[Bug]: Issues with project's dependencies
fpgmaas opened this issue · comments
Actual Behavior
There seem to be some issues with the project's dependencies. When running deptry, the following output is shown:
Assuming the corresponding module name of package 'backports-cached-property' is 'backports_cached_property'. Install the package or configure a package_module_name_map entry to override this behaviour.
Scanning 139 files...
openapi_core/contrib/starlette/requests.py:4:0: DEP003 'asgiref' imported but it is a transitive dependency
openapi_core/contrib/starlette/requests.py:5:0: DEP004 'starlette' imported but declared as a dev dependency
openapi_core/contrib/starlette/responses.py:2:0: DEP004 'starlette' imported but declared as a dev dependency
openapi_core/contrib/starlette/responses.py:3:0: DEP004 'starlette' imported but declared as a dev dependency
openapi_core/validation/schemas/factories.py:6:0: DEP003 'jsonschema' imported but it is a transitive dependency
openapi_core/validation/schemas/factories.py:7:0: DEP003 'jsonschema' imported but it is a transitive dependency
openapi_core/validation/schemas/validators.py:8:0: DEP003 'jsonschema' imported but it is a transitive dependency
openapi_core/validation/schemas/validators.py:9:0: DEP003 'jsonschema' imported but it is a transitive dependency
openapi_core/validation/schemas/validators.py:14:4: DEP001 'backports' imported but missing from the dependency definitions
openapi_core/validation/validators.py:12:4: DEP001 'backports' imported but missing from the dependency definitions
pyproject.toml: DEP002 'pathable' defined as a dependency but not used in the codebase
pyproject.toml: DEP002 'backports-cached-property' defined as a dependency but not used in the codebase
pyproject.toml: DEP002 'sphinx' defined as a dependency but not used in the codebase
pyproject.toml: DEP002 'sphinx-immaterial' defined as a dependency but not used in the codebase
Found 14 dependency issues.
For more information, see the documentation: https://fpgmaas.github.io/deptry/
The issues can be summarized as follows:
asgiref
is transitive, it should be explicitly defined as a dependency. Same forjsonschema
.starlette
is listed as a development dependency, but it should be listed as a regular dependency. From the Poetry documentation: "The dependencies specified for each extra must already be defined as project dependencies.".sphinx
andsphinx-material
should not be project dependencies, they are development dependencies.pathable
does not seem to be used, and can be removed from the project's dependencies.
Additionally, although not listed by deptry
, httpx
is a development dependency, it seems to only be used by starlette
's TestClient
. The reason deptry
does not list this issue is that httpx
is not listed in the project's dependencies, although it should be since it is included in the extras
section.
Expected Behavior
There should be no issues with the project's dependencies.
Steps to Reproduce
Install and run deptry .
OpenAPI Core Version
master
OpenAPI Core Integration
NA
Affected Area(s)
dependencies
References
NA
Anything else we need to know?
I opened two PR's. One that solves the issues and adds deptry
to CI/CD pipeline to prevent future issues from occuring in the future, and one that only solves the existing dependency issues.:
Please let me know your thoughts and feedback, happy to make changes to the proposed PR's if desired.
Disclaimer: I am the author of deptry. I see this as nice way to contribute to other projects while simultaneously testing deptry on a variety of projects and gather some feedback.
Would you like to implement a fix?
Yes