSimple Responsesβ are no longer supported.
@ionrock It's safe to drop for urllib3 2.0 or Python 3+. In Python 2 on urllib3 1.26.x there is still functionally a difference between strict=True/False.
Appreciate you jumping in to help here! Apologies for the suddenness of this issue surfacing, no one reported it during our prerelease period, unfortunately.
The lightest workaround is to set
urllib3<2.Tried this one too... same error
I'm pretty sure this fixes the problem. I've deployed it on hundreds of projects using poetry that stopped working because of this.
Can you elaborate what's not working? More details will help understand. :)
@rdbisme Pinning the version isn't working for me either. Using poetry and GitHub Actions and here is the output I get when building:
Step 16/20 : RUN poetry config virtualenvs.create false && poetry install --no-root $POETRY_ARGS
---> Running in df80379cd35d
Skipping virtualenv creation, as specified in config file.
Installing dependencies from lock file
Package operations: 76 installs, 6 updates, 6 removals
β’ Removing distlib (0.3.6)
β’ Removing filelock (3.9.0)
β’ Removing pexpect (4.8.0)
β’ Removing platformdirs (3.1.0)
β’ Removing ptyprocess (0.7.0)
β’ Removing virtualenv (20.20.0)
β’ Installing pyasn1 (0.4.8)
AttributeError
'HTTPResponse' object has no attribute 'strict'
at /usr/local/lib/python3.10/site-packages/cachecontrol/serialize.py:54 in dumps
50β ),
51β u"status": response.status,
52β u"version": response.version,
53β u"reason": text_type(response.reason),
β 54β u"strict": response.strict,
55β u"decode_content": response.decode_content,
56β ***
57β ***
58β
Could it be that GitHub Actions uses its own version of cachecontrol which ignores anything set in pyproject.toml?
depending on your poetry version, it might be the case that poetry itself depends on the affected versions of requests/urllib3, separately from your project
in my case, poetry installs itself into a venv, so i found the venv, activated it, downgraded requests and urllib3 via pip, deactivated, and poetry worked fine thereafter
The lightest workaround is to set
urllib3<2.Tried this one too... same error
I'm pretty sure this fixes the problem. I've deployed it on hundreds of projects using poetry that stopped working because of this.
Can you elaborate what's not working? More details will help understand. :)@rdbisme Pinning the version isn't working for me either. Using poetry and GitHub Actions and here is the output I get when building:
Step 16/20 : RUN poetry config virtualenvs.create false && poetry install --no-root $POETRY_ARGS ---> Running in df80379cd35d Skipping virtualenv creation, as specified in config file. Installing dependencies from lock file Package operations: 76 installs, 6 updates, 6 removals β’ Removing distlib (0.3.6) β’ Removing filelock (3.9.0) β’ Removing pexpect (4.8.0) β’ Removing platformdirs (3.1.0) β’ Removing ptyprocess (0.7.0) β’ Removing virtualenv (20.20.0) β’ Installing pyasn1 (0.4.8) AttributeError 'HTTPResponse' object has no attribute 'strict' at /usr/local/lib/python3.10/site-packages/cachecontrol/serialize.py:54 in dumps 50β ), 51β u"status": response.status, 52β u"version": response.version, 53β u"reason": text_type(response.reason), β 54β u"strict": response.strict, 55β u"decode_content": response.decode_content, 56β *** 57β *** 58βCould it be that GitHub Actions uses its own version of cachecontrol which ignores anything set in
pyproject.toml?
Can you show how are you pinning the version? In your Dockerfile, before using poetry you need to install urrlib3<2. Your posted docker build log doesn't show how you have pinned the dependency.
The lightest workaround is to set
urllib3<2.Tried this one too... same error
I'm pretty sure this fixes the problem. I've deployed it on hundreds of projects using poetry that stopped working because of this.
Can you elaborate what's not working? More details will help understand. :)@rdbisme Pinning the version isn't working for me either. Using poetry and GitHub Actions and here is the output I get when building:
Step 16/20 : RUN poetry config virtualenvs.create false && poetry install --no-root $POETRY_ARGS ---> Running in df80379cd35d Skipping virtualenv creation, as specified in config file. Installing dependencies from lock file Package operations: 76 installs, 6 updates, 6 removals β’ Removing distlib (0.3.6) β’ Removing filelock (3.9.0) β’ Removing pexpect (4.8.0) β’ Removing platformdirs (3.1.0) β’ Removing ptyprocess (0.7.0) β’ Removing virtualenv (20.20.0) β’ Installing pyasn1 (0.4.8) AttributeError 'HTTPResponse' object has no attribute 'strict' at /usr/local/lib/python3.10/site-packages/cachecontrol/serialize.py:54 in dumps 50β ), 51β u"status": response.status, 52β u"version": response.version, 53β u"reason": text_type(response.reason), β 54β u"strict": response.strict, 55β u"decode_content": response.decode_content, 56β *** 57β *** 58βCould it be that GitHub Actions uses its own version of cachecontrol which ignores anything set in
pyproject.toml?
Same issue here as well. Poetry install works just fine locally, but on github actions it fails.
We fixed by pinning urllib3:
urllib3==1.26.15 # https://pypi.org/project/urllib3/The problem is not
requests.
This works! In my case the verify_id_token from firebase_admin.auth was failing.
Hi!
Help, please, what is the final solution to the problem?
I got confused in discussions of different Issue.
I get the same error with dependencies:
cached-property = "1.5.2"
requests = "2.26.0"
urllib3 = "1.26.7"
poetry = "1.1.14"
What needs to be rolled back to which version ?
P.S.
Used a translator
Hi! @vamshiaruru-virgodesigns @rdbisme
I had same problem running CI/CD gitlab pipelines.
Installing poetry==1.4.2
And then installing deps with these two pinned down worked for me.
urllib3==1.26.15
requests==2.30.0
Hi! @vamshiaruru-virgodesigns @rdbisme I had same problem running CI/CD gitlab pipelines.
Installing poetry==1.4.2 And then installing deps with these two pinned down worked for me.
urllib3==1.26.15 requests==2.30.0
Thank you, updating poetry version fixed it.
I've fixed this issue 'HTTPResponse' object has no attribute 'strict' by updating poetry from 1.1.15 to latest 1.4.2
I changed the urllib3 version
pip install urllib3==1.26.15
I've fixed this issue
'HTTPResponse' object has no attribute 'strict'by updating poetry from1.1.15to latest1.4.2
Poetry upgrade worked for me (pinning urllib3==1.26.15 did not - got version solving failed)
I have 1.4.2 and the problem persists. This is really annoying.
Given GHSA-j8r2-6x86-q33q, a fix here is increasingly important: packages that can't upgrade because of CahceControl's incompatibility will remain vulnerable.
@woodruffw Requests is still compatible with urllib3 1.26.x so people using cachecontrol can continue using urllib3 1.26.x until cachecontrol adds support for urllib3 2.x.
Hi, I have to move on to create a fork at https://github.com/frostming/cacheyou, with this issue addressed.
The long term plan is if this project can continue I will merge the changes back.
It doesn't seem that a fork will help in the case where this library is used as a transitive dependency where all installed packages must be in a requirements.txt file (e.g., typical serverless/paas configuration).
It doesn't seem that a fork will help in the case where this library is used as a transitive dependency where all installed packages must be in a requirements.txt file (e.g., typical serverless/paas configuration).
agree, but it can mitigate the problem.
We fixed by pinning urllib3:
urllib3==1.26.15 # https://pypi.org/project/urllib3/The problem is not
requests.
This worked for me.