Project dependencies may have API risk issues
PyDeps opened this issue · 1 comments
Hi, In miflora-mqtt-daemon, inappropriate dependency versioning constraints can cause risks.
Below are the dependencies and version constraints that the project is using
miflora==0.7.2
bluepy==1.3.0
btlewrap==0.0.10
paho-mqtt==1.4.0
wheel==0.29.0
sdnotify==0.3.1
colorama==0.3.9
Unidecode==0.4.21
The version constraint == will introduce the risk of dependency conflicts because the scope of dependencies is too strict.
The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.
After further analysis, in this project,
The version constraint of dependency colorama can be changed to ==0.1.
The version constraint of dependency colorama can be changed to >=0.1.3,<=0.1.6.
The version constraint of dependency colorama can be changed to ==0.1.10.
The version constraint of dependency colorama can be changed to >=0.1.13,<=0.1.14.
The version constraint of dependency colorama can be changed to >=0.1.16,<=0.4.5.
The version constraint of dependency Unidecode can be changed to >=0.04.1,<=0.04.18.
The above modification suggestions can reduce the dependency conflicts as much as possible,
and introduce the latest version as much as possible without calling Error in the projects.
The invocation of the current project includes all the following methods.
The calling methods from the colorama
colorama.init
The calling methods from the Unidecode
unidecode.unidecode
The calling methods from the all methods
configparser.ConfigParser.getboolean miflora.miflora_poller.MiFloraPoller.parameter_value argparse.ArgumentParser.add_argument sdnotify.SystemdNotifier.notify collections.OrderedDict.disconnect paho.mqtt.client.connack_string collections.OrderedDict.reconnect str time.strftime collections.OrderedDict.fill_cache dict time.localtime format json.dumps paho.mqtt.client.Client os.path.join os.environ.get time.time configparser.ConfigParser.get miflora.miflora_poller.MiFloraPoller.name collections.OrderedDict.tls_set os._exit collections.OrderedDict.publish clean_identifier collections.OrderedDict.loop_start configparser.ConfigParser.read_file collections.OrderedDict.connect NameError colorama.init unidecode.unidecode collections.OrderedDict.will_set configparser.ConfigParser.items collections.OrderedDict.username_pw_set print flora_poller.firmware_version.replace sensor.title configparser.ConfigParser collections.OrderedDict flora_name.lower.mqtt_client.publish default_base_topic.config.get.lower open signal.signal name.strip flora_name.lower.mqtt_client.will_set unidecode.unidecode.replace re.match name.split time.sleep collections.OrderedDict.items flora_name.lower.mqtt_client.loop_start argparse.ArgumentParser.parse_args configparser.ConfigParser.getint print_line collections.OrderedDict.parameter_value flora_name.lower.mqtt_client.tls_set len sdnotify.SystemdNotifier flora.lower.replace flora_name.lower.mqtt_client.username_pw_set round flora_name.lower.mqtt_client.connect mac.lower argparse.ArgumentParser miflora.miflora_poller.MiFloraPoller.firmware_version miflora.miflora_poller.MiFloraPoller collections.OrderedDict.lower miflora.miflora_poller.MiFloraPoller.fill_cache int sys.exit flora_name.lower
@developer
Could please help me check this issue?
May I pull a request to fix it?
Thank you very much.
Hello,
agreed, the current dependencies are not well captured. I would welcome a contribution that fixes that for all dependencies (execpt for "miflora", which needs to be checked for changes manually).
Cheers