Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Project dependencies may have API risk issues #46

Closed
PyDeps opened this issue Oct 26, 2022 · 1 comment
Closed

Project dependencies may have API risk issues #46

PyDeps opened this issue Oct 26, 2022 · 1 comment

Comments

@PyDeps
Copy link

PyDeps commented Oct 26, 2022

Hi, In mftp, inappropriate dependency versioning constraints can cause risks.

Below are the dependencies and version constraints that the project is using

backports-abc==0.4
backports.ssl-match-hostname==3.4.0.2
beautifulsoup4==4.4.1
certifi==2015.11.20.1
docopt==0.4.0
futures==3.0.3
pymongo==3.4
requests==2.8.1
singledispatch==3.4.0.3
six==1.10.0
tornado==4.3
wheel==0.24.0
python-dotenv==0.5.1

The version constraint == will introduce the risk of dependency conflicts because the scope of dependencies is too strict.
The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.

After further analysis, in this project,
The version constraint of dependency pymongo can be changed to >=3.0,<=4.1.1.

The above modification suggestions can reduce the dependency conflicts as much as possible,
and introduce the latest version as much as possible without calling Error in the projects.

The invocation of the current project includes all the following methods.

The calling methods from the pymongo 
bson.json_util.loads
pymongo.MongoClient.get_default_database
pymongo.MongoClient.close
bson.json_util.dumps
pymongo.MongoClient
The calling methods from the all methods 
insert_from_file
further_defaulters.append
mc_old.get_default_database.notices.find
defaulters.append
start_database_export
pymongo.MongoClient.close
further_repeated.append
pymongo.MongoClient.get_default_database
open
mc_new.get_default_database.notices.insert
os.path.dirname
bson.json_util.dumps
pymongo.MongoClient
dotenv.load_dotenv
argparse.ArgumentParser.add_argument
bson.json_util.loads
argparse.ArgumentParser.add_mutually_exclusive_group
os.path.join
len
parser.add_mutually_exclusive_group.add_argument
f.write
argparse.ArgumentParser
argparse.ArgumentParser.parse_args
f.read
export_db
format
print
repeated_notices.append
insert_notice

@developer
Could please help me check this issue?
May I pull a request to fix it?
Thank you very much.
@proffapt
Copy link
Member

We won't be restraining such dependencies, i.e., will be generating requirements.txt manually (currently it's just 2 external modules and one of them is login module which I myself created and maintain).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@proffapt @PyDeps