puzzle-massive icon indicating copy to clipboard operation
puzzle-massive copied to clipboard

Published 20 hours ago verified publisher icon jkenlooper

Suggest to loosen the dependency on rq

Open Agnes-U opened this issue 2 years ago • 0 comments

Dear developers,

Your project puzzle-massive requires "rq==1.7.0" in its dependency. After analyzing the source code, we found that the following versions of rq can also be suitable without affecting your project, i.e., rq 1.6.0, 1.6.1. Therefore, we suggest to loosen the dependency on rq from "rq==1.7.0" to "rq>=1.6.0,<=1.7.0" to avoid any possible conflict for importing more packages or for downstream projects that may use ddos_script.

May I pull a request to further loosen the dependency on rq?

By the way, could you please tell us whether such dependency analysis may be potentially helpful for maintaining dependencies easier during your development?


Details:

Your project (commit id: 998b71d072509be5b01403c9799d8fa2fcfe294e) directly uses 3 APIs from package rq.

rq.connections.Connection, rq.queue.Queue.__init__, rq.worker.Worker.__init__

Beginning fromwhich, 23 functions are then indirectly called, including 17 rq's internal APIs and 6 outsider APIs as follows:

[/jkenlooper/puzzle-massive]
+--rq.connections.Connection
|      +--redis.Redis
|      +--rq.connections.push_connection
|      |      +--rq.local.LocalStack.push
|      +--rq.connections.pop_connection
|      |      +--rq.local.LocalStack.pop
|      |      |      +--rq.local.release_local
+--rq.queue.Queue.__init__
|      +--rq.connections.resolve_connection
|      |      +--rq.connections.get_current_connection
|      |      +--rq.connections.NoRedisConnectionException.__init__
|      +--rq.utils.parse_timeout
|      |      +--rq.exceptions.TimeoutFormatError.__init__
|      +--warnings.warn
|      +--rq.utils.import_attribute
|      |      +--importlib.import_module
|      +--rq.serializers.resolve_serializer
|      |      +--rq.utils.import_attribute
+--rq.worker.Worker.__init__
|      +--rq.connections.get_current_connection
|      +--socket.gethostname
|      +--os.getpid
|      +--rq.utils.backend_class
|      |      +--rq.utils.import_attribute
|      +--rq.serializers.resolve_serializer
|      +--rq.utils.ensure_list
|      |      +--rq.utils.is_nonstring_iterable
|      +--uuid.uuid4
|      +--rq.worker.Worker.validate_queues
|      +--rq.worker.Worker.push_exc_handler

Since all these functions have not been changed between any version for package "rq" from [1.6.0, 1.6.1] and 1.7.0. Therefore, we believe it is safe to loosen the corresponding dependency.

Agnes-U avatar Nov 13 '22 07:11 Agnes-U