Project dependencies may have API risk issues
PyDeps opened this issue · comments
Hi, In nbviewer, inappropriate dependency versioning constraints can cause risks.
Below are the dependencies and version constraints that the project is using
anyio==3.5.0
argon2-cffi==21.3.0
argon2-cffi-bindings==21.2.0
asttokens==2.0.5
attrs==21.4.0
backcall==0.2.0
black==21.12b0
bleach==4.1.0
certifi==2021.10.8
cffi==1.15.0
click==8.0.3
decorator==5.1.1
defusedxml==0.7.1
elasticsearch==7.16.3
entrypoints==0.3
executing==0.8.2
idna==3.3
ipython==8.0.1
ipython-genutils==0.2.0
jedi==0.18.1
jinja2==3.0.3
jsonschema==4.4.0
jupyter-client==7.1.2
jupyter-core==4.9.1
jupyter-server==1.13.4
markdown==3.1.1
markupsafe==2.0.1
matplotlib-inline==0.1.3
mistune==0.8.4
mypy-extensions==0.4.3
nbconvert==5.6.1
nbformat==5.1.3
nest-asyncio==1.5.4
newrelic==7.4.0.172
packaging==21.3
pandocfilters==1.5.0
parso==0.8.3
pathspec==0.9.0
pexpect==4.8.0
pickleshare==0.7.5
platformdirs==2.4.1
prometheus-client==0.13.0
prompt-toolkit==3.0.26
ptyprocess==0.7.0
pure-eval==0.2.2
pycparser==2.21
pycurl==7.44.1
pygments==2.11.2
pylibmc==1.6.1
pyparsing==3.0.7
pyrsistent==0.18.1
python-dateutil==2.8.2
pyzmq==22.3.0
send2trash==1.8.0
six==1.16.0
sniffio==1.2.0
stack-data==0.1.4
statsd==3.3.0
terminado==0.13.1
testpath==0.5.0
tomli==1.2.3
tornado==6.1
traitlets==5.1.1
typing-extensions==4.0.1
urllib3==1.26.8
wcwidth==0.2.5
webencodings==0.5.1
websocket-client==1.2.3
The version constraint == will introduce the risk of dependency conflicts because the scope of dependencies is too strict.
The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.
After further analysis, in this project,
The version constraint of dependency elasticsearch can be changed to >=7.8.0a1,<=7.17.4.
The version constraint of dependency pylibmc can be changed to >=1.2.0,<=1.2.3.
The version constraint of dependency statsd can be changed to >=1.0.0,<=3.2.2.
The above modification suggestions can reduce the dependency conflicts as much as possible,
and introduce the latest version as much as possible without calling Error in the projects.
The invocation of the current project includes all the following methods.
The calling methods from the elasticsearch
utils.quote
The calling methods from the pylibmc
pylibmc.ThreadMappedPool pylibmc.Client
The calling methods from the statsd
statsd.StatsClient
The calling methods from the all methods
self.parse_gist self.request.request_time re.match NBViewer os.unlink traitlets.Dict.tag elasticsearch.Elasticsearch sh self.pending.get response.body.decode render_pep440_post less json.loads.get self._get_cached_response requests.post self.cache.incr super.redirect provider.rsplit.append zlib.decompress render full_out.strip.strip pieces.endswith urllib.parse.urlparse parts.append versioneer.get_version hashlib.sha1 utils.quote traitlets.Set.tag self._get provider.rsplit nb_archive_file.extractall format.format redirect_to_login super.assertIn tornado.curl_httpclient.curl_log.setLevel kwargs.setdefault self.load_config_file mo.group.startswith statsd.StatsClient isinstance pjoin from_vcs_f.get self.BINDER_PATH_TMPL.format utils.base64_decode.decode max self.format_prefix.self.request.uri.replace.replace asyncio.get_event_loop.time uuid.uuid5 tornado.escape.url_escape self.github_api_request self.can_show os.path.abspath pickle.dumps super log tcp_index.split.split git_pieces_from_vcs.get self.pending.pop self.client.fetch.result pylibmc.ThreadMappedPool self.deliver_notebook os.environ.get.Unicode.tag _load_handler_from_location url.rsplit.endswith exc.response.body.decode get_config_from_root cell.metadata.slideshow.get int log_method enumerate feature.module.getattr NotThisMethod tornado.httpserver.HTTPServer nbformat.reads tarfile.TarFile.open list.endswith body.lower min github_rewrites.extend line.startswith os.path.split path.rstrip.endswith prompt.input.lower tornado.log.app_log.warning path.rstrip.rsplit git_describe.rindex.endswith tornado.web.Application sys.path.pop exporter_cls self.request.headers.get.split concurrent.futures.ThreadPoolExecutor tornado.escape.url_unescape cgi.parse_header handler.request.request_time os.getcwd do_vcs_install line.strip.split msg.format hashlib.md5 new_handlers.append parent.split providers.default_rewrites.Unicode.List.tag tornado.curl_httpclient.CurlAsyncHTTPClient request.url.encode scan_setup_py self.index.index_notebook notebook_static subprocess.check_call self.request.uri.endswith NotImplementedError self.finish_notebook f.read.hashlib.sha256.hexdigest get_versions jinja2.FileSystemLoader os.environ.get.split rewrite.format params.strip self.smart_fetch handler.request.headers.get.encode mimetypes.guess_type datetime.datetime.utcnow.timestamp tornado.log.app_log.info self.render_usergists_template self.mc_pool.reserve ConfigParser.SafeConfigParser.has_option urllib.robotparser.RobotFileParser.can_fetch f.write sys.exit datetime.datetime.utcnow.strftime json.loads self.github_client.get_gists asyncio.ensure_future hasattr tornado.httpclient.AsyncHTTPClient str.startswith kwargs.get pieces.startswith self.statsd.timer os.path.basename get_keywords utils.EmptyClass bower os.path.relpath distutils.command.sdist.sdist.run asyncio.get_event_loop.run_in_executor os.path.exists env.globals.update os.getenv self.write_config_file self.reraise_client_error self.github_client.get_repos ConfigParser.SafeConfigParser.get file.startswith request.url.split json.load value.strip urllib.robotparser.RobotFileParser.parse utils.url_path_join self.get_notebook_data.startswith ValueError exc.response.request.url.split tree_response.rethrow os.path.splitext.endswith os.path.normpath map self.loop.run_in_executor super.assertNotIn json.dumps request.url.encode.hashlib.sha256.hexdigest nb.get.get.get git_describe.rindex.rindex asyncio.Future utils.response_text.splitlines self.elasticsearch.index self.client.fetch.add_done_callback keywords.strip.startswith ref_type.self.github_client.getattr file.get tuple self.statsd.timer.start.stop join entries.extend self.get_template.render utils.clean_filename self._cache_order.pop line.strip sorted base64.decodebytes HANDLERS.get.get base64.encodebytes.decode nb.get client.AsyncGitHubClient ratelimit.RateLimiter datetime.datetime.utcfromtimestamp.isoformat get_rate_limit requests.get hashlib.sha256 self._cache_order.remove cls.server.terminate traitlets.Int.tag self.render_status_code_template register_vcs_handler asyncio.Future.set_result setuptools.setup traitlets.Unicode.tag line.split self.BINDER_TMPL.format cx_Freeze.dist.build_exe.run self.statsd.timer.start can_auth.skipIf url.rsplit self.add_header cache.MockCache nb.get.get.get.strip post_data log.setLevel get_versions.get os.path.dirname self.catch_client_error self._cache_order.append traitlets.Unicode self.get_notebook_data tornado.ioloop.IOLoop.current.start os.path.isdir re.search open.close meth os.path.realpath tornado.web.StaticFileHandler.get_content utils.time_block kwargs.pop client.NBViewerAsyncHTTPClient self.log.error self.flush self.frontpage_setup.get traitlets.List render_pep440 self.cache.get pickle.loads exc.response.request.url.split.startswith self.filter_formats VersioneerConfig range tcp_memcache.split.split format_handlers jinja2.Environment self.render_index_template self.set_status os.path.normcase stdout.decode.decode exporter.from_notebook_node exc.response.body.decode.strip get_and_post VersioneerBadRootError open.readlines self.breadcrumbs utils.jupyter_info FRONTPAGE_JSON.Unicode.tag tornado.concurrent.Future index.NoSearch re.sub s.encode.strip self._cache_response path.split handler.get_status html.escape self.download self.from_base versioneer.get_cmdclass len.startswith list urllib.robotparser.RobotFileParser.set_url handler_location.rsplit unittest.skipIf self.request.path.rstrip f.endswith config_text.decode.decode files.values dirs.append type self.render_treelist_template concurrent.futures.ProcessPoolExecutor plus_or_dot subprocess.check_output open.write HANDLERS.get self.log.warning base64.encodebytes functools.lru_cache traitlets.Int write_to_version_file tornado.web.HTTPError breadcrumbs.append providers.insert get_keywords_f asyncio.get_event_loop re.match.groups self.github_client.get_gist super.client_error_message utils.url_path_join.startswith self.render_notebook_template getattr super.initialize os.path.basename.replace traitlets.default cls.url refnames.strip.split set self.github_client.fetch render_git_describe self.get_query_arguments root.GITS.run_command.strip.strip quote.split get_keywords_f.strip self.request.uri.replace self.log.setLevel property providers.default_providers.Unicode.List.tag utils.transform_ipynb_uri self.get_template self.truncate ipynbs.sort newrelic.agent.get_browser_timing_footer time.time get_root path.rstrip.rstrip requests.post.raise_for_status subprocess.Popen purl.path.split self.request.headers.get path.command.check_output.decode sys.path.insert self.configure_formats val.split self.github_client.get_repo self.set_header sys.exc_info self.http_client.fetch os.path.join traitlets.Set.tag.add get_keywords_f.get io.open input os.stat traitlets.Dict len get_encoding_from_headers self._call_in_thread subprocess.Popen.communicate main utils.url_path_join.extend quoted.decode.decode request.headers.get self.fetch notebook_url.encode.encode utils.response_text re.search.group preflight keywords.strip git_versions_from_keywords self.github_client.extract_tree_entry walk_subpkg ipynbs.append self.request.headers.get.split.startswith datetime.datetime.utcfromtimestamp to_hash.hashlib.sha1.hexdigest dirs.sort invoke_first self.github_client.get_contents self.redirect path.command.check_output.decode.splitlines os.environ.get os.path.splitext keywords.strip.strip distutils.command.build_py.build_py.run self.authenticate logging.getLogger breadcrumbs.extend utils.git_info print time.sleep cache.AsyncMultipartMemcache urllib.robotparser.RobotFileParser setattr get_config gist_rewrites.extend os.sep.join key.strip self.log.info self.render_dirview_template render_pep440_old self.get_provider_rewrites locals user.rstrip len.strip os.walk cache.DummyAsyncCache self.exit versions_from_file data_files.append tornado.escape.to_unicode self.settings.setdefault self.show_dir asyncio.get_event_loop.add_timeout tornado.log.app_log.debug cls.wait_until_alive headers.get shutil.rmtree nbviewer.log.info files.append cached_response.headers.get self.client_error_message self.cache.set self.log.debug self.refs install_requires.append run_command self.github_client.get_tree super.__init__ nbviewer.utils.url_path_join self._cache.pop handler.request.headers.get traitlets.Any.tag self.render_github_user_template git_pieces_from_vcs self.cache.add f.read self.client.fetch files.keys entries.append rootdirs.append set.add self.set date.strip.replace.replace params.split cache_headers.items formats.default_formats.items self.statsd.incr self._cache.get pylibmc.Client _version.get_versions self.settings.get response.headers.get urllib.parse.urlencode from_vcs_f pickle.loads.items r.headers.get self.file_get ask.startswith file.endswith nbviewer.providers.github.client.AsyncGitHubClient self.write providers.provider_handlers method providers.provider_uri_rewrites dict.update root.GITS.run_command.strip agent.encode.hashlib.md5.hexdigest self.settings.get_template str distutils.log.info ref.startswith kw.update urllib.parse.parse_qs url.strip newrelic.agent.get_browser_timing_header handlers.init_handlers do_setup dict http.client.responses.get versions_from_parentdir tempfile.mkdtemp any get requests.post.json ConfigParser.SafeConfigParser tornado.httpserver.HTTPServer.listen render_git_describe_long self.formats.items py2exe.build_exe.py2exe.run key.sorted.decode test distutils.command.sdist.sdist.make_release_tree ConfigParser.SafeConfigParser.readfp traitlets.Bool.tag cls.get_server_cmd cmd.run ctx.run self.finish os.path.basename.startswith format nb.get.get self.tree_get url.endswith self._cache_order.index self.init_tornado_application open utils.base64_decode line.strip.startswith part.startswith self.get_argument formats.default_formats example_file_url.self.github_url.re.match.group self.render_error_template tornado.httpclient.HTTPError tornado.httpclient.HTTPRequest param.split date.strip.replace others.append keywords.get tornado.httputil.url_concat render_pep440_pre from_keywords_f ask traitlets.Set open.read p.communicate.strip time.monotonic self.render_template self.get_cookie tornado.log.app_log.error self.log.warn self.cache_and_finish tornado.concurrent.Future.set_result provider.rsplit.remove traitlets.Bool self.get_page_links value.split super.breadcrumbs self.generate_config_file self.get_notebook_data.split urllib.parse.quote tornado.escape.utf8 idx.key.encode nbviewer.utils.time_block quote self.init_logging cls.wait_until_dead describe_out.strip.strip get_params.items.items s.encode.encode traitlets.Any json.dump _load_provider_feature os.listdir self.key_for_handler providers._load_handler_from_location datetime.datetime.utcnow __import__ urllib.parse.urlunparse tornado.ioloop.IOLoop.current self.rate_limiter.check zlib.compress cfg.versionfile_source.split utils.parse_header_links nbviewer.app.main format.get
@developer
Could please help me check this issue?
May I pull a request to fix it?
Thank you very much.