python-social-auth
Why is lxml restricted to specific versions?
lxml is restricted to <4.7 in commit 5378daae957ed1d4912d1d520f3ec0d6c1c33c9e, which tells "Pin lxml dependency to fix unstable CI test runs". I don't find out any usage of lxml in the source code. Looks like this change is for the lxml version issue required by python3-saml in the CI. If it's true, can we move the change to the CI inside .github/ rather than requirements-saml.txt? Please correct me if I misunderstand. Thanks.
@nijel IIUC, lxml<4.7 is also required for social-core at runtime if that issue is not fixed in python3-saml, do I?
The issue in python3-saml escalated meanwhile - current versin requires 4.7.0 which is yanked (https://github.com/onelogin/python3-saml/pull/297). Let's wait for them to deal with this mess first.
Heads up, it looks like python3-saml has been deprecated: https://github.com/onelogin/python3-saml/issues/320
Switching to https://github.com/IdentityPython/pysaml2 might be an option, help with that is definitely welcome.
Hi, python3-saml has released a new version that changed the required lxml version(s): https://github.com/SAML-Toolkits/python3-saml/blob/master/setup.py#L36 - would this allow social-core to declare the same versions in https://github.com/python-social-auth/social-core/blob/master/requirements-saml.txt#L2 (or use > 4.7.0)?
I don't think social-core needs any additional restriction. It was added to avoid test breakage in https://github.com/python-social-auth/social-core/commit/5378daae957ed1d4912d1d520f3ec0d6c1c33c9e. Now it's probably time to completely remove that.
I created a PR with some changes that I thought are sensible - however when I tried to run tests locally using docker-compose run --rm social-tests it seems to run indefinitely with no real progress being made.