Error in pip library

Question

Error in pip library

Visoff opened this issue a month ago · comments

I'm using (what pip says) the latest version of telebot(4.19.1) with python 3.11 and pip 24.0, but I was getting some strange errors related to message json parsing in types.py of telebot source, I went to github and pulled a copy to my machince, everything seemed to work fine, then I checked $path_to_python_venv/lib/..../telebot/types.py and found that at least on de_json function was different from what I've seen in github repo, it was de_json and init methods related to UsersShared class, starting at line 9135 of types.py file

Methods in github:

    @classmethod
    def de_json(cls, json_string):
        if json_string is None: return None
        obj = cls.check_json(json_string)
        obj['users'] = [SharedUser.de_json(user) for user in obj['users']]
        return cls(**obj)

    def __init__(self, request_id, users: List[SharedUser], **kwargs):
        self.request_id = request_id
        self.users = users

Methods in pip library:

    @classmethod
    def de_json(cls, json_string):
        if json_string is None: return None
        obj = cls.check_json(json_string)
        obj['user_ids'] = [SharedUser.de_json(user) for user in obj['user_ids']]
        return cls(**obj)

    def __init__(self, request_id, user_ids: List[SharedUser], **kwargs):
        self.request_id = request_id
        self.user_ids = user_ids

>_run · Answer 1 · Mon Jun 17 2024 03:06:46 GMT+0800 (China Standard Time)

This was probably a bug

Ilya · Answer 2 · Mon Jun 17 2024 03:10:06 GMT+0800 (China Standard Time)

Yeah, probably, but I ran into it even after reinstalling library and I was getting it even in docker container so it could be related to library configurations in pip registery. Also, this "bug" crashes the whole app if it sees message with shared_users and some dude could crash every telebot app by sending some person to the chat with it so it's quite dangerous

>_run · Answer 3 · Mon Jun 17 2024 03:12:18 GMT+0800 (China Standard Time)

You will need to install github version as told in the readme then, NOT using pip.
@Badiboy the recent version 4.19.1 does not contain the fix, does it?

Ilya · Answer 4 · Mon Jun 17 2024 03:19:19 GMT+0800 (China Standard Time)

The catch is that in this github repo in /telebot/version.py it says 4.19.1 and package version is also 4.19.1 but code is different.

And this version(from repo) contains the fix, it's fine, I modified my local library and it worked but the situation, where I could crash any telebot app scares me

>_run · Answer 5 · Mon Jun 17 2024 03:42:53 GMT+0800 (China Standard Time)

Only bots using users shared are affected, no? Seems like if you do not have a button to share users, you are not affected, so you will not be able to crash most of telebot bots.

>_run · Answer 6 · Mon Jun 17 2024 03:43:16 GMT+0800 (China Standard Time)

And it is not a catch.
Versions are updated before release.

Ilya · Answer 7 · Mon Jun 17 2024 03:48:03 GMT+0800 (China Standard Time)

Oh, I wrongly assumed that you are able to send this type of messages freely, like contacts...

So pip just lies to us like that? By displaying the version that is technically not released yet

Ilya · Answer 8 · Mon Jun 17 2024 03:54:55 GMT+0800 (China Standard Time)

Oh, I just found how version tracking actually works here

Tysm for your time, explanation and solution

Badiboy · Answer 9 · Mon Jun 17 2024 04:36:34 GMT+0800 (China Standard Time)

@Badiboy the recent version 4.19.1 does not contain the fix, does it?

It does not. SharedUsers were fixed later. I'll try to push 14.19.2 update.