New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bump idna has version 3.0 was released #5711
Conversation
Hi @naorlivne, Thanks for the PR. I think this looks fine but there's some mild concern about users on Python 2. idna 3.0 drops Python 2 support and has added an appropriate I'm wondering if we need to add an environment marker splitting out the dependency range for Python 2 and 3. |
@nateprewitt the real solution here is for @naorlivne to not try to force dependencies to upgrade when they're untested with other projects (as you can see in the original report, they upgraded |
@sigmavirus24 what do you suggest? the alternative is that This change doesn't force anyone to use the latest version as it simply increase the range of accepted versions of |
@nateprewitt note that the real thing to ponder upon here is that requests dependencies are dropping Python 2 support. Requests needs to start preparing for a future where it also must drop Python 2 support. On the whole I don't see harm with @naorlivne's change though assuming there's no API incompatibilities. |
Semantically speaking, that range isn't correct for all users of Requests though. Which is why @nateprewitt is pondering using
That's called Requests 3.0
The scant notes don't imply any API incompatibilities: https://github.com/kjd/idna/blob/master/HISTORY.rst#30-2021-01-01 which doesn't guarantee there aren't any |
It will happen more and more, this is just the first but a lot of packages are deprecating support for Python 2.x so this problem will keep pop up with other dependencies as well so the options are:
It's possible this will need to be merged to Requests 3.0 if the decision is that's the version where python 2.x support will be dropped, however I noticed in #5660 that there's planned to drop support for Python 3.5 as it's EOL and I do find it weird we are keeping version 2.x support and a much newer version support is dropped, I also think that unless Requests 3.0 is right around the corner it might not be a good idea to wait a long time with this as the problem will only worsen as more time pass.
The only guarantees in life is death and taxes, we can only work on what's known (including known unknowns) and given that there hasn't been any declared API changes & all tests passed I don't think a worry of a "what if" possibly caused by an unknown unknown should be factored in. |
Ah, yes. What a package trying to provide stability to governments, corporations, and hobbyists alike needs - flippant attitudes towards functionality |
Regarding request 3, what is the right place to follow the roadmap? |
@sigmavirus24 What do you suggest instead of upgrading then? this change has passed all tests and there is no documented API changes in |
No I don't. I suggest taking greater care |
Can you give suggestion to what greater care you think is needed then? Aside from making sure all tests pass and going through the release data of the new package version I'm not sure what else can be done. |
Co-authored-by: Mickaël Schoentgen <contact@tiger-222.fr>
@BoboTiG didn't know it's possible to have a python version if in the requirements,txt... guess you learn something every day right? Anyway the suggested edit been made, is there anything else needed before this can be merged? |
FTR @naorlivne here are all markers you can use in requirements files: PEP 496 ;) |
Is there anything else needed for me to do regarding this ticket before this can be approved & merged? |
It would be most useful if these could be merged for the next release, we're also stuck with issues due to idna dependencies. |
I'm also looking forward to this ticket being fixed. It's the only requirement blocking maintenance update. I of course totally understand if you're busy! :) |
@sigmavirus24 Can you provide any guidance for things that people should look out for in the upgrade from |
@jschlyter It's likely this PR will land in the next release. Pinging this PR doesn't change anything except generate noise to 1400 people. Locking this discussion to contributors to avoid this happening again. @jayaddison Requests maintainers won't provide any guidance here, instead you should read the release notes for idna. From my reading there are unlikely to be functional changes for most users. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm happy with this PR in it's current state.
Closes #5710