Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MAINT: Remove import except block #2957

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

MAINT: Remove import except block #2957

wants to merge 9 commits into from

Conversation

j-t-1
Copy link
Contributor

@j-t-1 j-t-1 commented Nov 19, 2024

pypdf is now using version 43.0.3 of cryptography, so the fallback for previous versions can be removed.
https://cryptography.io/en/latest/changelog/#v43-0-0

pypdf is now using version 43.0.3 of cryptography, so the fallback for previous versions can be removed.
https://cryptography.io/en/latest/changelog/#v43-0-0
pypdf is now using version 43.0.3 of cryptography, so the fallback for previous versions can be removed.
https://cryptography.io/en/latest/changelog/#v43-0-0
Copy link

codecov bot commented Nov 19, 2024

Codecov Report

Attention: Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.

Project coverage is 95.63%. Comparing base (27edc06) to head (1002136).

Files with missing lines Patch % Lines
pypdf/_crypt_providers/_cryptography.py 50.00% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #2957      +/-   ##
==========================================
- Coverage   96.36%   95.63%   -0.74%     
==========================================
  Files          52       52              
  Lines        8751     8753       +2     
  Branches     1593     1593              
==========================================
- Hits         8433     8371      -62     
- Misses        190      252      +62     
- Partials      128      130       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@stefan6419846
Copy link
Collaborator

I disagree with this. Although cryptography is newer in our code, we still support the old variant as far as I know.

Copy link
Collaborator

@stefan6419846 stefan6419846 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If ever, we should do this in a proper deprecation process.

@j-t-1
Copy link
Contributor Author

j-t-1 commented Nov 19, 2024

The change was only added four months ago. Reverting this (closing this commit) would be for users who do update pypdf but do not update cryptography. Could defer to @MartinThoma who added the importing flexibility.

@stefan6419846
Copy link
Collaborator

Martin added this as our tests were failing when we tried to publish a release. IMHO there is nothing which Martin could add here. If we require a minimum version of some dependency, we should communicate this properly.

@stefan6419846 stefan6419846 added the needs-discussion The PR/issue needs more discussion before we can continue label Nov 19, 2024
j-t-1 added 7 commits December 5, 2024 11:12
pypdf is now using version 43.0.3 of cryptography; make the fallback for ARC4 deprecate_with_replacement.
https://cryptography.io/en/latest/changelog/#v43-0-0
pypdf is now using version 43.0.3 of cryptography; make the fallback for ARC4 deprecate_with_replacement.
https://cryptography.io/en/latest/changelog/#v43-0-0
pypdf is now using version 43.0.3 of cryptography; make the fallback for ARC4 deprecate_with_replacement.
https://cryptography.io/en/latest/changelog/#v43-0-0
pypdf is now using version 43.0.3 of cryptography; make the fallback for ARC4 deprecate_with_replacement.
https://cryptography.io/en/latest/changelog/#v43-0-0
pypdf is now using version 43.0.3 of cryptography; make the fallback for ARC4 deprecate_with_replacement.
https://cryptography.io/en/latest/changelog/#v43-0-0
pypdf is now using version 43.0.3 of cryptography; make the fallback for ARC4 deprecate_with_replacement.
https://cryptography.io/en/latest/changelog/#v43-0-0
from cryptography.hazmat.decrepit.ciphers.algorithms import ARC4
except ImportError:
from cryptography.hazmat.primitives.ciphers.algorithms import ARC4
# https://cryptography.io/en/latest/changelog/#v43-0-0
deprecate_with_replacement(
"cryptography.hazmat.primitives.ciphers.algorithms",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The user has no control over these directly, thus this does not make much sense here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove deprecate_with_replacement and replace with the following message?

print("The Cryptography library moved the location of ARC4 in v43.0.0. pypdf 6.0.0 will require Cryptography v43.0.0.")

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

print is not intended for user-facing messages. Apart from this, I still do not really see the benefit of dropping the old versions if its only an import and no functionality ...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Their CHANGELOG.rst says:

ARC4 will be removed from the cipher module in 48.0.0.

They are on version 44.0.0 now, and released 42.0.0 and 43.0.0 this year. Eventually we may have to have a requirement for version 47.0.0 or less.

Having a simpler imports requirement by then may be useful: in the future there may be three situations that we will have to handle.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This removal seems to only affect the old variant - the new primary import will not be removed and thus pypdf should not break here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reading their documentation, I think you are right. I would prefer we deprecate_with_replacement, in time the number of users who update pypdf and not cryptography will become small. However, since it currently works and they did the namespace move fairly recently, there is reason to keep the same, so feel free to close this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs-discussion The PR/issue needs more discussion before we can continue
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants