Remove transitive dependencies and update requirements#1302
Open
foivospro wants to merge 2 commits into
Open
Conversation
foivospro
changed the title
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #1302 +/- ##
=======================================
Coverage 76.92% 76.92%
=======================================
Files 20 20
Lines 1309 1309
=======================================
Hits 1007 1007
Misses 302 302 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
As part of our ongoing research on Python dependency management, we noticed that your project explicitly declares several dependencies that are actually transitive — meaning they are already required by top-level packages and do not need to be listed directly.
Dependencies such as
click,itsdangerous,certifi,charset-normalizer,idna,urllib3,zipp,typing_extensions, andpyparsingare not used directly in the project code but are installed automatically through primary packages likeFlaskandrequests.Keeping these transitive dependencies in
requirements.txtorpyproject.tomlunnecessarily locks their versions and increases the maintenance burden, especially during upgrades or conflict resolution. This pull request removes those redundant declarations to allow the resolver to handle them based on the needs of top-level packages. This leads to a cleaner, more maintainable dependency tree.The pip documentation also encourages auditing your top-level requirements and removing unused or transitive ones to simplify the dependency graph and minimize the risk of version conflicts.
Importantly, after removing these transitive dependencies, we confirmed that the project’s test suite still passes successfully. This indicates that none of the removed dependencies are used directly by the codebase.