Skip to content

Remove unused dependency GitPython#781

Merged
Pierre-Sassoulas merged 1 commit intoprospector-dev:masterfrom
karyotakisg:master
Jul 18, 2025
Merged

Remove unused dependency GitPython#781
Pierre-Sassoulas merged 1 commit intoprospector-dev:masterfrom
karyotakisg:master

Conversation

@karyotakisg
Copy link
Copy Markdown
Contributor

@karyotakisg karyotakisg commented Jul 17, 2025

Remove unused dependency GitPython

Description

GitPython dependency was removed from poetry.lock and pyproject.toml

Related Issue

#780

Motivation and Context

Unnecessary dependencies can introduce version conflicts, make maintenance harder and can increase the attack surface.

How Has This Been Tested?

Python 3.10.18 was used.
the following command for testing was executed:

tox -e py310

Types of changes

  • Requirements Change

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • My change requires a change to the dependencies
  • I have updated the dependencies accordingly
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@sbrunner
Copy link
Copy Markdown
Member

sbrunner commented Jul 17, 2025

@cclauss do you rember why you add it?
538969a#diff-50c86b7ed8ac2cf95bd48334961bf0530cdc77b5a56f852c5c61b89d735fd711

@cclauss
Copy link
Copy Markdown
Contributor

cclauss commented Jul 18, 2025

#520 (comment)

I think it was an indirect dependency.

@karyotakisg
Copy link
Copy Markdown
Contributor Author

karyotakisg commented Jul 18, 2025

Hi again,
Removing transitive dependencies from configurations files to let pip manage them automatically, helps keeping the dependency list clean and avoiding version conflicts between packages.

@carlio
Copy link
Copy Markdown
Member

carlio commented Jul 18, 2025

I definitely remember situations where dependencies had version ranges which ended up allowing some indirect dependency which then caused things to break - so while prospector does not use it directly there might have been some strange set of conditions where this constraint was necessary despite it not being used directly.

That's my vague guess at the reasons it was there, but I'm all for removing this.

@carlio carlio self-requested a review July 18, 2025 18:22
@Pierre-Sassoulas
Copy link
Copy Markdown
Collaborator

Pierre-Sassoulas commented Jul 18, 2025

I failed to properly review the MR that introduced this, I should have asked or clarified the reason to add this dependency at the time. Gitpython is an optional dependency for pylint primer tests, that might be the reason it was added but multiple years later the historical context that might have been obvious at the time (another pr jobs failing perhaps ?) is lost and impliciteness is not enough anymore.

@Pierre-Sassoulas Pierre-Sassoulas merged commit 50109db into prospector-dev:master Jul 18, 2025
7 checks passed
@cusco cusco mentioned this pull request Sep 15, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@carlio carlio carlio approved these changes

@Pierre-Sassoulas Pierre-Sassoulas Pierre-Sassoulas approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@karyotakisg @sbrunner @cclauss @carlio @Pierre-Sassoulas