metakgp/mftp

Project dependencies may have API risk issues

PyDeps opened this issue · 1 comments

PyDeps commented

Hi, In mftp, inappropriate dependency versioning constraints can cause risks.

Below are the dependencies and version constraints that the project is using

backports-abc==0.4
backports.ssl-match-hostname==3.4.0.2
beautifulsoup4==4.4.1
certifi==2015.11.20.1
docopt==0.4.0
futures==3.0.3
pymongo==3.4
requests==2.8.1
singledispatch==3.4.0.3
six==1.10.0
tornado==4.3
wheel==0.24.0
python-dotenv==0.5.1

The version constraint == will introduce the risk of dependency conflicts because the scope of dependencies is too strict.
The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.

After further analysis, in this project,
The version constraint of dependency pymongo can be changed to >=3.0,<=4.1.1.

The above modification suggestions can reduce the dependency conflicts as much as possible,
and introduce the latest version as much as possible without calling Error in the projects.

The invocation of the current project includes all the following methods.

The calling methods from the pymongo 
bson.json_util.loads
pymongo.MongoClient.get_default_database
pymongo.MongoClient.close
bson.json_util.dumps
pymongo.MongoClient
The calling methods from the all methods 
insert_from_file
further_defaulters.append
mc_old.get_default_database.notices.find
defaulters.append
start_database_export
pymongo.MongoClient.close
further_repeated.append
pymongo.MongoClient.get_default_database
open
mc_new.get_default_database.notices.insert
os.path.dirname
bson.json_util.dumps
pymongo.MongoClient
dotenv.load_dotenv
argparse.ArgumentParser.add_argument
bson.json_util.loads
argparse.ArgumentParser.add_mutually_exclusive_group
os.path.join
len
parser.add_mutually_exclusive_group.add_argument
f.write
argparse.ArgumentParser
argparse.ArgumentParser.parse_args
f.read
export_db
format
print
repeated_notices.append
insert_notice

@developer
Could please help me check this issue?
May I pull a request to fix it?
Thank you very much.