some dependencies should be added in configuration files

[yuluc123]

Details

I notice that there are several dependencies are missing in configuration files. they are:

• gitdb
• requests_oauthlib
• invoke
• django_cors_headers
• azure_common

They are used in source code. For example, gitdb is used in readthedocs/vcs_support/backends/git.py

Expected Result

It is necessary to add direct dependencies into configuration files.

[astrojuanlu]

Hi @yuluc123 , when you say configuration files, you mean our various requirements/*.txt files we use to install dependencies for development and production?

[stsewd]

• gitdb is an implicit dep from gitpython, I think it's fine having gitpython manage that (we only import that module for a hack/optimization over gitpython)
• invoke isn't used in the rtd codebase, but on separate scripts, and it's on https://github.com/readthedocs/common/blob/main/dockerfiles/requirements.txt (that repo is a submodule on this repo)
• requests_oauthlib no idea from where that dep comes from
• django_cors_headers, didn't find any import from this, but if you mean this

  readthedocs.org/requirements/pip.txt

  Line 97 in 2696eca

  django-cors-middleware==1.4.0 # pyup: ignore

  , then it's already on our requirements.
• azure_common, we don't use azure in production anymore, we use aws.

[yuluc123]

Hi @astrojuanlu I mean that if the dependency is directly used in code files, it should be declared. For example, if the dependency is used for development, maybe it can be declared in requirements-dev.txt?

[yuluc123]

Thanks to your reply. Here are my some opinions.

• requests_oauthlib is used in readthedocs/oauth/services/base.py in line 12?
• django-cors-headers is used in readthedocs/core/signals.py in line 8?

Sorry to bother you.

[astrojuanlu]

readthedocs.org/readthedocs/oauth/services/base.py

Line 12 in 2cab501

from requests_oauthlib import OAuth2Session

readthedocs.org/readthedocs/core/signals.py

Line 5 in 2cab501

from corsheaders import signals

[astrojuanlu]

I mean that if the dependency is directly used in code files, it should be declared.

Totally agree with you @yuluc123 👍🏽 Looks like we can be more explicit or do some cleanup.

[humitos]

I'm a little lost here 😅 . What are the explicit actions required?

[astrojuanlu]

We have 2 undeclared dependencies, that I assume get installed because they are transitive dependencies of something else: requests_oauthlib and django_cors_headers. We should explicitly list them in our requirements. Besides, we can remove azure_common.

[humitos]

• I added requests-oauthlib.
• corsheaders is already declared, it comes from django-cors-middleware
• I didn't find anything related to azure_common