Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Project dependencies may have API risk issues #387

Open
PyDeps opened this issue Oct 25, 2022 · 0 comments
Open

Project dependencies may have API risk issues #387

PyDeps opened this issue Oct 25, 2022 · 0 comments

Comments

@PyDeps
Copy link

PyDeps commented Oct 25, 2022

Hi, In acitoolkit, inappropriate dependency versioning constraints can cause risks.

Below are the dependencies and version constraints that the project is using

requests
websocket-client>0.33.0
gitpython
flask-httpauth
flask-sqlalchemy
flask-admin
flask-bootstrap
flask-wtf
flask-cors
flask
pymysql
tabulate
py-radix
jsonschema
graphviz
ipaddress
deepdiff==3.3.0

The version constraint == will introduce the risk of dependency conflicts because the scope of dependencies is too strict.
The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.

After further analysis, in this project,
The version constraint of dependency requests can be changed to >=2.4.0,<=2.15.1.
The version constraint of dependency websocket-client can be changed to >=0.13.0,<=0.15.0.
The version constraint of dependency flask-admin can be changed to >=1.0.3,<=1.6.0.
The version constraint of dependency flask-wtf can be changed to >=0.9.0,<=0.15.1.
The version constraint of dependency flask-cors can be changed to >=1.7.0,<=3.0.10.
The version constraint of dependency tabulate can be changed to >=0.7.4,<=0.8.9.
The version constraint of dependency jsonschema can be changed to >=2.0.0,<=4.6.0.
The version constraint of dependency graphviz can be changed to >=0.3,<=0.20.
The version constraint of dependency ipaddress can be changed to >=1.0.3,<=1.0.23.

The above modification suggestions can reduce the dependency conflicts as much as possible,
and introduce the latest version as much as possible without calling Error in the projects.

The invocation of the current project includes all the following methods.

The calling methods from the requests 
requests.packages.urllib3.disable_warnings
requests.Session.post
requests.Response
requests.Session.get
urllib3.disable_warnings
requests.Session
The calling methods from the websocket-client 
websocket.create_connection
The calling methods from the flask-admin 
flask_admin.model.template.macro
flask_admin.expose
flask_admin.Admin.add_view
flask_admin.actions.action
flask_admin.AdminIndexView
The calling methods from the flask-wtf 
flask_wtf.CsrfProtect
The calling methods from the flask-cors 
flask_cors.CORS
The calling methods from the tabulate 
tabulate.tabulate
The calling methods from the jsonschema 
jsonschema.validate
The calling methods from the graphviz 
graphviz.Digraph
The calling methods from the ipaddress 
ipaddress.collapse_addresses
ipaddress.ip_address
ipaddress.ip_network

@developer
Could please help me check this issue?
May I pull a request to fix it?
Thank you very much.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@PyDeps