Comments (6)
@fmigneault I think you are right. On one hand, having pinned dependencies is nice for reproducibility, but that's more useful for an application and for libraries, it should be more relaxed so that it is more useful in other contexts.
I am going to fix this and do a new release soon.
Thanks for pointing it out.
from json2xml.
@vinitkumar Works like a charm! Thanks for the update.
from json2xml.
@fmigneault I just pushed a released to pypi where I fixed the complaint you had. https://pypi.org/project/json2xml/3.20.0/
Please check it and let me know if this fix the issue for you?
Thanks again for pointing this out.
from json2xml.
@vinitkumar
Is it possible to loosen the urllib3
version dependency as you did with the previous PR?
Although I see that you did update it in 092b132, the current latest available release https://github.com/vinitkumar/json2xml/tree/v4.0.1 drags it down to urllib3==1.26.13
instead of letting pip auto-resolve urllib3
to the latest available version. Every code that uses json2xml
is therefore "less secure" because they must wait until you release a new version to respect dependencies.
from json2xml.
@fmigneault You raise a brilliant point. I haven't thought about this before. I am also thinking of not hardcoding a version on both the dependencies in requirements and pip auto to decide if those work or not. We have good test coverage to catch any regression. And at the same time, it would not limit people using these dependencies to run insecure versions.
from json2xml.
Thanks for the quick fix. Greatly appreciated!
from json2xml.
Related Issues (20)
- dicttoxml adds 'b...' HOT 4
- setting the xmlns value HOT 6
- setting xsi location HOT 3
- Logging should be disabled by default HOT 4
- Convert a dict with list to json without <list> elements HOT 1
- Wrap list items in their parent element HOT 1
- Ampersand not parsed correctly when attrs are present HOT 1
- List items as tags with arguments HOT 9
- Crash in one test when switching to pytest HOT 1
- dicttoxml: recursive array broken since json2xml 3.19.0 HOT 1
- some unit tests do not fail in test_dict2xml.py but should
- Security issues reported by dlint
- List items with attributes HOT 10
- not well-formed (invalid token) with custom attrs if attr value has a " character HOT 3
- Movie online database compatibility HOT 1
- validated json fails conversion HOT 4
- @attrs keyword does not work at the root level HOT 1
- Preserve certain text from being escaped HOT 2
- Deprecate setup.py and move to standard based tools
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from json2xml.