Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Project dependencies may have API risk issues #366

Open
PyDeps opened this issue Jul 15, 2022 · 0 comments
Open

Project dependencies may have API risk issues #366

PyDeps opened this issue Jul 15, 2022 · 0 comments

Comments

@PyDeps
Copy link

PyDeps commented Jul 15, 2022

Hi, In grip, inappropriate dependency versioning constraints can cause risks.

Below are the dependencies and version constraints that the project is using

docopt>=0.4.0
Flask>=0.10.1
Markdown>=2.5.1
path-and-address>=2.0.1
Pygments>=1.6
requests>=2.4.1
Werkzeug>=0.7

The version constraint == will introduce the risk of dependency conflicts because the scope of dependencies is too strict.
The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.

After further analysis, in this project,
The version constraint of dependency Flask can be changed to >=0.10,<=0.12.5.

The above modification suggestions can reduce the dependency conflicts as much as possible,
and introduce the latest version as much as possible without calling Error in the projects.

The invocation of the current project includes all the following methods.

The calling methods from the Flask 
json.dumps
json.loads
The calling methods from the all methods 
self.StdinReaderMock.super.__init__
self.Grip.super.__init__
ValueError
re.findall
self.GitHubAssetManager.super.__init__
mimetype.startswith
response.data.decode
self.OfflineRenderer.super.__init__
self.reader.last_updated
renderer.render
self.StdinReader.super.read
app.run
open
sys.stdin.read
self.errorhandler
doctest.testmod
GitHubRenderer.AUTH.zero.GripMock.render
hasattr
self.read_stdin
url.rsplit.rsplit
docopt
request.args.get
StdinReader
USER_CONTEXT.GitHubRenderer.AUTH.simple.GripMock.render
os.path.exists
render_page
self.reader.read
TypeError
STYLE_ASSET_URLS_SUB_FORMAT.format
patch
s.connect_ex
grip_class
m.group
cls.__dict__.copy
self.add_url_rule
filename.io.open.write
text.encode
os.path.normpath
url.split
gen
data.decode
self.before_request
write
join
cache_directory.format
metaclass
sock.bind
GitHubRenderer
ReadmeNotFoundError
self.config.from_object
self.reader.filename_for
base64.b64encode
Thread
markdown.util.etree.Element
export
urls.extend
os.environ.get
StdinReader.grip_class.clear_cache
self.Grip.super.run
os.path.getmtime
requests.auth.HTTPBasicAuth
asset64_bytes.decode
USER_CONTEXT.GitHubRenderer.AUTH.zero.GripMock.render
self.reader.mimetype_for
shutdown_event.is_set
cancel_event.is_set
requests.post
self._strip_url_params
__doc__.split
self.mimetype_for
path.DirectoryReader.filename_for
GitHubAssetManagerMock
self._inline_styles
Grip
self.style_urls.extend
self.default_renderer
self._authenticate
re.sub
os.path.isdir
self._download
format_exc
AUTH.zero.GripMock.render
add_metaclass
requests.Request
self.GitHubRenderer.super.__init__
self._redirect_to_subpath
self._read_text
is_server_running
self._get_cached_style_urls
GitHubAssetManager
browser_thread.start
INCOMPLETE_TASK_RE.sub
getpass
super
AlreadyRunningError
posixpath.basename
urlparse
self.reader.is_binary
posixpath.join
UrlizeExtension
os.listdir
self._resolve_readme
send_from_directory
GripMock
regenerate_app
os.makedirs
self._to_data_url
HEADER_PATCH_RE.sub
read.splitlines
GitHubRenderer.AUTH.gfm_test.GripMock.render
json.dumps
output_filename
self.DirectoryReader.super.__init__
payload.get
str
regenerate
isinstance
self._read_binary
asset_url_path.rstrip
self.TextReader.super.__init__
s.close
url.startswith
UrlizePattern
mimetypes.guess_type
self._output_for
read
logging.getLogger
input_filename
COMPLETE_TASK_RE.sub
os.path.dirname
self._get_style_urls
self.is_binary
url.rsplit
DirectoryReader
subpath.lstrip
USER_CONTEXT.GitHubRenderer.AUTH.gfm_test.GripMock.render
styles.append
socket.socket
setup
log.setLevel
sock.getsockname
bool
self._cache_contents
self.ReadmeRenderer.super.__init__
input_file
grip_class.quiet.text.title.api_url.render_inline.render_wide.render_offline.password.username.context.user_content.path.create_app.render
AUTH.gfm_test.GripMock.render
safe_join
self.GitHubAssetManagerMock.super.cache_filename
self.add_callback
mimetypes.add_type
print
url_for
start_browser_when_ready
sys.path.insert
GitHubRenderer.render
render_template
regenerate_renderer
self.default_asset_manager
start_browser
asset_url_path.endswith
el.set
self.renderer.render
redirect
os.path.splitext
self.assets.cache_filename
type
resolve
self.cache_filename
TextReader
regenerate_raw
threading.Lock
grip_url.rstrip
self.auth.requests.auth.HTTPBasicAuth
self.assets.styles.extend
self.ReadmeAssetManager.super.__init__
clear_cache
regenerate_exporter
asset_urls.append
self.add_content_types
threading.Event
USER_CONTEXT.GitHubRenderer.render
sys.setdefaultencoding
wait_for_server
repr
contents.encode
format
abort
self.readme_for
self.assets.clear
orig_vars.pop
self._decode_body
AUTH.simple.GripMock.render
os.path.abspath
markdown.markdown
re.compile
self.reader.normalize_subpath
self._find_file
self._shutdown_event.set
webbrowser.open
self.assets.retrieve_styles
kwargs.pop
output_file
self.ReadmeReader.super.__init__
GitHubRenderer.AUTH.simple.GripMock.render
urljoin
self.GitHubAssetManagerMock.super.__init__
r.raw.read
self.ReadmeNotFoundError.super.__init__
Response
create_app
os.path.expanduser
self.GitHubRequestsMock.super.__init__
time.sleep
main
style.endswith
self._get_styles
posixpath.normpath
os.path.join
reload
self.StdinReader.super.__init__
json.loads
request.body.decode
browser_thread.join
STYLE_ASSET_URLS_INLINE_FORMAT.format
r.raise_for_status
orig_vars.get
shutil.rmtree
find_packages
split_address
c.get
OfflineRenderer
os.path.relpath
NotFound
r.mimetype_params.get
requests.get
serve
text.decode
self.test_client
f.read
sock.close
match.group
markdown.util.AtomicString
f.write
io.open
werkzeug.utils.safe_join
list
data.json.dumps.encode
self.config.from_pyfile

@swsnider
Could please help me check this issue?
May I pull a request to fix it?
Thank you very much.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@PyDeps