Virtualenv gets wrong versions dependencies installed

Hi everybody,

I have setup privacyidea (3.6.2) in a new virtualenv on Debian 11 (python 3.9) (I have run the same test on Debian 10 (Python 3.7) with the same results).
After “pip install privacyidea” in the venv the application does not start.
After tests with different versions of dependent python packages it turned out that the privacyidea package does not require fixed versions of it dependencies and therefore it installs latest of everything.

install_requires = [ ... lot packages ...
                    ... lot packages ...]

This results in:

  • Flask 2.0.1
  • Flask-Migrate 3.1.0
  • Flask-Scripts 2.0.6
  • Werkzeug 2.0.1

In contrast in requirements.txt specific and proper versions are listed:


The installed result from makes the WebUI fail to start, whereas the list in requirements.txt leads to a working setup.

Is this a bug in or is there another reason for the current content of install_requires list?

This is the intended behaviour.
Please read:

Thanks for the quick and clear response!