MarkupSafe has released a breaking change

[mtruj013]

Summary

MakrupSafe has released a breaking change which breaks dotrun

Process

Run dotrun and see error ImportError: cannot import name 'soft_unicode' from 'markupsafe' (/home/ubuntu/dotrun-projects/ubuntu.com/.venv/lib/python3.8/site-packages/markupsafe/__init__.py)

Relevant jinja issue: pallets/jinja#1587

[davidism]

It looks like you are not pinning your dependencies. Use something like pip-tools to pin dependencies so you control when updates happen. Also note that Jinja 2.x is no longer supported, it's recommended to also update to 3.x if possible.

[nottrobin]

Thanks @davidism for reaching out. Yeah it would be nice to be properly pinning dependencies. I'd prefer to do that by moving to a modern package manager like poetry - something like pip-tools feels a bit like a hack. Do you have thoughts on that?

We don't import Jinja directly in this project, so if we're getting 2.x it must be because something else is asking for it (Flask, presumably?). Worth looking into. Thanks.

[davidism]

The Pallets projects all use pip-tools to pin the development environment. Requirements files are the lowest barrier to new contributors compared to needing to install another application first, although those new project management tools have been tempting occasionally. I've also been impressed by PDM, if you want to consider it too.

Not sure what's pulling in an old version in that requirement file. The cool thing about pip-tools is that it will output a requirements file that has comments saying which other requirements each requirement came from, so you'd be able to trace what required Jinja2<3. I'd guess other tools have that ability too.