Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Suggest to loosen the dependency on fuzzywuzzy #7

Open
Agnes-U opened this issue Jul 12, 2022 · 0 comments
Open

Suggest to loosen the dependency on fuzzywuzzy #7

Agnes-U opened this issue Jul 12, 2022 · 0 comments

Comments

@Agnes-U
Copy link

Agnes-U commented Jul 12, 2022

Hi, your project scoper requires "fuzzywuzzy==0.17.0" in its dependency. After analyzing the source code, we found that the following versions of fuzzywuzzy can also be suitable without affecting your project, i.e., fuzzywuzzy 0.16.0. Therefore, we suggest to loosen the dependency on fuzzywuzzy from "fuzzywuzzy==0.17.0" to "fuzzywuzzy>=0.16.0,<=0.17.0" to avoid any possible conflict for importing more packages or for downstream projects that may use scoper.

May I pull a request to further loosen the dependency on fuzzywuzzy?

By the way, could you please tell us whether such dependency analysis may be potentially helpful for maintaining dependencies easier during your development?



We also give our detailed analysis as follows for your reference:

Your project scoper directly uses 1 APIs from package fuzzywuzzy.

fuzzywuzzy.process.extractBests

Beginning from the 1 APIs above, 4 functions are then indirectly called, including 1 fuzzywuzzy's internal APIs and 3 outsider APIs. The specific call graph is listed as follows (neglecting some repeated function occurrences).

[/RameshAditya/scoper]
+--fuzzywuzzy.process.extractBests
|      +--fuzzywuzzy.process.extractWithoutOrder
|      |      +--logging.warning
|      |      +--functools.partial
|      +--heapq.nlargest

We scan fuzzywuzzy's versions and observe that during its evolution between any version from [0.16.0] and 0.17.0, the changing functions (diffs being listed below) have none intersection with any function or API we mentioned above (either directly or indirectly called by this project).

diff: 0.17.0(original) 0.16.0
['fuzzywuzzy.fuzz._token_set', 'fuzzywuzzy.utils.check_for_equivalence', 'fuzzywuzzy.utils.full_process']

As for other packages, the APIs of heapq, logging and functools are called by fuzzywuzzy in the call graph and the dependencies on these packages also stay the same in our suggested versions, thus avoiding any outside conflict.

Therefore, we believe that it is quite safe to loose your dependency on fuzzywuzzy from "fuzzywuzzy==0.17.0" to "fuzzywuzzy>=0.16.0,<=0.17.0". This will improve the applicability of scoper and reduce the possibility of any further dependency conflict with other projects.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant