MoGuDing-Auto icon indicating copy to clipboard operation
MoGuDing-Auto copied to clipboard

Published 20 hours ago verified publisher icon leifengwl

Project dependencies may have API risk issues

Open PyDeps opened this issue 2 years ago • 0 comments

Hi, In MoGuDing-Auto, inappropriate dependency versioning constraints can cause risks.

Below are the dependencies and version constraints that the project is using

datetime
pytz
requests
urllib3
markdown

The version constraint == will introduce the risk of dependency conflicts because the scope of dependencies is too strict. The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.

After further analysis, in this project, The version constraint of dependency pytz can be changed to >=2011d,<=2013d. The version constraint of dependency pytz can be changed to >=2011b,<=2022.1. The version constraint of dependency requests can be changed to >=2.4.0,<=2.15.1. The version constraint of dependency urllib3 can be changed to >=1.9,<=1.26.9. The version constraint of dependency markdown can be changed to >=2.3,<=3.3.7.

The above modification suggestions can reduce the dependency conflicts as much as possible, and introduce the latest version as much as possible without calling Error in the projects.

The invocation of the current project includes all the following methods.

The calling methods from the pytz 
pytz.timezone
The calling methods from the requests 
requests.post
requests.get
urllib3.disable_warnings
The calling methods from the urllib3 
urllib3.disable_warnings
The calling methods from the markdown 
markdown.markdown
The calling methods from the all methods 
print
NoticePush.server_push
datetime.datetime.now
main
f.readlines
os.environ.get
urllib3.disable_warnings
json.loads
checkForUpdates
requests.get
NoticePush.ding_push_message
NoticePush.push_plus
os.path.exists
data.json.dumps.access_token.requests.post.json
line.strip
line.strip.strip
res.json.get
INFORMATION.get.strip
getSign
sys.exit
requests.post
pytz.timezone
NoticePush.enterprise_wechat
INFORMATION.update
markdown.markdown
os.path.dirname
GlobalVariable.headers.update
GlobalVariable.PERSONAL_INFORMATION.strip
requests.get.json
requests.post.json
INFORMATION.get
login
NoticePush.bark
NoticePush.telegram_bot
data.json.dumps.access_token.requests.post.json.json
signIn
len
os.path.abspath
json.dumps
format
getUserInfo
getPlanByStu
open

@developer Could please help me check this issue? May I pull a request to fix it? Thank you very much.

PyDeps avatar Oct 26 '22 02:10 PyDeps