Move away from the `xdg` package about autoimport HOT 5 OPEN

Hi @stdedos thank you for opening the issue and pointing out the solution. Will fix it as soon as I can. Maybe if you make a PR the fix will be implemented sooner (although I think the CI is broken right now :( )

from autoimport.

Working on it right now

from autoimport.

I'm afraid that we can't migrate to xdg-base-dirs because they only support Python >= 3.10 and We support all active Python versions (right now >=3.7). The devs suggest not to migrate from xdg if you need support for those versions.

I'm adding a comment on the code to migrate away once support for 3.9 is dropped. We use the library literally for one line, I don't think we'd need the features of the new package nor think it's probable that we hit a critical vulnerability running xdg.xdg_config_home().

Therefore I'm closing the issue, but if you think of a better solution I'm fine reopening it again

from autoimport.

Can you try to use https://pypi.org/project/pyxdg/ for the <3.10 versions?
(That might be harder; I can try to PR that for you maybe this weekend if you want)

My concern is not "vulnerabilities"; my real issue is

import collision with PyXDG.

Ofc I could've used a venv for https://github.com/lyz-code/autoimport/ to make this problem go away. However, I have a logical gap:

1. idk how can I have it in a venv. I create per-project venvs, or use the local-installation for "my user stuff" (e.g., pudb, ipython etc)
2. I don't see a reason why would I install that in a project-venv, when I want to use it across projects --> therefore, include it in any requirements.txt (or equivalent) makes no sense to me
3. It doesn't seem reasonable to me to manually install it every time in a venv

from autoimport.

For these kind of tools I use pipx which automatically creates an virtualenv for everything you install, while it keeps it easy to update them all. This may solve your problems 1. 2. and 3.

Adding PyXDG for Python <3.10 and xdg-base-dirs for Python >3.10 looks an unnecessary complex increase, and I'm not quite sure how that will work with pdm.

Even if I don't like the idea, if you feel strong about it and want to make a PR I'll check it, and if it's not that complex I'm fine with merging it.

Despite if you use it to solve this issue I encourage you to give pipx a try for the rest of your environment setup, it has saved me a lot of time and headaches

from autoimport.