problem with pipenv, flask-uploads, and Werkzeug

Question

I am working on a flask project. These are my dependencies in requirements.txt and it is working fine:

pytest==6.2.4
black==21.7b0
Flask-JWT-Extended==4.2.3
Flask-RESTful==0.3.9
Flask-SQLAlchemy==2.5.1
PyMySQL==1.0.2
Flask-MySQLdb==0.2.0
flask-marshmallow==0.14.0
marshmallow-sqlalchemy==0.26.1
marshmallow


flask-uploads==0.2.1
Werkzeug==0.16.0


python-dotenv==0.19.0
flask-migrate==3.1.0
ldap3==2.9.1
psycopg2==2.9.1

The reason that I am using Werkzeug==0.16.0 is explained in this post in StackOverflow:

flask_uploads: ImportError: cannot import name 'secure_filename'

I am trying to use pipenv instead of venv.

So after creating the project and adding the pipfile to the project, I run this command:

pipenv install -r requirements.txt

But I get an error:

[pipenv.exceptions.ResolutionFailure]: Warning: Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies.
  First try clearing your dependency cache with $ pipenv lock --clear, then try the original command again.
 Alternatively, you can use $ pipenv install --skip-lock to bypass this mechanism, then run $ pipenv graph to inspect the situation.
  Hint: try $ pipenv lock --pre if it is a pre-release dependency.
ERROR: Could not find a version that matches werkzeug==0.16.0,>=0.14,>=2.0 (from -r C:\Users\{user}\AppData\Local\Temp\pipenv4r7ldp86requirements\pipenv-ajg0yy6e-constraints.txt (line 15))
Tried: 0.1, 0.2, 0.3, 0.3.1, 0.4, 0.4.1, 0.5, 0.5.1, 0.6, 0.6.1, 0.6.2, 0.7, 0.7.1, 0.7.2, 0.8, 0.8.1, 0.8.2, 0.8.3, 0.9, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.10, 0.10.1, 0.10.2, 0.10.2, 0.10.4, 0.10.4, 0.11, 0.11, 0.11.1, 0.11.
1, 0.11.2, 0.11.2, 0.11.3, 0.11.3, 0.11.4, 0.11.4, 0.11.5, 0.11.5, 0.11.6, 0.11.6, 0.11.7, 0.11.7, 0.11.8, 0.11.8, 0.11.9, 0.11.9, 0.11.10, 0.11.10, 0.11.11, 0.11.11, 0.11.12, 0.11.12, 0.11.13, 0.11.13, 0.11.14, 0.11.14, 0.11.15, 0.11.
15, 0.12, 0.12, 0.12.1, 0.12.1, 0.12.2, 0.12.2, 0.13, 0.13, 0.14, 0.14, 0.14.1, 0.14.1, 0.15.0, 0.15.0, 0.15.1, 0.15.1, 0.15.2, 0.15.2, 0.15.3, 0.15.3, 0.15.4, 0.15.4, 0.15.5, 0.15.5, 0.15.6, 0.15.6, 0.16.0, 0.16.0, 0.16.1, 0.16.1, 1.0
.0, 1.0.0, 1.0.1, 1.0.1, 2.0.0, 2.0.0, 2.0.1, 2.0.1
Skipped pre-versions: 1.0.0rc1, 1.0.0rc1, 2.0.0rc1, 2.0.0rc1, 2.0.0rc2, 2.0.0rc2, 2.0.0rc3, 2.0.0rc3, 2.0.0rc4, 2.0.0rc4, 2.0.0rc5, 2.0.0rc5
There are incompatible versions in the resolved dependencies:
  werkzeug==0.16.0 (from -r C:\Users\{user}\AppData\Local\Temp\pipenv4r7ldp86requirements\pipenv-ajg0yy6e-constraints.txt (line 15))
  werkzeug>=0.14 (from flask-jwt-extended==4.2.3->-r C:\Users\{user}\AppData\Local\Temp\pipenv4r7ldp86requirements\pipenv-ajg0yy6e-constraints.txt (line 3))
  werkzeug>=2.0 (from flask==2.0.1->flask-migrate==3.1.0->-r C:\Users\{user}\AppData\Local\Temp\pipenv4r7ldp86requirements\pipenv-ajg0yy6e-constraints.txt (line 7))

How can I solve this problem?

Titotix · Answer 1 · 2021-09-10T19:13:00.080

werkzeug>=2.0 (from flask==2.0.1->flask-migrate==3.1.0->-r C:\Users{user}\AppData\Local\Temp\pipenv4r7ldp86requirements\pipenv-ajg0yy6e-constraints.txt (line 7))

This line means that to install flask-migrate 3.1.0, pipenv tried to install flask 2.0.1 (because flask-migrate 3.1.0 needs Flask >= 0.9 so pipenv decided to install the latest Flask release) and this version of Flask requires werkzeug 2.0 at least. And as you required Werkzeug 0.16.0, pipenv cant decide what to do.

Solution

Edit: As mentionned by Jürgen Gmach, using flask-reuploaded in place of flask-uploads might be a good way to go (Jürgen Gmach being the maintainer of flask-reuploaded)

The bug you are referencing from flask-upload has been fixed on the github repository but not released on pypi. They were no release on pypi since 2016, I bet they won't do it (Maybe you can ask for it on the github page).

Install the latest code from flask-uploads from github
You may give a try on installing Werkzeug 2.0.1
Stop using this flask module and find an other way of doing what it does. -> flask-reuploaded

You can install code from github in a requirement.txt. For reference: How to state in requirements.txt a direct github source

There is a successor to Flask-Uploads, see https://github.com/jugmac00/flask-reuploaded — Jürgen Gmach, Sep 10 '21 at 19:01

Jürgen Gmach · Answer 2 · 2021-09-10T19:34:10.873

0

You should use Flask-Uploads' successor, https://github.com/jugmac00/flask-reuploaded

It is not only well maintained, compatible with current versions of werkzeug, but it also fixed a security issue with Flask-Uploads

edited Sep 10 '21 at 19:34

answered Sep 10 '21 at 18:59

Jürgen Gmach

5,366
3
20
37

problem with pipenv, flask-uploads, and Werkzeug

2 Answers2