Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

urllib3 requirements-docs lock dependency is implemented opposite of what comment suggests #4388

Closed
1 task done
cmdor opened this issue Jan 10, 2025 · 3 comments
Closed
1 task done

urllib3 requirements-docs lock dependency is implemented opposite of what comment suggests #4388

cmdor opened this issue Jan 10, 2025 · 3 comments
Labels
bug This issue is a confirmed bug. potential-regression Marking this issue as a potential regression to be checked by team member response-requested Waiting on additional information or feedback.

Comments

@cmdor
Copy link

cmdor commented Jan 10, 2025

Describe the bug

In the file https://github.com/boto/boto3/blob/develop/requirements-docs.txt:

# Avoid urllib3 2.x below Python 3.10
urllib3<2.0 ; python_version < "3.10"

The comment indicates that any time python<3.10 is used, the version of urllib3 should be greater than 2.0.
However, the lock file reverses this relation, where only older versions of urllib3 are used.

Regression Issue

  • Select this option if this issue appears to be a regression.

Expected Behavior

urllib3>2.0 ; python_version < "3.10"

Current Behavior

urllib3<2.0 ; python_version < "3.10"

Reproduction Steps

N/A

Possible Solution

The comment should be updated to indicate what it means to "avoid urllib3 2.x", and I think the change should be updated to:
urllib3<2.0 ; python_version < "3.10"

Additional Information/Context

No response

SDK version used

N/A

Environment details (OS name and version, etc.)

python <= 3.10
@cmdor cmdor added bug This issue is a confirmed bug. needs-triage This issue or PR still needs to be triaged. labels Jan 10, 2025
@github-actions github-actions bot added the potential-regression Marking this issue as a potential regression to be checked by team member label Jan 10, 2025
@cmdor
Copy link
Author

cmdor commented Jan 10, 2025

@jonathan343 , Could you provide more context on why this package lock was specified?

@nateprewitt
Copy link
Contributor

nateprewitt commented Jan 10, 2025
edited
Loading

Hi @cmdor, the lock files in the repo are generated for Python 3.8 which is our lowest supported version of Python. This is noted at the top of the lock files and we'd generally encourage generating your own lock file for other environments or installing from the base requirements-docs.txt file.

The relation specified in the requirements-docs.txt file is what's intended. For all versions of Python < 3.10, we also install urllib3 < 2.0 because urllib3 2.0 requires APIs only available in Python 3.10+. What you specified in the "Expected Behavior" section has the opposite effect of what we're intending.

Could you provide some more info on why you believe this is a regression and what issue you're encountering?

@nateprewitt nateprewitt added response-requested Waiting on additional information or feedback. and removed needs-triage This issue or PR still needs to be triaged. labels Jan 10, 2025
@cmdor
Copy link
Author

cmdor commented Jan 10, 2025

Hey @nateprewitt , it looks like the lock file and deps are in fact correct, and the comment is correct.

I came across this issue when using uv to lock dependencies. While uv identified that the older version of urllib3 should be used when using older versions of python, it did not identify that boto3 requires urllib3>2 for python>=3.10

To patch this, we needed to specify the constraint-dependencies within our own package's pyproject.toml:
uv docs: dependency-constraints

[tool.uv]
...
constraint-dependencies = [
  "urllib3<2 ; python_version < '3.10'",
  "urllib3>=2 ; python_version >= '3.10'",
]

@cmdor cmdor closed this as completed Jan 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a confirmed bug. potential-regression Marking this issue as a potential regression to be checked by team member response-requested Waiting on additional information or feedback.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nateprewitt @cmdor