fix some broken dependencies on legacy libs

[SourSpoon]

This feels like a really ugly fix and I dont really like it. But yarl has made some breaking changes recently and aiohttp 2.2 looks for 'yarl>=0.11' so it installs the latest version, 1.2.1 which causes the below traceback when importing discord.

Newer versions of aiohttp pin yarl to 1.1.1 so I have made that change here. My understanding is that aiohttp doesn't do back ports, so there is no point trying to fix the issue as the source.

This feels inelegant but it stops an error when you import discord

 Traceback (most recent call last):
  File "main.py", line 1, in <module>
    from constants import *
  File "/root/working/discord/spacebot/constants.py", line 2, in <module>
    import discord
  File "/usr/local/lib/python3.6/site-packages/discord/__init__.py", line 20, in <module>
    from .client import Client, AppInfo
  File "/usr/local/lib/python3.6/site-packages/discord/client.py", line 30, in <module>
    from .guild import Guild
  File "/usr/local/lib/python3.6/site-packages/discord/guild.py", line 39, in <module>
    from .channel import *
  File "/usr/local/lib/python3.6/site-packages/discord/channel.py", line 31, in <module>
    from .webhook import Webhook
  File "/usr/local/lib/python3.6/site-packages/discord/webhook.py", line 27, in <module>
    import aiohttp
  File "/usr/local/lib/python3.6/site-packages/aiohttp/__init__.py", line 6, in <module>
    from .client import *  # noqa
  File "/usr/local/lib/python3.6/site-packages/aiohttp/client.py", line 15, in <module>
    from . import connector as connector_mod
  File "/usr/local/lib/python3.6/site-packages/aiohttp/connector.py", line 17, in <module>
    from .client_proto import ResponseHandler
  File "/usr/local/lib/python3.6/site-packages/aiohttp/client_proto.py", line 6, in <module>
    from .http import HttpResponseParser, StreamWriter
  File "/usr/local/lib/python3.6/site-packages/aiohttp/http.py", line 8, in <module>
    from .http_parser import (HttpParser, HttpRequestParser, HttpResponseParser,
  File "/usr/local/lib/python3.6/site-packages/aiohttp/http_parser.py", line 15, in <module>
    from .http_writer import HttpVersion, HttpVersion10
  File "/usr/local/lib/python3.6/site-packages/aiohttp/http_writer.py", line 304, in <module>
    class URL(yarl.URL):
  File "/usr/local/lib/python3.6/site-packages/yarl/__init__.py", line 230, in __init_subclass__
    "is forbidden".format(cls))
TypeError: Inheritance a class <class 'aiohttp.http_writer.URL'> from URL is forbidden

resolves #1280

[palmtree5]

The version you've pinned to breaks stuff with aiohttp 2.2.5

See Cog-Creators/Red-DiscordBot/issues/1258

[SourSpoon]

My main concern was stopping 1.2.x from being installed which will always cause the above traceback when importing discord.

version 1.1.1 would of been the previous version installed if anyone installed rewrite since February 17th.

I am not opposed to hard locking to an even older version, but it doesn't seem hugely necessary. I hadn't seen any yarl related issues in d.py prior to today.

[scragly]

Setting requirements to yarl==1.1.1 breaks existing dependencies if other libs are already installed and require a lower version that was otherwise accepted in the range of discord.py requirements.

An example is aiohttp 2.0:

• Allowed and working discord.py requirements: aiohttp>=2.0.0,<2.3.0
• Requires: yarl>=0.10.0,<0.11

To resolve the issue, without restricting suddenly what versions are required by the lib, would be to change the line from:

yarl==1.1.1

to

yarl<1.2

[SourSpoon]

As discussed here and late (or early) last night made changes allowing more lenient dependencies.

[fabaff]

BTW, aiohttp is now at 3.2.1.

Pinning to legacy releases will break other projects or integrations like the one for Home Assistant. We use aiohttp-3.2.1 and your requirements will not allow one to setup discord.

[SourSpoon]

aiohttp drops support for python 3.4 in version 3. This library still maintains support for 3.4.

[sethwheway]

Not for long hopefully ;-)

[fabaff]

Python 3.4 will be EOL on 2019-03-16.

I see the benefit of supporting as much Python releases as possible but to be honest I see no point in keeping support for a legacy one that block the usage of recent releases of the requirements. Especially as most distributions ship Python > 3.5 nowadays.

[scarletcafe]

Dropping Python 3.4 is planned - we are only keeping support for it until the appropriate compatibility is put in to ensure normal functionality on Python 3.7, as it introduces some new behaviors that could end up disrupting how this library operates should a user or other library enable them.

[CatGirlsAreLife]

TBH I see no issue using latest aiohttp as long as people are careful with updating code to call functions/methods/classes that might have been either renamed, deprecated, or removed just to avoid dependency problems that this describes. However I been too lazy to code in Python since after 3.7.0b1. I just lost much motivation after making a working catgirl bot that sends random catgirl images from Google (was so worth it). And no, my bot is closed source to prevent people from stealing my code and claiming it as theirs by going in and adding it to a Bots list (how hard is it for them to code their own).

Yes, I know there are bot lists but I chose to make it a private bot as well otherwise it would get spammed and abused till something breaks.

And I see no need for Python 3.4 anymore. Why is it not end of life already? They do not even ship updates for it anymore except for 3.4.6 which can only be installed by building it yourself.

[sethwheway]

Thx for impassioned monologue about Catgirls in the inbox <3

[SourSpoon]

Resolved in rewrite update
f25091e