Skip to content

Fix aiohttp dependency upgrade by resolving urllib3/requests version conflicts #92

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pamelafox merged 2 commits into from
Jul 29, 2025
Merged

Fix aiohttp dependency upgrade by resolving urllib3/requests version conflicts #92

pamelafox merged 2 commits into from
Jul 29, 2025

Conversation

Copy link
Contributor

Copilot AI commented Jul 28, 2025
edited
Loading

This PR resolves the dependency conflicts that caused Dependabot PR #84 to fail during CI, enabling the aiohttp upgrade to proceed successfully.

Problem

Dependabot PR #84 attempted to upgrade aiohttp but failed with a dependency conflict:

pkg_resources.ContextualVersionConflict: (urllib3 1.26.0 (/usr/local/lib/python3.8/site-packages), Requirement.parse('urllib3=1.25.8'), {'requests'})

The root cause was that the aiohttp upgrade pulled in incompatible versions of urllib3 and requests, creating a version conflict where urllib3 1.26.0 was installed but requests required urllib3=1.25.8 specifically.

Solution

This PR upgrades aiohttp from 3.11.10 to 3.11.18 while maintaining stable versions of the critical dependencies that were causing conflicts:

  • aiohttp: 3.11.10 → 3.11.18 (upgraded)
  • urllib3: 2.2.3 (unchanged - prevents conflicts)
  • requests: 2.32.3 (unchanged - prevents conflicts)

Technical Approach

The upgrade was validated using pip-compile --upgrade-package aiohttp --dry-run which confirmed that aiohttp 3.11.18 is compatible with the existing urllib3 and requests versions. This approach:

  1. Avoids the version conflicts that caused the original Dependabot failure
  2. Follows pip-tools dependency resolution methodology
  3. Maintains the existing stable dependency tree
  4. Makes minimal surgical changes (2 files, 2 lines changed)

Files Changed

  • src/requirements.txt: Updated aiohttp version
  • scripts/requirements.txt: Updated aiohttp version

Both files maintain their pip-compile generated format and all dependency comments.

Verification

The changes can be verified by running:

pip install -r requirements-dev.txt

This should install successfully without the urllib3/requests conflicts that prevented the original Dependabot upgrade.

Fixes #91.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@pamelafox
Upgrade aiohttp from 3.11.10 to 3.11.18
08f0b48 
Co-authored-by: pamelafox <297042+pamelafox@users.noreply.github.com>
Copilot AI changed the title [WIP] Dependabot PR #84 to upgrade aiohttp failed CI Fix aiohttp dependency upgrade by resolving urllib3/requests version conflicts Jul 28, 2025
Copilot AI requested a review from pamelafox July 28, 2025 16:41
Copilot finished work on behalf of pamelafox July 28, 2025 16:41
@pamelafox pamelafox marked this pull request as ready for review July 29, 2025 06:27
@pamelafox pamelafox merged commit 1667cba into main Jul 29, 2025
11 checks passed
@pamelafox pamelafox deleted the copilot/fix-91 branch July 29, 2025 06:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pamelafox pamelafox Awaiting requested review from pamelafox

Assignees

@pamelafox pamelafox

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Dependabot PR #84 to upgrade aiohttp failed CI

2 participants

@pamelafox