Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update apache-libcloud requirement from <3,>=2.2.1 to >=2.2.1,<4 #2

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update apache-libcloud requirement from <3,>=2.2.1 to >=2.2.1,<4 #2

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 9, 2022

Updates the requirements on apache-libcloud to permit the latest version.

Changelog

Sourced from apache-libcloud's changelog.

Changes in Apache Libcloud 3.4.1

.. note::

Libcloud depends on the requests library for performing HTTP(s) requests.

Prior to requests v2.26.0, requests depended on chardet library which is licensed under LGPL (requests library itself is licensed under the Apache License 2.0 license).

Since Libcloud is not an application, but a library which is usually used along many other libraries in the same (virtual) environment, we can't have a strict dependency on requests >= 2.26.0 since that would break a lot of installations where users already depend on and have an older version of requests installed.

If you are using requests < 2.26.0 along the Libcloud library you are using version of chardet library (chardet is a direct dependency of the requests library) which license is not compatible with Apache Libcloud.

If using a LGPL dependency is a problem for your application, you should ensure you are using requests >= 2.26.0.

It's also worth noting that Apache Libcloud doesn't bundle any 3rd party dependencies with our release artifacts - we only provide source code artifacts on our website.

When installing Libcloud from PyPi using pip, pip will also download and use the latest version of requests without the problematic chardet dependency, unless you already have older version of the requests library installed in the same environment where you also want to use Libcloud - in that case, Libcloud will use the dependency which is already available and installed.

Common


- Fix a regression which was inadvertently introduced in v3.4.0 which prevented
  users from installing Libcloud under Python 3.5.

Also revert requests minimum version required change and relax the
minimum version requirement.


Previous change would prevent Libcloud from being installed in environments
where a conflicting (lower) version of requests library is required and
already installed.


As a library and not an application, Libcloud should specify as loose
requirements as possible to prevent issues with conflicting requirements
versions which could prevent Libcloud from being installed.
</tr></table>

... (truncated)

Commits
  • 28d3785 Add a workaround for more-itertools upstream change which broke tests
  • eff80c0 Bump version for v3.4.1 release.
  • 2c1fcdf Enable CI for 3.4.x series branch.
  • 5f5b509 Use include.
  • 14e90fb Add a note on chardet LGPL issue to the upgrade notes and changelog.
  • 90d7ec0 Update changelog.
  • e0726c8 Add changelog entry.
  • edfb4c5 Don't require the very latest version of requests under Python >= 3.6.
  • dfa5673 Fix a bug in setup.py which causes installation to fail under Python 3.5
  • ab4069a Re-generate provider tables.
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Update apache-libcloud requirement from <3,>=2.2.1 to >=2.2.1,<4
88f1882 
Updates the requirements on [apache-libcloud](https://github.com/apache/libcloud) to permit the latest version.
- [Release notes](https://github.com/apache/libcloud/releases)
- [Changelog](https://github.com/apache/libcloud/blob/trunk/CHANGES.rst)
- [Commits](apache/libcloud@v2.2.1...v3.4.1)

---
updated-dependencies:
- dependency-name: apache-libcloud
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants