Summary
web/requirements.txt bundles pytest and pytest-cov alongside production dependencies (Flask, pymongo, bcrypt, PyJWT). The Docker image built from web/Dockerfile installs all of these, shipping test tooling into the production container, which increases image size and attack surface unnecessarily.
Background
Separating runtime and dev/test dependencies is a standard Python packaging convention. It also allows CI to install requirements-dev.txt while the production Docker build uses only requirements.txt, keeping the image lean.
Affected Areas
web/requirements.txt — pytest entries on lines 8-9web/Dockerfile — pip install instruction- CI workflow (if present) / README instructions
Recommended Fix
Create web/requirements-dev.txt:
-r requirements.txt
pytest==9.0.3
pytest-cov>=4.1
Remove pytest lines from web/requirements.txt. Update web/Dockerfile to only pip install -r requirements.txt. Update the README testing section to instruct developers to install requirements-dev.txt locally.
Acceptance Criteria
Complexity Estimate
XS — file split and two-line Dockerfile edit.
Priority
Low — no runtime risk, but teaches a clean dependency hygiene pattern to tutorial readers.
Auto-identified by workspace issue-logger
Category: dependency upgrade
Complexity: XS
Repository: DewaldOosthuizen/python_rest_tutorial
Summary
web/requirements.txtbundlespytestandpytest-covalongside production dependencies (Flask,pymongo,bcrypt,PyJWT). The Docker image built fromweb/Dockerfileinstalls all of these, shipping test tooling into the production container, which increases image size and attack surface unnecessarily.Background
Separating runtime and dev/test dependencies is a standard Python packaging convention. It also allows CI to install
requirements-dev.txtwhile the production Docker build uses onlyrequirements.txt, keeping the image lean.Affected Areas
web/requirements.txt— pytest entries on lines 8-9web/Dockerfile—pip installinstructionRecommended Fix
Create
web/requirements-dev.txt:Remove
pytestlines fromweb/requirements.txt. Updateweb/Dockerfileto onlypip install -r requirements.txt. Update the README testing section to instruct developers to installrequirements-dev.txtlocally.Acceptance Criteria
web/requirements.txtcontains only runtime dependenciesweb/requirements-dev.txtexists and pulls inpytest+pytest-covweb/Dockerfileinstalls onlyrequirements.txtpip install -r web/requirements-dev.txtinstruction for local testingComplexity Estimate
XS — file split and two-line Dockerfile edit.
Priority
Low — no runtime risk, but teaches a clean dependency hygiene pattern to tutorial readers.
Auto-identified by workspace issue-logger
Category: dependency upgrade
Complexity: XS
Repository: DewaldOosthuizen/python_rest_tutorial