Skip to content
This repository was archived by the owner on May 13, 2025. It is now read-only.
This repository was archived by the owner on May 13, 2025. It is now read-only.

Project dependencies may have API risk issues #262

Open
Open
Project dependencies may have API risk issues#262
@PyDeps

Description

@PyDeps
PyDeps
opened on Oct 25, 2022

Hi, In account-security-quickstart-django, inappropriate dependency versioning constraints can cause risks.

Below are the dependencies and version constraints that the project is using

authy==2.2.6
Django==3.2
phonenumbers==8.12.21
python-dotenv==0.17.0
twilio==6.57.0

The version constraint == will introduce the risk of dependency conflicts because the scope of dependencies is too strict.
The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.

After further analysis, in this project,
The version constraint of dependency Django can be changed to >=2.0,<=4.1a1.
The version constraint of dependency phonenumbers can be changed to >=4.6b1,<=8.12.50.
The version constraint of dependency twilio can be changed to >=6.0.0a1,<=6.0.0.
The version constraint of dependency twilio can be changed to >=6.1.0a1,<=6.1.2.
The version constraint of dependency twilio can be changed to >=6.2.0a1,<=6.2.0.
The version constraint of dependency twilio can be changed to >=6.3.0a1,<=7.9.3.

The above modification suggestions can reduce the dependency conflicts as much as possible,
and introduce the latest version as much as possible without calling Error in the projects.

The invocation of the current project includes all the following methods.

The calling methods from the Django 
django.conf.urls.static.static
django.contrib.auth.login
django.http.HttpResponse
django.forms.CharField
django.shortcuts.render
django.core.management.execute_from_command_line
django.core.wsgi.get_wsgi_application
django.urls.path
django.forms.ChoiceField
django.forms.HiddenInput
The calling methods from the phonenumbers 
phonenumbers.parse
phonenumbers.is_valid_number
The calling methods from the twilio 
twilio.rest.Client
The calling methods from the all methods 
twofa.models.TwoFAUserManager
ImportError
django.contrib.auth.login
self.BootstrapSelect.super.render
self.model.set_password
self.model.save
forms.TokenForm.is_valid
django.http.HttpResponse
django.contrib.auth.views.LogoutView.as_view
django.urls.path
django.forms.CharField.startswith
authy_api.one_touch.get_approval_status.errros
django.db.models.CharField
self.BootstrapInput.super.render
phonenumbers.is_valid_number
authy_api.users.request_sms
extra_fields.setdefault
clients.twilio_client.verifications
self.TokenVerificationForm.super.is_valid
forms.TokenVerificationForm
models.TwoFAUser.objects.create_user
django.forms.CharField
twilio.rest.Client
django.shortcuts.redirect
django.db.migrations.CreateModel
BootstrapInput
extra_fields.get
models.TwoFAUser.objects.filter
authy_api.one_touch.send_request.get_uuid
BootstrapSelect
authy_api.users.create.errors
request.session.get
authy_api.one_touch.get_approval_status.ok
self.model
django.conf.urls.static.static
clients.twilio_client.verification_checks.errors
self.bootwrap_input
django.db.models.ManyToManyField
django.forms.ChoiceField
forms.TokenVerificationForm.add_error
authy_api.users.request_call
forms.RegistrationForm
client.verify.services
clients.twilio_client.verification_checks
self.BootstrapInput.super.__init__
django.conf.settings.TWILIO_VERIFICATION_SID.client.verify.services.verifications.create
managers.TwoFAUserManager
os.environ.get
twofa.forms.BootstrapInput
django.core.wsgi.get_wsgi_application
django.shortcuts.render
authy_api.users.create
authy_api.users.create.ok
django.db.models.EmailField
int
django.forms.HiddenInput
os.environ.setdefault
django.db.models.BooleanField
self._create_user
authy_api.one_touch.send_request
self.add_error
django.db.models.DateTimeField
dotenv.load_dotenv
forms.TokenForm.add_error
BootstrapPasswordInput
forms.TokenVerificationForm.is_valid
os.path.join
os.path.abspath
django.core.management.execute_from_command_line
os.path.dirname
authy_api.users.request_sms.ok
forms.VerificationForm
authy_api.one_touch.send_request.ok
self.normalize_email
authy_api.one_touch.get_approval_status
functools.wraps
authy.api.AuthyApiClient
format
authy_api.tokens.verify
ValueError
forms.TokenForm
self.model.normalize_username
django.contrib.auth.views.LoginView.as_view
phonenumbers.parse
super
authy_api.tokens.verify.ok
authy_api.users.request_call.ok
self.BootstrapSelect.super.__init__
username.TwoFAUser.objects.filter.exists
django.db.models.AutoField
verification.errors.values
authy_user.errors.items
django.conf.settings.TWILIO_VERIFICATION_SID.client.verify.services.verification_checks.create
view

@developer
Could please help me check this issue?
May I pull a request to fix it?
Thank you very much.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions