Upgrade to urllib3 to v2.x.x #12857
Comments
di
added
type: feature request
|
Last I checked this was blocked until pip dropped Python 3.9 support, which won't be at least until the end of 2025. Please read the details here: #12026 (comment) |
|
Ah, thats unfortunate. Thanks for the pointer, I'll leave this open until we can resolve it by dropping support for 3.9. |
ichard26
added
state: blocked
|
I never quite understood what the failure case is, so I just skimmed through urllib3/urllib3#2168, it seems that if a user installs urllib3 2+ and does not have OpenSSL 1.1.1 or newer they get an error like:
They are then advised to either pin to urllib3 < 2 or upgrade their environment to have OpenSSL 1.1.1+. For urllib3 this is sufficent enough of an edge case and users have recourse to fix things. But for pip users who hit this they would have no way to vendor a different version of urllib3, and their pip installation would be broken and they would be unable to downgrade pip using pip. I mention this, because it's possible that the CI could pass on urllib3 2+ right now if all the relevant Python installs use OpenSSL 1.1.1+. It should still not be treated as a success. |
|
x-ref #12026 |
What's the problem this feature will solve?
Currently
pipvendors theurllib31.26.x version branch as a dependency ofrequests:pip/src/pip/_vendor/vendor.txt
Lines 8 to 11 in 5fb46a3
Since
requests==2.30.0,requestshas been compatible withurllib3>=2.0: psf/requests#6432 (comment)This will upgrade a vendored dependency and unblock issues such as #11153.
Describe the solution you'd like
Upgrade the vendored version of
urllib3to a release on the v2.x.x release branch, preferablyurllib3==2.2.2(the latest current release) if possible.Alternative Solutions
Remain on the v1.x.x branch indefinitely.
Additional context
I couldn't find any issue discussing upgrading this specific dependency.
Code of Conduct
The text was updated successfully, but these errors were encountered: