Loosen dependency pins: cachetools, aiohttp, requests#129
Loosen dependency pins: cachetools, aiohttp, requests#129silvanocerza merged 4 commits intoipinfo:masterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR loosens dependency constraints in the Python package metadata to reduce install-time conflicts for consumers (Fixes #127).
Changes:
- Relax
cachetoolsfrom a hard pin (==4.2.0) to a range (>=4.2,<8). - Correct
aiohttp’s upper bound semantics by switching from<=4(effectively<=4.0.0) to<4. - Add an upper bound for
requests(<3) to avoid potential future breaking changes.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
pyproject.toml |
Updates published dependency specifiers for requests, cachetools, and aiohttp. |
uv.lock |
Updates the lockfile’s requires-dist metadata to match the new dependency specifiers. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Sorry for the AI-assisted approach — but this is a well-known pain point that's been affecting users for a while, and since the fix is straightforward, it felt worth resolving quickly rather than waiting. |
|
Thanks @socketz. No worries for the AI usage, we're ok with it if done well, also we're in this situation because of another AI PR. :) By the way I ran tests locally since we need the Merging and drafting a release. |
Summary
Loosens overly strict dependency pins that cause conflicts with other packages in the same environment.
Fixes #127
Changes
cachetools==4.2.0>=4.2,<8cachetools>=5/6/7. Tested compatible with cachetools 7.0.5.aiohttp>=3.12.14,<=4>=3,<4<=4only allowed exactly4.0.0, unintentionally excluding4.0.1+. Changed to<4to correctly express the intent of staying on the v3 series.requests>=2.18.4>=2.18.4,<3Testing
All existing tests pass with cachetools 7.0.5 and the updated constraints.