Master currently broken because of dependency conflict between requests and cryptography #4818
Description
SUMMARY
The ST2 requirements.txt of st2common requires cryptography==2.7 and requests[security]<2.22.0,>=2.21.0. The problem is, requests[security]<2.22.0,>=2.21.0 requires cryptography>=2.8, so there is a dependency conflict.
It's the same kind of problem as #4770.
Pip fails with the following error:
ERROR: pyopenssl 19.1.0 has requirement cryptography>=2.8, but you'll have cryptography 2.7 which is incompatible.
When using a recent version of pip (e.g. 19.3.1), this will cause pip to fail to install the requirements. However, if you try with an old version (e.g. 9.0.3), it will work. I don't know at which specific version of Pip it stops working.
Note: this might be considered urgent because as https://github.com/StackStorm-Exchange/ci uses the master branch of ST2, it is currently breaking CIs (depending on what version of Pip is used by the CI, and maybe the OS?).
STACKSTORM VERSION
Current master branch, bf17325
OS, environment, install method
Ubuntu 16.04
Steps to reproduce the problem
It's easier to reproduce with Docker.
- Start a container with the following command:
docker run -it ubuntu:16.04 /bin/bash - Run the following commands inside the Docker container:
apt-get update
apt-get install python3 python3-pip python3-dev git build-essential libffi-dev libssl-dev nano
pip3 install virtualenv # To have a newer version of pip easily
virtualenv st2-requests-test
cd st2-requests-test
source ./bin/activate
# Create the st2/requirements.txt file
pip install -r requirements.txt # This will fail
Expected Results
Should correctly install all the dependencies when doing pip install -r requirements.txt.
Actual Results
Pip fails with the following error:
ERROR: pyopenssl 19.1.0 has requirement cryptography>=2.8, but you'll have cryptography 2.7 which is incompatible.