On Feb 10, 2021, at 3:44 PM, Glyph <
glyph@twistedmatrix.com> wrote:
The constraints from requests (<3,>=2.5) and hyperlink (>=2.5) are perfectly compatible; one's just a subset of the other.
Sure, they are compatible, but Klein doesn’t use requests directly, and this only looks to be failing in trunk.
My concern here is that Twisted may have added a dependency on requests, and that dependency means that if you want IDNA==3.1, as Klein’s tox.ini does, that you aren’t allowed to. That seems weak; I’d say a bug. No?
I have created a new virtual env and executed `pip install .` on trunk.
It installed the following packages:
constantly, zope.interface, attrs, incremental, six, Automat, idna, hyperlink, Twisted
------------
`requests` was not installed.
I wasn't expecting to see `idna` as it is listed as TLS only deps.... but it looks like hyperlink depends on idna.
Here is the dep tree
$ pipdeptree -fl
Twisted @ file:///home/adi/dev/twisted
attrs==20.3.0
Automat==20.2.0
attrs==20.3.0
six==1.15.0
constantly==15.1.0
hyperlink==21.0.0
idna==3.1
incremental==17.5.0
zope.interface==5.2.0
setuptools==44.0.0
wheel==0.36.2
------------
I guess that we can remove idna from setup.cfg TLS section in Twisted
tls =
pyopenssl >= 16.0.0
# service_identity 18.1.0 added support for validating IP addresses in
# certificate subjectAltNames
service_identity >= 18.1.0
idna >= 2.4
Cheers