jinja: ImportError: cannot import name 'soft_unicode' from 'markupsafe'

Description

Markup has release a new version and now Jinja throws an error.

File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/dbt/utils.py", line 9, in <module>
    import jinja2
  File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/jinja2/__init__.py", line 12, in <module>
    from .environment import Environment
  File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/jinja2/environment.py", line [25](https://github.com/cloudfactory/edw-dbt/runs/5243038097?check_suite_focus=true#step:7:25), in <module>
    from .defaults import BLOCK_END_STRING
  File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/jinja2/defaults.py", line 3, in <module>
    from .filters import FILTERS as DEFAULT_FILTERS  # noqa: F401
  File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/jinja2/filters.py", line 13, in <module>
    from markupsafe import soft_unicode
ImportError: cannot import name 'soft_unicode' from 'markupsafe' (/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/markupsafe/__init__.py)
Error: Process completed with exit code 1.

Bug Replication

Install Jinja with MarkupSafe 2.1.0

Expected behavior

No errors when importing jinja.

Environment

Python version: 3.8.12
Jinja version: 2.11.3
MarkupSafe: 2.1.0

About this issue

Original URL
State: closed
Created 2 years ago
Reactions: 15
Comments: 17 (5 by maintainers)

Commits related to this issue

Test against jinja2 3.x New installs of the 2.x branch are currently broken due to https://github.com/pallets/jinja/issues/1585, which the maintainer of jinja apparently does not intend to fix. — committed to gasman/wagtail by gasman 2 years ago
Test against jinja2 3.x (#8014) New installs of the 2.x branch are currently broken due to https://github.com/pallets/jinja/issues/1585, which the maintainer of jinja apparently does not intend to fi... — committed to wagtail/wagtail by gasman 2 years ago
Test against jinja2 3.x New installs of the 2.x branch are currently broken due to https://github.com/pallets/jinja/issues/1585, which the maintainer of jinja apparently does not intend to fix. — committed to wagtail/wagtail by gasman 2 years ago
Upgrade Jinja to latest version Source: https://github.com/pallets/jinja/issues/1585 — committed to guikcd/aws-managed-services-versions by guikcd 2 years ago
Upgrade Jinja to latest version (#59) Source: https://github.com/pallets/jinja/issues/1585 — committed to guikcd/aws-managed-services-versions by guikcd 2 years ago
Pin markup safe also Jinja <3 (via markupsafe) broke today. See https://github.com/pallets/jinja/issues/1585#issuecomment-1043892628 As they get further way from Python 3.5, we should either move th... — committed to canonical/grafana-k8s-operator by rbarry82 2 years ago
venv: Add Flask subdependency upper bound limit. Currently Flask v1 depends on Jinja v2, which doesn't have an upper bound limit for MarkupSafe, and the latest release of MarkupSafe v2.1 is not compa... — committed to mu-editor/mu by carlosperate 2 years ago
Update Jinja An update to MarkUpSafe[1] breaks Jinja2 ver 2.x. The fix is to update to Jinja2 ver 3.x [1] https://github.com/pallets/jinja/issues/1585 — committed to zaro0508/pre-commit-provisioner by zaro0508 2 years ago
Pin markup safe also (#68) Jinja <3 (via markupsafe) broke today. See https://github.com/pallets/jinja/issues/1585#issuecomment-1043892628 As they get further way from Python 3.5, we should eithe... — committed to canonical/grafana-k8s-operator by rbarry82 2 years ago
pin markupsafe==2.0.1 for docu build see https://github.com/pallets/jinja/issues/1585 — committed to NGSolve/ngsolve by mhochsteger 2 years ago
Constrain `jinja2 <3` to `markupsafe <2` `markupsafe <2.1` is neeeded to avoid the issue in: https://github.com/pallets/jinja/issues/1585 We are constraining `markupsafe <2` to be on the safe side. — committed to xylar/conda-forge-repodata-patches-feedstock by xylar 2 years ago
update deps to fix jinja Gotta love python dep management: https://github.com/pallets/jinja/issues/1585 — committed to nhanb/pytaku by nhanb 2 years ago
Update Jinja to fix https://github.com/pallets/jinja/issues/1585 — committed to litebird/litebird_sim by ziotom78 2 years ago
Update `Jinja2` to fix pallets/jinja#1585 — committed to judahrand/sqlfluff by judahrand 2 years ago
Pin MarkupSafe to 2.0.1 to fix pallets/jinja#1585 — committed to encrypt94/copanier by encrypt94 2 years ago
Fixes on dependencies (#138) * Add libjpeg as dependency to dockerfile, is needed by WeasyPrint > Pillow * Pin MarkupSafe to 2.0.1 to fix pallets/jinja#1585 — committed to almet/copanier by encrypt94 2 years ago

Most upvoted comments

Because I don’t depend on markupsafe, I depend on Jinja. The responsibility for providing compatible dependencies is jinja2, not every project that depends on it.

Edit: By the way, in my case, I develop conan, and I would need to fix versions from 1.0 to 1.43. If I have to do it, I’ll do it because I respect my users, I won’t ask them to pin markupsafe.

Edit2: We already upgraded to Jinja 3 a couple of versions ago, but we understand not all users are able to upgrade Conan for different reasons, so we have to give them a solution.

+50

lasote on Feb 18, 2022

Hi, jinja2 team. Although the issue is marked as closed, I hope we discuss more about the option to do a patch release for a older version of jinja2.

Since the jinja2==2.11.3 has dependency markupsafe>=0.23 without upper constraints, this led to break all library versions that transitively depends on jinja2<3 (notably, flask<2). That is a wrong constraints, and the most simplest fix would be releasing a patch release jinja2==2.11.4 with markupsafe>=0.23,<2.1.0 constraints.

Application developers can add their constraints.txt file to add an upper cap, but library developers have no way to provide extra constraint for non-direct dependency except for marking it as a direct dependency, which would add up more chaos in python library dependencies. This is not a good way to go.

For example, I’m maintaining tfx library which has extra dependency on airflow, which has a dependency flask<2. This breaks our library. Options that I can choose of:

Ask jinja2 library to release a 2.11.4 patch with markupsafe<2.1 constraints.
Ask flask library to release a 1.1.5 patch with adding markupsafe<2.1 dependency
Ask airflow library to upgrade their flask version to flask>=2.

Option 3 is probably what jinja2 maintainer is thinking about, but IMHO there will be so many other libraries which depends on flask<2, and the holistic effort for the migrations to flask v2 (I don’t know whether there’s a breaking changes introducedd) would be HUGE. Option 2 is the worst idea because it is adding a wrong dependency for a workaround.

I think Option 1 is the easiest and the simplest solution to the current situation. I know it is hard to keep releasing a older version of the library (e.g. tensorflow maintains their 1.x version), but that would greatly help the python community.

I sincerely beg jinja2 team to do a patch release. 🙇

+37

chongkong on Feb 22, 2022

You are using an unsupported version of Jinja, please update to the latest version if possible. Additionally, please read https://hynek.me/articles/semver-will-not-save-you/, then use a tool like pip-tools to pin your dependencies and control when you get updates. Be sure to run your tests with deprecation warnings treated as errors so that you get notified of these types of changes early.

+20

davidism on Feb 20, 2022

Jinja 2.x has not been supported for some time. Upgrade Jinja, and use something like pip-tools to pin your dependencies.

IMHO that is not reasonable at all. Many projects are still using Jinja 2 and the fix is easy.

+10

lasote on Feb 18, 2022

Edit: By the way, in my case, I develop conan, and I would need to fix versions from 1.0 to 1.43. If I have to do it, I’ll do it because I respect my users, I won’t ask them to pin markupsafe

That’s actually an end user application, not a library. IMHO it should be installed in an isolated venv where YOU control all the versions (= versions known to work fine with your application).

But for libraries strict pings are actually worse: Sure, in this particular case it’s an ImportError. But do you know how annoying it is if you are using a library and they pin the max version of some dependency, maybe unnecessarily, and you want to use that newer version or install something else that needs it? 😃 By letting the user pin transitive dependencies instead (and ideally use recent versions instead of ancient ones) they can decide whether they’re willing to install a newer version or not.

ThiefMaster on Feb 18, 2022

Now that we know that it is breaking all other libraries that are dependent on Jinja 2.x, including Flask 1.1.4, could we please pin the max version of MarkupSafe?

aditya-kar on Feb 18, 2022

Hi there! If you’re here to complain about how this broke your workflow, please see https://github.com/pallets/markupsafe/issues/286#issuecomment-1044491026.

pradyunsg on Feb 18, 2022

Flask uses Jinja2 v3.x. Not v2.x

ThiefMaster on Feb 18, 2022

Jinja is not dead. But old versions are unsupported, and people should pin all their dependencies if they rely on older versions (which is perfectly fine, but not without pinning deps).

ThiefMaster on Mar 1, 2022

Jinja 2.x has not been supported for some time. Upgrade Jinja, and use something like pip-tools to pin your dependencies.

This is a little bit awkward… Flask still uses Jinja2… 😯

gzamboni on Feb 18, 2022