[Bug]: Issues with project's dependencies

[fpgmaas]

Actual Behavior

There seem to be some issues with the project's dependencies. When running deptry, the following output is shown:

Assuming the corresponding module name of package 'backports-cached-property' is 'backports_cached_property'. Install the package or configure a package_module_name_map entry to override this behaviour.
Scanning 139 files...

openapi_core/contrib/starlette/requests.py:4:0: DEP003 'asgiref' imported but it is a transitive dependency
openapi_core/contrib/starlette/requests.py:5:0: DEP004 'starlette' imported but declared as a dev dependency
openapi_core/contrib/starlette/responses.py:2:0: DEP004 'starlette' imported but declared as a dev dependency
openapi_core/contrib/starlette/responses.py:3:0: DEP004 'starlette' imported but declared as a dev dependency
openapi_core/validation/schemas/factories.py:6:0: DEP003 'jsonschema' imported but it is a transitive dependency
openapi_core/validation/schemas/factories.py:7:0: DEP003 'jsonschema' imported but it is a transitive dependency
openapi_core/validation/schemas/validators.py:8:0: DEP003 'jsonschema' imported but it is a transitive dependency
openapi_core/validation/schemas/validators.py:9:0: DEP003 'jsonschema' imported but it is a transitive dependency
openapi_core/validation/schemas/validators.py:14:4: DEP001 'backports' imported but missing from the dependency definitions
openapi_core/validation/validators.py:12:4: DEP001 'backports' imported but missing from the dependency definitions
pyproject.toml: DEP002 'pathable' defined as a dependency but not used in the codebase
pyproject.toml: DEP002 'backports-cached-property' defined as a dependency but not used in the codebase
pyproject.toml: DEP002 'sphinx' defined as a dependency but not used in the codebase
pyproject.toml: DEP002 'sphinx-immaterial' defined as a dependency but not used in the codebase
Found 14 dependency issues.

For more information, see the documentation: https://fpgmaas.github.io/deptry/

The issues can be summarized as follows:

• asgiref is transitive, it should be explicitly defined as a dependency. Same for jsonschema.
• starlette is listed as a development dependency, but it should be listed as a regular dependency. From the Poetry documentation: "The dependencies specified for each extra must already be defined as project dependencies.".
• sphinx and sphinx-material should not be project dependencies, they are development dependencies.
• pathable does not seem to be used, and can be removed from the project's dependencies.

Additionally, although not listed by deptry, httpx is a development dependency, it seems to only be used by starlette's TestClient. The reason deptry does not list this issue is that httpx is not listed in the project's dependencies, although it should be since it is included in the extras section.

Expected Behavior

There should be no issues with the project's dependencies.

Steps to Reproduce

Install and run deptry .

OpenAPI Core Version

master

OpenAPI Core Integration

NA

Affected Area(s)

dependencies

References

NA

Anything else we need to know?

I opened two PR's. One that solves the issues and adds deptry to CI/CD pipeline to prevent future issues from occuring in the future, and one that only solves the existing dependency issues.:

• Fix dependency issues and add deptry to CI/CD pipeline #575
• Fix dependencies without adding deptry to CI/CD pipeline #576

Please let me know your thoughts and feedback, happy to make changes to the proposed PR's if desired.

Disclaimer: I am the author of deptry. I see this as nice way to contribute to other projects while simultaneously testing deptry on a variety of projects and gather some feedback.

Would you like to implement a fix?

Yes

[p1c2u]

@fpgmaas thank you for the report and for your deptry tool. It's very helpful and I will definitely use it in other projects.