Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Project dependencies may have API risk issues #1023

Open
PyDeps opened this issue Oct 27, 2022 · 0 comments
Open

Project dependencies may have API risk issues #1023

PyDeps opened this issue Oct 27, 2022 · 0 comments

Comments

@PyDeps
Copy link

PyDeps commented Oct 27, 2022

Hi, In nbviewer, inappropriate dependency versioning constraints can cause risks.

Below are the dependencies and version constraints that the project is using

anyio==3.5.0

argon2-cffi==21.3.0
argon2-cffi-bindings==21.2.0
asttokens==2.0.5
attrs==21.4.0
backcall==0.2.0
black==21.12b0
bleach==4.1.0
certifi==2021.10.8
cffi==1.15.0
click==8.0.3
decorator==5.1.1
defusedxml==0.7.1
elasticsearch==7.16.3
entrypoints==0.3
executing==0.8.2
idna==3.3
ipython==8.0.1
ipython-genutils==0.2.0
jedi==0.18.1
jinja2==3.0.3
jsonschema==4.4.0
jupyter-client==7.1.2
jupyter-core==4.9.1
jupyter-server==1.13.4
markdown==3.1.1
markupsafe==2.0.1
matplotlib-inline==0.1.3
mistune==0.8.4
mypy-extensions==0.4.3
nbconvert==5.6.1
nbformat==5.1.3
nest-asyncio==1.5.4
newrelic==7.4.0.172
packaging==21.3
pandocfilters==1.5.0
parso==0.8.3
pathspec==0.9.0
pexpect==4.8.0
pickleshare==0.7.5
platformdirs==2.4.1
prometheus-client==0.13.0
prompt-toolkit==3.0.26
ptyprocess==0.7.0
pure-eval==0.2.2
pycparser==2.21
pycurl==7.44.1
pygments==2.11.2
pylibmc==1.6.1
pyparsing==3.0.7
pyrsistent==0.18.1
python-dateutil==2.8.2
pyzmq==22.3.0
send2trash==1.8.0
six==1.16.0
sniffio==1.2.0
stack-data==0.1.4
statsd==3.3.0
terminado==0.13.1
testpath==0.5.0
tomli==1.2.3
tornado==6.1
traitlets==5.1.1
typing-extensions==4.0.1
urllib3==1.26.8
wcwidth==0.2.5
webencodings==0.5.1
websocket-client==1.2.3

The version constraint == will introduce the risk of dependency conflicts because the scope of dependencies is too strict.
The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.

After further analysis, in this project,
The version constraint of dependency elasticsearch can be changed to >=7.8.0a1,<=7.17.4.
The version constraint of dependency pylibmc can be changed to >=1.2.0,<=1.2.3.
The version constraint of dependency statsd can be changed to >=1.0.0,<=3.2.2.

The above modification suggestions can reduce the dependency conflicts as much as possible,
and introduce the latest version as much as possible without calling Error in the projects.

The invocation of the current project includes all the following methods.

The calling methods from the elasticsearch 
utils.quote
The calling methods from the pylibmc 
pylibmc.ThreadMappedPool
pylibmc.Client
The calling methods from the statsd 
statsd.StatsClient
The calling methods from the all methods 
self.parse_gist
self.request.request_time
re.match
NBViewer
os.unlink
traitlets.Dict.tag
elasticsearch.Elasticsearch
sh
self.pending.get
response.body.decode
render_pep440_post
less
json.loads.get
self._get_cached_response
requests.post
self.cache.incr
super.redirect
provider.rsplit.append
zlib.decompress
render
full_out.strip.strip
pieces.endswith
urllib.parse.urlparse
parts.append
versioneer.get_version
hashlib.sha1
utils.quote
traitlets.Set.tag
self._get
provider.rsplit
nb_archive_file.extractall
format.format
redirect_to_login
super.assertIn
tornado.curl_httpclient.curl_log.setLevel
kwargs.setdefault
self.load_config_file
mo.group.startswith
statsd.StatsClient
isinstance
pjoin
from_vcs_f.get
self.BINDER_PATH_TMPL.format
utils.base64_decode.decode
max
self.format_prefix.self.request.uri.replace.replace
asyncio.get_event_loop.time
uuid.uuid5
tornado.escape.url_escape
self.github_api_request
self.can_show
os.path.abspath
pickle.dumps
super
log
tcp_index.split.split
git_pieces_from_vcs.get
self.pending.pop
self.client.fetch.result
pylibmc.ThreadMappedPool
self.deliver_notebook
os.environ.get.Unicode.tag
_load_handler_from_location
url.rsplit.endswith
exc.response.body.decode
get_config_from_root
cell.metadata.slideshow.get
int
log_method
enumerate
feature.module.getattr
NotThisMethod
tornado.httpserver.HTTPServer
nbformat.reads
tarfile.TarFile.open
list.endswith
body.lower
min
github_rewrites.extend
line.startswith
os.path.split
path.rstrip.endswith
prompt.input.lower
tornado.log.app_log.warning
path.rstrip.rsplit
git_describe.rindex.endswith
tornado.web.Application
sys.path.pop
exporter_cls
self.request.headers.get.split
concurrent.futures.ThreadPoolExecutor
tornado.escape.url_unescape
cgi.parse_header
handler.request.request_time
os.getcwd
do_vcs_install
line.strip.split
msg.format
hashlib.md5
new_handlers.append
parent.split
providers.default_rewrites.Unicode.List.tag
tornado.curl_httpclient.CurlAsyncHTTPClient
request.url.encode
scan_setup_py
self.index.index_notebook
notebook_static
subprocess.check_call
self.request.uri.endswith
NotImplementedError
self.finish_notebook
f.read.hashlib.sha256.hexdigest
get_versions
jinja2.FileSystemLoader
os.environ.get.split
rewrite.format
params.strip
self.smart_fetch
handler.request.headers.get.encode
mimetypes.guess_type
datetime.datetime.utcnow.timestamp
tornado.log.app_log.info
self.render_usergists_template
self.mc_pool.reserve
ConfigParser.SafeConfigParser.has_option
urllib.robotparser.RobotFileParser.can_fetch
f.write
sys.exit
datetime.datetime.utcnow.strftime
json.loads
self.github_client.get_gists
asyncio.ensure_future
hasattr
tornado.httpclient.AsyncHTTPClient
str.startswith
kwargs.get
pieces.startswith
self.statsd.timer
os.path.basename
get_keywords
utils.EmptyClass
bower
os.path.relpath
distutils.command.sdist.sdist.run
asyncio.get_event_loop.run_in_executor
os.path.exists
env.globals.update
os.getenv
self.write_config_file
self.reraise_client_error
self.github_client.get_repos
ConfigParser.SafeConfigParser.get
file.startswith
request.url.split
json.load
value.strip
urllib.robotparser.RobotFileParser.parse
utils.url_path_join
self.get_notebook_data.startswith
ValueError
exc.response.request.url.split
tree_response.rethrow
os.path.splitext.endswith
os.path.normpath
map
self.loop.run_in_executor
super.assertNotIn
json.dumps
request.url.encode.hashlib.sha256.hexdigest
nb.get.get.get
git_describe.rindex.rindex
asyncio.Future
utils.response_text.splitlines
self.elasticsearch.index
self.client.fetch.add_done_callback
keywords.strip.startswith
ref_type.self.github_client.getattr
file.get
tuple
self.statsd.timer.start.stop
join
entries.extend
self.get_template.render
utils.clean_filename
self._cache_order.pop
line.strip
sorted
base64.decodebytes
HANDLERS.get.get
base64.encodebytes.decode
nb.get
client.AsyncGitHubClient
ratelimit.RateLimiter
datetime.datetime.utcfromtimestamp.isoformat
get_rate_limit
requests.get
hashlib.sha256
self._cache_order.remove
cls.server.terminate
traitlets.Int.tag
self.render_status_code_template
register_vcs_handler
asyncio.Future.set_result
setuptools.setup
traitlets.Unicode.tag
line.split
self.BINDER_TMPL.format
cx_Freeze.dist.build_exe.run
self.statsd.timer.start
can_auth.skipIf
url.rsplit
self.add_header
cache.MockCache
nb.get.get.get.strip
post_data
log.setLevel
get_versions.get
os.path.dirname
self.catch_client_error
self._cache_order.append
traitlets.Unicode
self.get_notebook_data
tornado.ioloop.IOLoop.current.start
os.path.isdir
re.search
open.close
meth
os.path.realpath
tornado.web.StaticFileHandler.get_content
utils.time_block
kwargs.pop
client.NBViewerAsyncHTTPClient
self.log.error
self.flush
self.frontpage_setup.get
traitlets.List
render_pep440
self.cache.get
pickle.loads
exc.response.request.url.split.startswith
self.filter_formats
VersioneerConfig
range
tcp_memcache.split.split
format_handlers
jinja2.Environment
self.render_index_template
self.set_status
os.path.normcase
stdout.decode.decode
exporter.from_notebook_node
exc.response.body.decode.strip
get_and_post
VersioneerBadRootError
open.readlines
self.breadcrumbs
utils.jupyter_info
FRONTPAGE_JSON.Unicode.tag
tornado.concurrent.Future
index.NoSearch
re.sub
s.encode.strip
self._cache_response
path.split
handler.get_status
html.escape
self.download
self.from_base
versioneer.get_cmdclass
len.startswith
list
urllib.robotparser.RobotFileParser.set_url
handler_location.rsplit
unittest.skipIf
self.request.path.rstrip
f.endswith
config_text.decode.decode
files.values
dirs.append
type
self.render_treelist_template
concurrent.futures.ProcessPoolExecutor
plus_or_dot
subprocess.check_output
open.write
HANDLERS.get
self.log.warning
base64.encodebytes
functools.lru_cache
traitlets.Int
write_to_version_file
tornado.web.HTTPError
breadcrumbs.append
providers.insert
get_keywords_f
asyncio.get_event_loop
re.match.groups
self.github_client.get_gist
super.client_error_message
utils.url_path_join.startswith
self.render_notebook_template
getattr
super.initialize
os.path.basename.replace
traitlets.default
cls.url
refnames.strip.split
set
self.github_client.fetch
render_git_describe
self.get_query_arguments
root.GITS.run_command.strip.strip
quote.split
get_keywords_f.strip
self.request.uri.replace
self.log.setLevel
property
providers.default_providers.Unicode.List.tag
utils.transform_ipynb_uri
self.get_template
self.truncate
ipynbs.sort
newrelic.agent.get_browser_timing_footer
time.time
get_root
path.rstrip.rstrip
requests.post.raise_for_status
subprocess.Popen
purl.path.split
self.request.headers.get
path.command.check_output.decode
sys.path.insert
self.configure_formats
val.split
self.github_client.get_repo
self.set_header
sys.exc_info
self.http_client.fetch
os.path.join
traitlets.Set.tag.add
get_keywords_f.get
io.open
input
os.stat
traitlets.Dict
len
get_encoding_from_headers
self._call_in_thread
subprocess.Popen.communicate
main
utils.url_path_join.extend
quoted.decode.decode
request.headers.get
self.fetch
notebook_url.encode.encode
utils.response_text
re.search.group
preflight
keywords.strip
git_versions_from_keywords
self.github_client.extract_tree_entry
walk_subpkg
ipynbs.append
self.request.headers.get.split.startswith
datetime.datetime.utcfromtimestamp
to_hash.hashlib.sha1.hexdigest
dirs.sort
invoke_first
self.github_client.get_contents
self.redirect
path.command.check_output.decode.splitlines
os.environ.get
os.path.splitext
keywords.strip.strip
distutils.command.build_py.build_py.run
self.authenticate
logging.getLogger
breadcrumbs.extend
utils.git_info
print
time.sleep
cache.AsyncMultipartMemcache
urllib.robotparser.RobotFileParser
setattr
get_config
gist_rewrites.extend
os.sep.join
key.strip
self.log.info
self.render_dirview_template
render_pep440_old
self.get_provider_rewrites
locals
user.rstrip
len.strip
os.walk
cache.DummyAsyncCache
self.exit
versions_from_file
data_files.append
tornado.escape.to_unicode
self.settings.setdefault
self.show_dir
asyncio.get_event_loop.add_timeout
tornado.log.app_log.debug
cls.wait_until_alive
headers.get
shutil.rmtree
nbviewer.log.info
files.append
cached_response.headers.get
self.client_error_message
self.cache.set
self.log.debug
self.refs
install_requires.append
run_command
self.github_client.get_tree
super.__init__
nbviewer.utils.url_path_join
self._cache.pop
handler.request.headers.get
traitlets.Any.tag
self.render_github_user_template
git_pieces_from_vcs
self.cache.add
f.read
self.client.fetch
files.keys
entries.append
rootdirs.append
set.add
self.set
date.strip.replace.replace
params.split
cache_headers.items
formats.default_formats.items
self.statsd.incr
self._cache.get
pylibmc.Client
_version.get_versions
self.settings.get
response.headers.get
urllib.parse.urlencode
from_vcs_f
pickle.loads.items
r.headers.get
self.file_get
ask.startswith
file.endswith
nbviewer.providers.github.client.AsyncGitHubClient
self.write
providers.provider_handlers
method
providers.provider_uri_rewrites
dict.update
root.GITS.run_command.strip
agent.encode.hashlib.md5.hexdigest
self.settings.get_template
str
distutils.log.info
ref.startswith
kw.update
urllib.parse.parse_qs
url.strip
newrelic.agent.get_browser_timing_header
handlers.init_handlers
do_setup
dict
http.client.responses.get
versions_from_parentdir
tempfile.mkdtemp
any
get
requests.post.json
ConfigParser.SafeConfigParser
tornado.httpserver.HTTPServer.listen
render_git_describe_long
self.formats.items
py2exe.build_exe.py2exe.run
key.sorted.decode
test
distutils.command.sdist.sdist.make_release_tree
ConfigParser.SafeConfigParser.readfp
traitlets.Bool.tag
cls.get_server_cmd
cmd.run
ctx.run
self.finish
os.path.basename.startswith
format
nb.get.get
self.tree_get
url.endswith
self._cache_order.index
self.init_tornado_application
open
utils.base64_decode
line.strip.startswith
part.startswith
self.get_argument
formats.default_formats
example_file_url.self.github_url.re.match.group
self.render_error_template
tornado.httpclient.HTTPError
tornado.httpclient.HTTPRequest
param.split
date.strip.replace
others.append
keywords.get
tornado.httputil.url_concat
render_pep440_pre
from_keywords_f
ask
traitlets.Set
open.read
p.communicate.strip
time.monotonic
self.render_template
self.get_cookie
tornado.log.app_log.error
self.log.warn
self.cache_and_finish
tornado.concurrent.Future.set_result
provider.rsplit.remove
traitlets.Bool
self.get_page_links
value.split
super.breadcrumbs
self.generate_config_file
self.get_notebook_data.split
urllib.parse.quote
tornado.escape.utf8
idx.key.encode
nbviewer.utils.time_block
quote
self.init_logging
cls.wait_until_dead
describe_out.strip.strip
get_params.items.items
s.encode.encode
traitlets.Any
json.dump
_load_provider_feature
os.listdir
self.key_for_handler
providers._load_handler_from_location
datetime.datetime.utcnow
__import__
urllib.parse.urlunparse
tornado.ioloop.IOLoop.current
self.rate_limiter.check
zlib.compress
cfg.versionfile_source.split
utils.parse_header_links
nbviewer.app.main
format.get

@developer
Could please help me check this issue?
May I pull a request to fix it?
Thank you very much.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@PyDeps