[py] Remove type stub packages from runtime dependencies

[cgoldberg]

User description

🔗 Related Issues

Fixes #16943
Related to ##16837

💥 What does this PR do?

This PR removes the type stub packages for trio/urllib3/certifi from runtime dependencies and leaves them as dev dependencies like they were previous to 4.40 release. These aren't really needed by end users and they shouldn't be required to install them.

This also removes types-urllib3 completely since they provide inline type hints.

🔄 Types of changes

• Bug fix (backwards compatible)

---

PR Type

Bug fix

---

Description

• Remove type stub packages from runtime dependencies

• Move trio-typing, types-certifi, types-urllib3 to dev only

• Reduce unnecessary dependencies for end users

---

Diagram Walkthrough

flowchart LR
  A["Runtime Dependencies"] -->|Remove| B["trio-typing"]
  A -->|Remove| C["types-certifi"]
  A -->|Remove| D["types-urllib3"]
  B --> E["Dev Dependencies Only"]
  C --> E
  D --> E

Loading

File Walkthrough

Relevant files

Bug fix

BUILD.bazel Remove type stub packages from wheel dependencies                py/BUILD.bazel Removed trio-typing>=0.10.0 from requires list Removed types-certifi>=2021.10.8.3 from requires list Removed types-urllib3>=1.26.25.14 from requires list Kept core runtime dependencies intact +0/-3      pyproject.toml Remove type stub packages from project dependencies            py/pyproject.toml Removed trio-typing>=0.10.0 from dependencies Removed types-certifi>=2021.10.8.3 from dependencies Removed types-urllib3>=1.26.25.14 from dependencies Maintained all other core runtime dependencies +0/-3

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[liudonggalaxy]

Hi, urllib3==2.6.3 conflicts with types-urllib3==1.26.25.14. Would it be possible to publish a new release sooner? Thank you!

[cgoldberg]

@liudonggalaxy those don't conflict

[liudonggalaxy]

@liudonggalaxy those don't conflict

Thank you for the quick response.

urllib3==2.6.3 introduces the backoff_jitter parameter in the Retry class. This attribute is not in types-urllib3==1.26.25.14. We need to explicitly ignore it in the code like this:

Retry(
    # Workaround for types-urllib3 incompatibility
    backoff_jitter=backoff_jitter,  # type: ignore[call-arg,unused-ignore]
    backoff_max=backoff_max,        # type: ignore[call-arg,unused-ignore]
)

[cgoldberg]

types-urllib3 has a already been removed as a dependency. This will be in the next release. If this is affecting you now, pin to the last selenium version or uninstall types-urllib3 after you install selenium.