-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2.11.3 broken due to outdated dependency #1605
Comments
You need to pin all your dependencies, not just the direct ones... See #1585 |
@ThiefMaster Sure - but given that Line 6 in bb7f3a5
Arguably this is an issue of MarkupSafe breaking semver and releasing a breaking change in a minor version bump - but as-is, 2.11.3 will not work independently without changes. |
Besides not really doing semver, we did add deprecation warnings a major release, announcing that the next minor release will remove it. New projects should not be installing an older version of Jinja (since there's no reason to do that in a new project), and existing projects should have the proper pins to avoid this problem altogether... Quoting the explanation used in all the other issues on this topic:
|
Yeah, I get that and this is no longer an issue for us personally - just thinking it would be so easy to push an update to pypi and especially with the world events this week, individuals and teams who failed to pin properly and are currently fleeing or fighting for their lives would appreciate not having to deal with CI and build breakages. If this would have happened a month or two ago I probably wouldn't have bothered to follow up on the issue here in the first place. Not meaning to say "this is your responsibility, fix it", rather "so many would be helped by this" |
|
That pin indicates that earlier versions are incompatible; it does not make any statement about later versions. Long but really good article to read: https://iscinumpy.dev/post/bound-version-constraints/ |
One of our existing applications still on
2.11.3
will no longer run on a fresh install due to use of removed functionsoft_unicode
, which was removed fromMarkupSafe v2.1.0
.Could be solved either by:
MarkupSafe<2.10
soft_unicode
tosoft_str
)As flask v1.1.4 (released May 2021) still depends on the jinja 2.x branch, I suspect there are many projects hit by this.
cf pallets/flask#4455
Environment:
The text was updated successfully, but these errors were encountered: