From e3281d7d261ee533818ae1638014295bbb4b98af Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <richard@matrix.org>
Date: Fri, 3 May 2019 18:30:13 +0100
Subject: [PATCH] pin urllib3 to <1.25

---
 synapse/python_dependencies.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
index f71e21ff4d..c75119a030 100644
--- a/synapse/python_dependencies.py
+++ b/synapse/python_dependencies.py
@@ -69,6 +69,14 @@ REQUIREMENTS = [
     "attrs>=17.4.0",
 
     "netaddr>=0.7.18",
+
+    # requests is a transitive dep of treq, and urlib3 is a transitive dep
+    # of requests, as well as of sentry-sdk.
+    #
+    # As of requests 2.21, requests does not yet support urllib3 1.25.
+    # (If we do not pin it here, pip will give us the latest urllib3
+    # due to the dep via sentry-sdk.)
+    "urllib3<1.25",
 ]
 
 CONDITIONAL_REQUIREMENTS = {
-- 
GitLab