Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tracking aiobotocore #528

Open
martindurant opened this issue Aug 31, 2021 · 13 comments
Open

Tracking aiobotocore #528

martindurant opened this issue Aug 31, 2021 · 13 comments

Comments

@martindurant
Copy link
Member

Starting with 2021.08.0, we have a hard pin on the aiobotocore version, after their removal of the top level reference to the session class broke our code.
For the future, how do we decide on the best pin? Do we need a set of rolling PRs updating the pin and seeing if tests pass?
@docktermj docktermj mentioned this issue Sep 8, 2021
Closed
@varlackc varlackc mentioned this issue Sep 24, 2021
Merged
@efiop efiop mentioned this issue Nov 9, 2021
Closed
@raybellwaves raybellwaves mentioned this issue Nov 17, 2021
Closed
@raybellwaves
Copy link
Contributor

FYI I started to work on creating env files for testing here (#554). Could be a way to specify aiobotocore version in tests/ci.

@raybellwaves raybellwaves mentioned this issue Nov 17, 2021
Closed
@austinweisgrau
Copy link

Pinning aiobotocore to 1.4.2 depends on botocore 1.20, but up to date versions of boto3 need botocore >= 1.23.

@hayashier
Copy link
Contributor

I opened PR to bump aiobotocore to 2.1.0 which supports botocore 1.23.14.
#564

@joshmoore
Copy link

Apologies if it's unrelated, but the error from #514 has shown up again in zarr-developers/zarr-python#914

@martindurant
Copy link
Member Author

I'm afraid you'll need to update your s3fs too. The required version of aiobotocore is now fixed, since that happened, but of course I can't fix the previous ones.

@joshmoore
Copy link

(If that was meant for me) @martindurant: isn't 2021.11.1 from zarr-developers/zarr-python#892 the latest?

@martindurant
Copy link
Member Author

@joshmoore
Yes - but now it works, right?

@joshmoore
Copy link

I thought so, which was why I was worried when zarr-developers/zarr-python#914 started failing (last ~12 hours). I'll re-launch.

@joshmoore
Copy link

(No change)

@joshmoore
Copy link

Looks related to use of fsspec[s3]. Updated on zarr-developers/zarr-python#914

joshmoore added a commit to joshmoore/zarr-python that referenced this issue Dec 21, 2021
@joshmoore
Drop shortcut fsspec[s3] for dependency
b11a0af 
Use of the short rather than `fsspec` and `s3fs` separately leads
to an old version of s3fs being installed. (The benefit of the
shortcut is that it prevents dependabot PRs from failing.)

see:
* fsspec/s3fs#528
* zarr-developers#914
@joshmoore joshmoore mentioned this issue Dec 21, 2021
Merged
joshmoore added a commit to zarr-developers/zarr-python that referenced this issue Dec 21, 2021
@joshmoore
Drop shortcut fsspec[s3] for dependency (#920)
1711b16 
Use of the short rather than `fsspec` and `s3fs` separately leads
to an old version of s3fs being installed. (The benefit of the
shortcut is that it prevents dependabot PRs from failing.)

see:
* fsspec/s3fs#528
* #914
@dazza-codes dazza-codes mentioned this issue Dec 23, 2021
Closed
@ztane
Copy link

ztane commented May 13, 2022
edited

It is now close impossible to use s3fs and boto3 in the same project. At least pip-tools doesn't know how to resolve a suitable boto3 version and we get 0.4.0 for s3fs, which hardcodes vulnerable urllib3 and all.

@JMBurley
Copy link

JMBurley commented Jul 14, 2022
edited

I want to echo @ztane that the aiotbotocore pin and consequent incompatibility with any other package that requires (even vaguely modern) boto3** when managing via pip-tools is a huge problem. Most critical is moto[boto3] being incompatible, which essentially means projects cannot use s3fs and test their s3 protocols.

I understand that packaging dependencies across projects is annoying for the maintainers of any individual github project, but I'd love to see this one get resolved.

Pip-tools improved their dependency resolver with backtracking 15 days ago and even that doesn't solve this.

** Because boto3 and aiobotocore cannot find mutually acceptable botocore.

@martindurant
Copy link
Member Author

I agree that installs not doing the right thing or not working at all, and requiring more precise definitions of package versions is a pain. However, it still seems like a lesser pain then relaxing the pin on our end, and having an upstream update break our code, as has happened before.

I would also not that the large fraction of the community that installs via conda/mamba, there is no problem.

Finally, testing with s3fs and moto is clearly possible, since we do exactly that in this repo :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@joshmoore @ztane @martindurant @hayashier @raybellwaves @JMBurley @austinweisgrau