Comments (5)
Hi @stdedos thank you for opening the issue and pointing out the solution. Will fix it as soon as I can. Maybe if you make a PR the fix will be implemented sooner (although I think the CI is broken right now :( )
from autoimport.
Working on it right now
from autoimport.
I'm afraid that we can't migrate to xdg-base-dirs
because they only support Python >= 3.10 and We support all active Python versions (right now >=3.7). The devs suggest not to migrate from xdg
if you need support for those versions.
I'm adding a comment on the code to migrate away once support for 3.9 is dropped. We use the library literally for one line, I don't think we'd need the features of the new package nor think it's probable that we hit a critical vulnerability running xdg.xdg_config_home()
.
Therefore I'm closing the issue, but if you think of a better solution I'm fine reopening it again
from autoimport.
Can you try to use https://pypi.org/project/pyxdg/ for the <3.10 versions?
(That might be harder; I can try to PR that for you maybe this weekend if you want)
My concern is not "vulnerabilities"; my real issue is
import collision with PyXDG.
Ofc I could've used a venv for https://github.com/lyz-code/autoimport/ to make this problem go away. However, I have a logical gap:
- idk how can I have it in a venv. I create per-project venvs, or use the local-installation for "my user stuff" (e.g., pudb, ipython etc)
- I don't see a reason why would I install that in a project-venv, when I want to use it across projects --> therefore, include it in any
requirements.txt
(or equivalent) makes no sense to me - It doesn't seem reasonable to me to manually install it every time in a venv
from autoimport.
For these kind of tools I use pipx
which automatically creates an virtualenv for everything you install, while it keeps it easy to update them all. This may solve your problems 1. 2. and 3.
Adding PyXDG for Python <3.10 and xdg-base-dirs for Python >3.10 looks an unnecessary complex increase, and I'm not quite sure how that will work with pdm
.
Even if I don't like the idea, if you feel strong about it and want to make a PR I'll check it, and if it's not that complex I'm fine with merging it.
Despite if you use it to solve this issue I encourage you to give pipx
a try for the rest of your environment setup, it has saved me a lot of time and headaches
from autoimport.
Related Issues (20)
- crashes when processing some imports that have `# comments` HOT 7
- <deleted>
- Support a config file with example imports HOT 10
- Import lines with a semicolon separator are improperly formatted HOT 1
- Python `SyntaxError` when removing last import from parenthetical import ... from statement HOT 3
- File modification time updates even if autoimport does not change file HOT 4
- Do not reformat code lines that end with `# fmt: skip` HOT 1
- Add support for `python3 -m autoimport` invocation HOT 2
- Import objects by mimicking other modules HOT 2
- `typing.Literal` can cause false-positive import HOT 3
- Preserve line endings HOT 2
- Pre-generate module symbol list HOT 1
- Extra blank lines after imports are removed HOT 2
- Stdout of unmodified script should be returned even if autoimport fails to resolve libraries HOT 3
- crashes with `ValueError` when the import to remove appears twice HOT 2
- Flag to skip for `__init__.py` files HOT 3
- [Bug] handling top-level `if TYPE_CHECKING: ...` block HOT 3
- Maintenance mode. Help needed! HOT 1
- Add `--ignore-init-modules` to configurable options HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from autoimport.