carsonyl
commented
8 months ago Yes, this is a great idea. Hopefully there's a way to do this with minimal disruption to users. Pull requests welcome of course.
But would you consider a workaround in your scenario where you'd just ignore pypac's dependencies and omit extraneous libraries? Or is that no good for code scanning purposes?
Hi Carson,
Thanks for this library! This is great. It does mostly what we need it to do.
There's only one request here. Would it be possible to make some of the dependencies optional? We're trying to use it in the context of an async application, and I'm trying to limit the number of dependencies (because of supply chain attack surface, follow-up on security incidents, etc...) Given that we've an async application, there is zero need to have things like requests or requests-file in our dependency tree. I think tldextract is also not needed.
We can fetch the pacfile from a URL using httpx. The only thing we'd like to use pypac for is to parse the pacfile. So, pure I/O work. Having to add 5 additional dependencies to our dependency tree feels like overkill for resolving a proxy URL.
Is that anything you would consider? If you'd like, maybe I can find somebody to prepare a PR.