Suggest to loosen the dependency on boltons
Agnes-U opened this issue · 1 comments
Dear developers,
Your project torchsde requires "boltons==20.2.1" in its dependency. After analyzing the source code, we found that the following versions of boltons can also be suitable without affecting your project, i.e., boltons 19.0.0, 19.0.1, 19.1.0, 19.2.0, 19.3.0, 20.0.0, 20.1.0, 20.2.0. Therefore, we suggest to loosen the dependency on boltons from "boltons==20.2.1" to "boltons>=19.0.0,<=20.2.1" to avoid any possible conflict for importing more packages or for downstream projects that may use ddos_script.
May I pull a request to further loosen the dependency on boltons?
By the way, could you please tell us whether such dependency analysis may be potentially helpful for maintaining dependencies easier during your development?
Details:
Your project (commit id: 53038a3) directly uses 1 APIs from package boltons.
boltons.cacheutils.LRU.__init__
Beginning fromwhich, 5 functions are then indirectly called, including 4 boltons's internal APIs and 1 outsider APIs as follows:
[/google-research/torchsde]
+--boltons.cacheutils.LRU.__init__
| +--boltons.cacheutils.LRI.__init__
| | +--boltons.cacheutils.RLock.__init__
| | +--threading.RLock
| | +--boltons.cacheutils.LRI._init_ll
| | +--boltons.cacheutils.LRI.update
Since all these functions have not been changed between any version for package "boltons" from [19.0.0, 19.0.1, 19.1.0, 19.2.0, 19.3.0, 20.0.0, 20.1.0, 20.2.0] and 20.2.1. Therefore, we believe it is safe to loosen the corresponding dependency.