I would normally install a Python repository from Github using (for example):
pip install git+git://github.com/Artory/drf-hal-json@master
And concordantly, my "requirements.txt" would have git+git://github.com/Artory/drf-hal-json@master in it somewhere.
This failed today. The full traceback is below, but the relevant part is:
The unauthenticated git protocol on port 9418 is no longer supported.
Thanks Microsoft. The traceback points to this link about the update. Most of the page at the link talks about how the update is unlikely to affect many people (thanks again Microsoft), and the rest of it involves cryptography that I'm far too noob to understand. The section titled "git://" simply reads:
On the Git protocol side, unencrypted git:// offers no integrity or authentication, making it subject to tampering. We expect very few people are still using this protocol, especially given that you can’t push (it’s read-only on GitHub). We’ll be disabling support for this protocol.
This doesn't help me understand how to update my requirements.txt to make it work again. Can you tell me how to update my requirements.txt to make it work again? Full traceback below:
(venv) neil~/Documents/Code/web_app$ pip install git+git://github.com/Artory/drf-hal-json@master
Collecting git+git://github.com/Artory/drf-hal-json@master
Cloning git://github.com/Artory/drf-hal-json (to revision master) to /tmp/pip-req-build-zowfe130
Running command git clone -q git://github.com/Artory/drf-hal-json /tmp/pip-req-build-zowfe130
fatal: remote error:
The unauthenticated git protocol on port 9418 is no longer supported.
Please see https://github.blog/2021-09-01-improving-git-protocol-security-github/ for more information.
WARNING: Discarding git+git://github.com/Artory/drf-hal-json@master. Command errored out with exit status 128: git clone -q git://github.com/Artory/drf-hal-json /tmp/pip-req-build-zowfe130 Check the logs for full command output.
ERROR: Command errored out with exit status 128: git clone -q git://github.com/Artory/drf-hal-json /tmp/pip-req-build-zowfe130 Check the logs for full command output.
WARNING: You are using pip version 21.2.4; however, version 22.0.4 is available.
You should consider upgrading via the '/home/neil/Documents/Code/web_app/venv/bin/python -m pip install --upgrade pip' command.
In the URL you give to pip, the git+git says to access a Git repository (the first git) over the unauthenticated git protocol (the second git). Assuming you want to continue to use anonymous access here, you can simply rewrite the command to use git+https instead, which access a Git repository over the secure HTTPS protocol.
So your command would look like this:
$ pip install git+https://github.com/Artory/drf-hal-json@master
I just tested in a VM, and that appears to work. If you have other such URLs, changing the same way should be effective.