yolov5-pip forced boto3 consumption invalidates py3.7-9 support

[lockwoodar]

Search before asking

• I have searched the YOLOv5 issues and found no similar bug report.

YOLOv5 Component

Other

Bug

Problem

yolov5-pip (v7.0.13 PyPi packaging) is currently forcing end-users to consume boto3, which brings in transitive updates to botocore that constrain urllib3 on python version <3.10 due to security updates. This functionally ends yolov5 support for python versions 3, 3.7-9 based on end-user environment configuration.

(e.g. yolov5 cannot be installed in a py3.9 environment that is also using gradio>=4.27.0, which introduces a urllib3~=2.0 security constraint)

Ask / Potential Solution

yolov5 can retroactively continue to support python <3.10 environments by vending an optional configuration that omits enforced consumption of AWS-CLI dependencies (e.g. pip install yolov5[no-aws-cli] while not disrupting downstream end-users that are expecting the enforced consumption).

Environment

n/a - reproducible environment cannot solve due to above problem (see reproduction section for example)

Minimal Reproducible Example

Create a minimal conda environment (or use another preferred venv)

conda create -n yolov5-env -c conda-forge python=3.9 pip

Install any dependency that has enforced secops pins on urllib3>=2.0

pip install gradio==4.27.0

Install yolov5

pip install yolov5

Example failure:

vision, thop, ultralytics, yolov5
  Attempting uninstall: urllib3
    Found existing installation: urllib3 2.2.3
    Uninstalling urllib3-2.2.3:
      Successfully uninstalled urllib3-2.2.3
  Attempting uninstall: idna
    Found existing installation: idna 3.8
    Uninstalling idna-3.8:
      Successfully uninstalled idna-3.8
ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
gradio 4.27.0 requires urllib3~=2.0, but you have urllib3 1.26.20 which is incompatible.

Additional

No response

Are you willing to submit a PR?

• Yes I'd like to help by submitting a PR!

[UltralyticsAssistant]

👋 Hello @lockwoodar, thank you for bringing this to our attention 🚀! This is an automated response, and an Ultralytics engineer will assist you soon.

It looks like you're experiencing a compatibility issue with boto3 dependencies and Python environments below version 3.10 due to security constraints with urllib3. Let's go through potential solutions and some helpful practices:

Solution for boto3 Dependency Issue

As a workaround, you can attempt to create a custom environment without enforced AWS-CLI dependencies:

1. Set up your environment:

   conda create -n yolov5-env -c conda-forge python=3.9 pip
   conda activate yolov5-env

2. Install gradio or any other dependency:

   pip install gradio==4.27.0

3. Install yolov5 without boto3:
   Unfortunately, the capability to conditionally exclude packages like boto3 directly through pip options does not currently exist in yolov5, but we acknowledge the need for such a feature. A feasible workaround is to manually edit the requirements file before installation or create a new file excluding AWS packages.

Installation Best Practices

• Always use a separate virtual environment for installing yolov5 to avoid dependency conflicts.
• If issues arise during installation, check the version constraints for all packages involved.
• We recommend maintaining up-to-date environments and dependencies using:

  pip install --upgrade <package_name>

Future Steps

• We will consider introducing an optional installation tag (e.g., no-aws-cli) in future releases to better manage such dependencies.

📖 For more detailed setup instructions, please visit:

• YOLOv5 Repository
• YOLOv5 Documentation

Stay tuned for support from our engineers, and thank you for your contribution by offering to submit a PR! Your initiative is appreciated and helps improve the project for everyone 🎉.