Project dependencies may have API risk issues

[PyDeps]

Hi, In Memacs, inappropriate dependency versioning constraints can cause risks.

Below are the dependencies and version constraints that the project is using

orgformat>=2019.11.6.1
batinfo
emoji
feedparser
geocoder
gpxpy
icalendar
Pillow
pylast
pytz
twython

The version constraint == will introduce the risk of dependency conflicts because the scope of dependencies is too strict.
The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.

After further analysis, in this project,
The version constraint of dependency batinfo can be changed to >=0.3,<=0.4.2.
The version constraint of dependency feedparser can be changed to >=6.0.0b1,<=6.0.10.
The version constraint of dependency geocoder can be changed to >=0.7.3,<=1.38.1.
The version constraint of dependency Pillow can be changed to ==9.2.0.
The version constraint of dependency Pillow can be changed to >=2.0.0,<=9.1.1.
The version constraint of dependency pylast can be changed to >=1.1.0,<=5.0.0.
The version constraint of dependency pytz can be changed to >=2011d,<=2013d.
The version constraint of dependency pytz can be changed to >=2011b,<=2022.1.
The version constraint of dependency twython can be changed to >=1.3,<=1.4.3.
The version constraint of dependency twython can be changed to >=1.4.5,<=2.7.3.
The version constraint of dependency twython can be changed to >=3.0.0,<=3.9.1.

The above modification suggestions can reduce the dependency conflicts as much as possible,
and introduce the latest version as much as possible without calling Error in the projects.

The invocation of the current project includes all the following methods.

The calling methods from the batinfo

batinfo.Batteries

The calling methods from the feedparser

feedparser.parse

The calling methods from the geocoder

geocoder.osm
geocoder.google

The calling methods from the Pillow

PIL.Image.open

The calling methods from the pylast

pylast.md5
pylast.LibreFMNetwork
pylast.LastFMNetwork

The calling methods from the pytz

pytz.timezone

The calling methods from the twython

twython.Twython

The calling methods from the all methods

next
orgformat.OrgFormat.parse_basic_iso_datetime
self.__grepauthor.strip
filename.os.path.basename.strip
self.get_line_from_stream.lstrip
m.group.strip
match.group
self._args.sender.split
generate_orgmodetimestamp
parse_csvfile
orgproperty.OrgProperties
urllib.request.urlopen.read
messageidcomponents.group.replace
open.close
logging.warn
ValueError
memacs.sms_superbackup.SmsSuperBackupMemacs.handle_main
memacs.sms.SmsMemacs.handle_main
os.path.getmtime
orgformat.OrgFormat.dhms_from_sec
line.os.path.basename.strip
traceback.format_exc
PIL.ExifTags.TAGS.get
pytz.timezone
self.__handle_autotagfile
string.lower.lower
self._args.output_format.decode
self._parse_data
memacs.twitter.Twitter
orgformat.OrgFormat.daterange_autodetect_time
data.split
logging.getLogger.addHandler
tempfile.mkstemp
memacs.lib.contactparser.parse_org_contact_file
setuptools.find_packages
self._args.output_format.decode.format
generate_orgmode_file_timestamp
self._handle_recent_tracks
Commit.get_output
exit
phone_components.group.strip.replace.replace.replace.replace
note.splitlines
reader.CommonReader.get_data_from_file
float
memacs.chrome.Chrome
self.__get_org_datetime_range
self.write
super._parser_add_arguments
datetime.datetime
self.__write_file
html.unescape
headers.split
main
self.__get_autotags
memacs.lib.memacs.Memacs._parser_parse_args
tag.str.strip
os.listdir
os.path.splitext
line.find.line.strip
logging.debug
orgformat.OrgFormat.newsgroup_link
BANKCODE_NAME_REGEX.match.group
csv.reader
itertools.chain
f.find
outputfile.write
self.get_sec
pylast.LastFMNetwork
imaplib.IMAP4_SSL.login
emoji.demojize
get_exif_datetime
e_last_opposite_occurrence.strftime
previous_current_next
PhonecallsSaxHandler
memacs.rss.RssMemacs.handle_main
format
self.__check_timestamp_correctness
self.__handle_folder
self._writer.write_org_subitem
self.__properties.items
p.source.lower
self._handle_row
self.delete
target.split.split
feedparser.parse
memacs.sms.SmsMemacs
self.__parse_ical_dt
len
setuptools.setup
orgproperty.OrgProperties.add_data_for_hashing
value.lower
fromcomponents.group.replace.replace
k.lower
email.utils.parsedate
html.parser.HTMLParser
self.__reset
encoding.codecs.getreader
self.get_timerange
self.__config_parser.get
image._getexif.items
parse_mbox
self.RE_ID_BATT.components.groups.strip
os.path.expanduser
datetime.datetime.timetuple
time.strftime
memacs.chrome.Chrome.handle_main
self.RE_ID_DATESTAMP.components.groups.strip
orgformat.OrgFormat.hms_from_sec
memacs.phonecalls.PhonecallsMemacs
DATESTAMP_REGEX.match.group
self.__parse_Plain.splitlines
check_if_days_in_timestamps_are_same
sqlite3.connect
memacs.lastfm.LastFM
filetimestampcomponents.str.zfill
self.__check_if_days_in_timestamps_are_same
fromcomponents.group.replace
rawline.strip
self.write_comment
re.compile.search
distutils.spawn.find_executable
self.__config_parser.read
self._args.identification_fields.split
RuntimeError
memacs.csv.Csv
memacs.photos.PhotosMemacs
self._handle_battery
subjectcomponents.group.replace.replace
memacs.ical.CalendarMemacs
memacs.phonecalls_superbackup.PhonecallsSuperBackupMemacs.handle_main
line.split
codecs.open.write
self.write_org_item
self.__handler.write
memacs.lib.memacs.Memacs._parser_add_arguments
map
memacs.lib.reader.UnicodeDictReader
codecs.getreader.close
re.compile
memacs.sms_superbackup.SmsSuperBackupMemacs
memacs.simplephonelogs.SimplePhoneLogsMemacs.handle_main
datetime.datetime.strftime
self.__init
memacs.gpx.GPX
Commit.add_body
join
extras_require.values
memacs.mu.MuMail
component.dt.astimezone
imaplib.IMAP4_SSL.select
re.match.groups
datetime.datetime.strptime
calendar.timegm
range
memacs.battery.Battery
exif_data_decoded.keys
imaplib.IMAP4_SSL
os.walk
logging.getLogger
re.search
orgformat.OrgFormat.apply_timedelta_to_org_timestamp
time.localtime
value.replace.decode
memacs.photos.PhotosMemacs.handle_main
email.header.decode_header
twython.Twython
self._handle_url
logging.FileHandler.setFormatter
self.read_log
logging.warning
codecs.open.read
longdescription.split.split
self.__get_writer_data
handle_logging
memacs.lib.reader.CommonReader.get_data_from_stdin.encode
time.mktime
memacs.lib.reader.CommonReader.get_data_from_file
memacs.phonecalls.PhonecallsMemacs.handle_main
imaplib.IMAP4_SSL.list
self.read_timestamp
SvnSaxHandler
orgformat.OrgFormat.mailto_link
self.EMOJI_ENCLOSING_CHARACTER.emoji.self.EMOJIS.self.EMOJI_ENCLOSING_CHARACTER.emoji.sms_body.replace.replace.replace
line.strip.strip
self.RE_ID_NAME.components.groups.strip
i.self.__msg.strip
self._generateOrgentry
self.__list_folders
betreff.replace.replace
self.format_timestamp
value.replace.replace
str.replace
f.endswith
component.get
tag.str.strip.upper
memacs.kodi.Kodi
line.replace
sys.exc_info
self.__vtext_to_unicode
super._parser_parse_args
configparser.ConfigParser.read
os.path.exists
logging.info
configparser.ConfigParser
self.read_properties
open.write
memacs.git.GitMemacs
memacs.lib.reader.UnicodeCsvReader
get_timestamp_from_file
self.__extract_days_and_times
time.strptime
self._get_config_option
properties.get_multiline_properties
e_last_opposite_occurrence.time.strftime
self.__create_mail_link
rawitem.strip
self.RE_ID_DATESTAMP.components.groups.strip.split
self.__handle_vcalendar
memacs.lib.orgproperty.OrgProperties.add
network.get_user.get_recent_tracks
os.path.isdir
geocoder.osm
attrs.strip.replace.replace.replace
io.StringIO
isinstance
icalendar.Calendar.from_ical.walk
self.__parse_Plain
self._numberdict.get
email.message_from_string.items
datetime.datetime.time
self.RE_ID_HOURS.components.groups.strip
datetime.time
list
sqlite3.connect.execute
memacs.imap.ImapMemacs.handle_main
write_output
self.read_properties.add
ret_data.append
memacs.gpx.GPX.handle_main
phone_components.group.strip
emoji.get_emoji_regexp
self.__write_footer
self.__set_author_timestamp
time.sleep
self.test_get_all.splitlines
component.to_ical.decode
self.__write_header
memacs.twitter.Twitter.handle_main
datetime.datetime.fromtimestamp
optparse.OptionParser.error
self.__add_arguments
arr.append
handle_filelist_line
Commit
prev_office_first_begin.strftime
locale.setlocale
self.add_argument
collections.OrderedDict
csv.DictReader
office_first_begin.timetuple
row.str.strip
str
icalendar.Calendar.from_ical
flags.find
self.__config_parser.items
self._is_ignored
payload_id.payload.get_payload
self.fallback_tz.localize
self.__author.strip
ret.replace.replace
self.__properties.keys
codecs.open.close
MailParser.get_value_or_empty_str
self._args.url.startswith
memacs.lib.reader.CommonReader.get_data_from_file.encode
self.__handle_intervals
rex.search.group
self._args.fieldnames.split
self.write_point
print
SmsSaxHandler
memacs.svn.SvnMemacs.handle_main
component.to_ical
self.writeln
pylast.md5
ng_list.append
self.__ignore_dir
self._args.output_format.format
item.split
phone_components.group.strip.replace.replace
components.group
longdescription.split.strip
open.readline
self.tracks_are_identical
self.__handler.close
memacs.lib.reader.CommonReader.get_data_from_stdin
self.RE_ID_UPTIME.components.groups.strip
Exception
orgproperty.OrgProperties.add
e_last_opposite_occurrence.date
email.message_from_string
memacs.whatsapp.WhatsApp
plain_mails.decode
self.__fetch_mails_and_write
codecs.getreader
subjectcomponents.group.replace
super
self.__additional_header_lines.split
self.__msg.splitlines
re.match.group
optparse.OptionParser.add_option
self._parser.parse_args
self.write_commentln
str.endswith
datetime.datetime.date
self.__compute_existing_id_list
dateutil.parser.parse
memacs.example.Foo
self.get_id
e_last_opposite_occurrence.time
self.__write_org_subitem
generate_orgmodeentry
FROM_REGEX.match.group
datetime.datetime.now
self._numberdict.keys
datetime.timedelta
os.path.basename
codecs.getreader.read
outputhandle.write
memacs.firefox.Firefox
argparse.ArgumentParser.parse_args
time.strip.strip
attrs.strip.replace.replace
prop.upper
memacs.simplephonelogs.SimplePhoneLogsMemacs
re.match
self.EMOJI_ENCLOSING_CHARACTER.emoji.self.EMOJIS.self.EMOJI_ENCLOSING_CHARACTER.emoji.sms_body.replace.replace
urllib.request.urlopen
memacs.svn.SvnMemacs
int
os.path.isfile
attrs.strip
row.self.read_timestamp.next_row.self.read_timestamp.total_seconds
imaplib.IMAP4_SSL.logout
x.strip
whitespace.line.upper
memacs.lib.orgproperty.OrgProperties
orgformat.OrgFormat.apply_timedelta_to_org_timestamp.strip
self._main
logging.FileHandler
re.compile.match
pylast.LibreFMNetwork
generate_output_line
properties.get_id
self._writer.close
self.get_timestamp
argparse.ArgumentParser.__init__
argparse.FileType
re.sub
memacs.arbtt.Arbtt.handle_main
optparse.OptionParser.parse_args
orgwriter.OrgOutputWriter
type
datetime.datetime.utcfromtimestamp
self.__get_item_data
self.__getTimestamp
self.test_get_all
notes.replace.replace
target.split.endswith
self.RE_ID_MINUTES.components.groups.strip
self.get_line_from_stream.strip
self.write_one_track
os.path.join
name.strip
PIL.Image.open
configparser.ConfigParser.items
self.__check_datestamp_correctness
Commit.add_header
self.__handle_vevent
memacs.rss.RssMemacs
orgformat.OrgFormat.link
dt_str.datetime.datetime.strptime.self.fallback_tz.localize.astimezone
hashlib.sha1
sys.exit
memacs.battery.Battery.handle_main
open
os.getenv
longdescription.split.startswith
get_timestamp_from_components
orgformat.OrgFormat.date
component.has_key
os.remove
Commit.is_empty
self.__append_org_subitem
self.__login_server
self.__format_tag
TIMESTAMP_REGEX.match.group
gpxpy.parse
logging.FileHandler.setLevel
email.message_from_string.get_payload
memacs.lib.orgproperty.OrgProperties.add_data_for_hashing
self._args.stop_actions.split
self._determine_opposite_eventname
self.get_value
command.append
self.__id_exists
self.__write
xml.sax.parseString
memacs.lib.reader.CommonReader.get_data_from_url
zip
self.track_is_paused
optparse.OptionParser
batinfo.Batteries
self.__parse_sample
payload_id.payload.get_params
bat.status.lower
loggingsettings.handle_logging
searchid.str.strip
attrs.get
memacs.filenametimestamps.FileNameTimeStamps.handle_main
self._args.properties.split
geocoder.google
twython.Twython.get_home_timeline
imaplib.IMAP4_SSL.uid
os.path.dirname
self.__time.strip
output.lstrip.lstrip
hasattr
value.str.strip
memacs.firefox.Firefox.handle_main
time.gmtime
self.get_line_from_stream.find
dayid.components.group.strip
str.find
dayid.components.group.strip.zfill
t.split
extract_timestamp_from_timestampcomponents
memacs.mu.MuMail.handle_main
found_id.strip.strip
self.error
message.split
extract_name_and_shortdescription
self._args.start_actions.split
codecs.open
MESSAGEID_REGEX.match.group
values.append
self.__properties.values
memacs.ical.CalendarMemacs.handle_main
traceback.format_exc.splitlines
re.findall
commits.append
self.__lower_autotag_dict
join.encode
memacs.arbtt.Arbtt
line.strip
self.add_data_for_hashing
filenamedatestampcomponents.groups
imghdr.what
self.get_line_from_stream.rstrip
json.dumps
self._parser_parse_args
join.splitlines
last_subject.last_message_id.filename.last_email.last_from.last_orgmodetimestamp.generate_output_line.strip
to_hash.encode.hashlib.sha1.hexdigest
self.__properties_multiline.keys
memacs.whatsapp.WhatsApp.handle_main
str.split
os.path.abspath
logging.basicConfig
phone_components.group.strip.replace
itertools.islice
memacs.example.Foo.handle_main
extract_datestamp_from_eventday
memacs.phonecalls_superbackup.PhonecallsSuperBackupMemacs
self.EMOJIS.keys
memacs.git.GitMemacs.handle_main
tags.append
target.split.capitalize
self.__parse_ical_dt.timetuple
self.__existing_ids.append
HEADERSTART_REGEX.match.group
self._args.sender.strip
self.__get_property_max_tag_width
self.reverse_geocode
orgformat.OrgFormat.strdate
self._parser.error
msg.get_payload.get_payload
self.handle_file
memacs.filenametimestamps.FileNameTimeStamps
SUBJECT_REGEX.match.group
self.get_line_from_stream
self.__autotag_dict.keys
self._writer.get_test_result
memacs.csv.Csv.handle_main
self.__handle_file
memacs.kodi.Kodi.handle_main
UTF8Recoder
msg.split
self._handle_message
memacs.lib.mailparser.MailParser.parse_message
pylast.LibreFMNetwork.get_user
self._parser.add_argument
self._parser_add_arguments
attrs.strip.replace
self.__properties.add
key.upper
messageidcomponents.group.replace.replace
memacs.lastfm.LastFM.handle_main
logging.error
any
PIL.Image.open._getexif
phone_components.group.strip.replace.replace.replace
logging.Formatter
itertools.tee
extract_known_datasets
datetime.datetime.total_seconds
attrs.strip.replace.replace.replace.replace
os.access
memacs.imap.ImapMemacs
configparser.ConfigParser.sections
subprocess.check_output
argparser.MemacsArgumentParser
prop.upper.strip
time.time

@developer
Could please help me check this issue?
May I pull a request to fix it?
Thank you very much.

[novoid]

Hi @PyDeps ,

I'm sorry, I can't follow your request.

The version constraint == will introduce the risk of dependency conflicts

However, there is no such constraint in the list you've cited.

The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.

True. However, not having an upper bound introduces the risk of not having the latest security bugfixes. I personally prefer bug and security fixes over API risk. Why do you prefer potentially open security issues and introducing upper bounds?

For the same reason, I don't understand why I should limit versions for batinfo and more you've provided. Furthermore, since many Memacs modules were contributed by others, I'm not able to decide or check any of those dependencies on my own.