search

datacenter / acitoolkit

A basic toolkit for accessing the Cisco APIC
Other
347 stars 266 forks source link

Project dependencies may have API risk issues #387

Open PyDeps opened 1 year ago

PyDeps commented 1 year ago

Hi, In acitoolkit, inappropriate dependency versioning constraints can cause risks.

Below are the dependencies and version constraints that the project is using

requests
websocket-client>0.33.0
gitpython
flask-httpauth
flask-sqlalchemy
flask-admin
flask-bootstrap
flask-wtf
flask-cors
flask
pymysql
tabulate
py-radix
jsonschema
graphviz
ipaddress
deepdiff==3.3.0

The version constraint == will introduce the risk of dependency conflicts because the scope of dependencies is too strict. The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.

After further analysis, in this project, The version constraint of dependency requests can be changed to >=2.4.0,<=2.15.1. The version constraint of dependency websocket-client can be changed to >=0.13.0,<=0.15.0. The version constraint of dependency flask-admin can be changed to >=1.0.3,<=1.6.0. The version constraint of dependency flask-wtf can be changed to >=0.9.0,<=0.15.1. The version constraint of dependency flask-cors can be changed to >=1.7.0,<=3.0.10. The version constraint of dependency tabulate can be changed to >=0.7.4,<=0.8.9. The version constraint of dependency jsonschema can be changed to >=2.0.0,<=4.6.0. The version constraint of dependency graphviz can be changed to >=0.3,<=0.20. The version constraint of dependency ipaddress can be changed to >=1.0.3,<=1.0.23.

The above modification suggestions can reduce the dependency conflicts as much as possible, and introduce the latest version as much as possible without calling Error in the projects.

The invocation of the current project includes all the following methods.

The calling methods from the requests 
requests.packages.urllib3.disable_warnings
requests.Session.post
requests.Response
requests.Session.get
urllib3.disable_warnings
requests.Session
The calling methods from the websocket-client 
websocket.create_connection
The calling methods from the flask-admin 
flask_admin.model.template.macro
flask_admin.expose
flask_admin.Admin.add_view
flask_admin.actions.action
flask_admin.AdminIndexView
The calling methods from the flask-wtf 
flask_wtf.CsrfProtect
The calling methods from the flask-cors 
flask_cors.CORS
The calling methods from the tabulate 
tabulate.tabulate
The calling methods from the jsonschema 
jsonschema.validate
The calling methods from the graphviz 
graphviz.Digraph
The calling methods from the ipaddress 
ipaddress.collapse_addresses
ipaddress.ip_address
ipaddress.ip_network

@developer Could please help me check this issue? May I pull a request to fix it? Thank you very much.