Giters

aio-libs / aiomonitor

aiomonitor is module that adds monitor and python REPL capabilities for asyncio application

Home Page:https://aiomonitor.aio-libs.org

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Relax aiohttp dependency

baswelsh opened this issue · comments

commented

Describe the bug

Is it straightforward to relax the constraint on the aiohttp dependency? We are getting the following error from pip check:

aiomonitor 0.6.0 has requirement aiohttp~=3.8.5, but you have aiohttp 3.9.1.

Please note that typically aiohttp~=3.8.5 would be fine but as of recently, aiohttp<=3.9 has a critical security vulnerability and containers that use it don't pass the relevant scans.

To Reproduce

Attempt to install a newer versions of aiohttp alongside aiomonitor: pip install aiohttp==3.9.1 aiomonitor==0.6.0.

Result: ERROR: Cannot install aiohttp==3.9.1 and aiomonitor==0.6.0 because these package versions have conflicting dependencies.

Expected behavior

The expected behavior is that the dependency constraint be aiohttp>=3.8.5

Logs/tracebacks

`ERROR: Cannot install aiohttp==3.9.1 and aiomonitor==0.6.0 because these package versions have conflicting dependencies.`

Python Version

3.10 and 3.11

aiomonitor Version

0.6.0

OS

MacOS

Additional context

Thank you for the help!

Code of Conduct

  • I agree to follow the aio-libs Code of Conduct
commented

Fixed in f156e5b. Thanks!