Suggest to loosen the dependency on responder

[Agnes-U]

Hi, your project Word-Association-2.0-backend requires "responder==1.3.0" in its dependency. After analyzing the source code, we found that the following versions of responder can also be suitable without affecting your project, i.e., responder 1.3.1, 1.3.2. Therefore, we suggest to loosen the dependency on responder from "responder==1.3.0" to "responder>=1.3.0,<=1.3.2" to avoid any possible conflict for importing more packages or for downstream projects that may use Word-Association-2.0-backend.

May I pull a request to further loosen the dependency on responder?

By the way, could you please tell us whether such dependency analysis may be potentially helpful for maintaining dependencies easier during your development?

---

We also give our detailed analysis as follows for your reference:

Your project Word-Association-2.0-backend directly uses 3 APIs from package responder.

responder.api.API.route, responder.api.API.__init__, responder.api.API.run

Beginning from the 3 APIs above, 23 functions are then indirectly called, including 8 responder's internal APIs and 15 outsider APIs. The specific call graph is listed as follows (neglecting some repeated function occurrences).

[/svanhvitlilja/Word-Association-2.0-backend]
+--responder.api.API.route
|      +--responder.api.API.add_route
|      |      +--uuid.uuid4
|      |      +--responder.routes.Route.__init__
+--responder.api.API.__init__
|      +--responder.background.BackgroundQueue.__init__
|      |      +--multiprocessing.cpu_count
|      |      +--concurrent.futures.ThreadPoolExecutor
|      +--pathlib.Path
|      +--os.path.abspath
|      +--os.path.dirname
|      +--os.makedirs
|      +--whitenoise.WhiteNoise
|      +--whitenoise.WhiteNoise.add_files
|      +--responder.api.API.mount
|      +--responder.formats.get_formats
|      +--responder.api.API.add_route
|      +--responder.api.API.add_middleware
|      +--starlette.middleware.lifespan.LifespanMiddleware
|      +--jinja2.Environment
|      +--jinja2.FileSystemLoader
|      +--jinja2.select_autoescape
|      +--responder.api.API.session
|      |      +--starlette.testclient.TestClient
+--responder.api.API.run
|      +--responder.api.API.serve
|      |      +--uvicorn.run

We scan responder's versions and observe that during its evolution between any version from [1.3.1, 1.3.2] and 1.3.0, the changing functions (diffs being listed below) have none intersection with any function or API we mentioned above (either directly or indirectly called by this project).

diff: 1.3.0(original) 1.3.1
['responder.api.API.docs', 'responder.api.API', 'responder.api.API.before_ws_requests', 'responder.api.API.before_http_requests', 'responder.api.API.before_request', 'responder.api.API.static_url', 'responder.routes.Route', 'responder.models.Request', 'responder.api.API.__call__', 'responder.api.API.static_response', 'responder.api.API.dispatch', 'responder.routes.Route.incoming_matches', 'responder.api.API.before_requests', 'responder.routes._make_convertor']

diff: 1.3.0(original) 1.3.2
['responder.api.API.before_ws_requests', 'responder.api.API._signer', 'responder.api.API.static_url', 'responder.api.API.path_matches_route', 'responder.routes.Route.incoming_matches', 'responder.api.API.before_requests', 'responder.routes._make_convertor', 'responder.api.API.asgi', 'responder.api.API.before_http_requests', 'responder.models.Response', 'responder.api.API.add_schema', 'responder.models.Request.state', 'responder.models.Request', 'responder.api.API.on_event', 'responder.api.API.no_response', 'responder.api.API.before_request', 'responder.api.API.schema', 'responder.api.API._prepare_session', 'responder.routes.Route', 'responder.api.API.__call__', 'responder.api.API.static_response', 'responder.api.API.docs', 'responder.api.API._dispatch_request', 'responder.api.API._dispatch_http', 'responder.api.API', 'responder.api.API.dispatch']

As for other packages, the APIs of pathlib, os, whitenoise, starlette, jinja2, uuid, multiprocessing, concurrent and uvicorn are called by responder in the call graph and the dependencies on these packages also stay the same in our suggested versions, thus avoiding any outside conflict.

Therefore, we believe that it is quite safe to loose your dependency on responder from "responder==1.3.0" to "responder>=1.3.0,<=1.3.2". This will improve the applicability of Word-Association-2.0-backend and reduce the possibility of any further dependency conflict with other projects.