urllib3-secure-extra

0.1.0 · maintenance · verified Sun Apr 12

urllib3-secure-extra is a marker library (version 0.1.0) designed to detect if the main urllib3 library was installed with its now-deprecated `[secure]` extra. It does not provide any direct functionality or APIs itself. Its presence indicates that a project or one of its dependencies is still relying on the deprecated `urllib3[secure]` installation method. This library has a single release and is not expected to have a regular release cadence, as its purpose is tied to the deprecation of a feature in `urllib3`.

Warnings

breaking The `urllib3[secure]` extra, which `urllib3-secure-extra` marks, is deprecated and has been removed in urllib3 2.0. Installing `urllib3[secure]` will result in errors or unexpected behavior with urllib3 2.x and newer.
Fix: Remove `[secure]` from your `urllib3` dependency specifications (e.g., in `requirements.txt`). Simply install `urllib3` without the extra. For specific SSL needs that were previously covered by `[secure]`, install `pyOpenSSL` and ensure `urllib3.contrib.pyopenssl` is correctly injected if truly required (though usually not necessary with modern Python and OpenSSL).
deprecated The `urllib3.contrib.pyopenssl` module was also deprecated alongside the `[secure]` extra. While it was later undeprecated, its direct use with `inject_into_urllib3()` should be reviewed.
Fix: For most modern Python environments (2.7.10+ and OpenSSL 1.1.1+), the `[secure]` extra and direct PyOpenSSL injection are no longer necessary for basic secure connections. Ensure your Python and OpenSSL versions are up-to-date. If PyOpenSSL is strictly required, manage its installation explicitly and use the `urllib3.contrib.pyopenssl` module directly if needed, understanding its implications.
gotcha This library is purely a marker. Its existence in your environment signifies a deprecated dependency in your project or its transitive dependencies. It does not provide any functionality to be imported or called.
Fix: Do not attempt to import or use `urllib3_secure_extra` in your code. Focus on identifying and updating the root cause: the `urllib3[secure]` dependency in your project or its dependencies.

Install

pip install urllib3-secure-extra Installation (for detection purposes only)

Quickstart

This quickstart demonstrates how to check for the presence of the `urllib3-secure-extra` marker package. It is crucial to understand that `urllib3-secure-extra` itself is not meant for direct interaction or API calls. Its installation serves as an indicator that the deprecated `urllib3[secure]` extra was installed, either directly or as a dependency of another package. The primary goal should be to remove the `[secure]` extra from your `urllib3` installations.

# urllib3-secure-extra is a marker package and does not expose any direct API for usage.
# Its presence is detected by package managers if urllib3[secure] was installed.
# To check if it's installed (indicating the deprecated extra was used somewhere):
try:
    import urllib3_secure_extra
    print("urllib3-secure-extra is installed. This means urllib3[secure] (deprecated) was used.")
except ImportError:
    print("urllib3-secure-extra is NOT installed. urllib3[secure] (deprecated) was likely not used directly.")

# The recommended approach is to ensure 'urllib3[secure]' is NOT installed.
# Instead, install 'urllib3' directly and manage SSL dependencies explicitly if needed.
# For example, ensure you have certifi and optionally pyOpenSSL/ndg-httpsclient/pyasn1 for specific use cases.

view raw JSON →