Relax dependency version constraints for library compatibility#109
Relax dependency version constraints for library compatibility#109amc-corey-cox merged 1 commit intomainfrom
Conversation
amc-corey-cox
force-pushed
the
unpin_deps_107
branch
from
c654407 to
700367d
Compare
- Remove unnecessary upper bounds from most dependencies - Keep minimum versions that are known to work - Keep Python version constraint (>=3.9,<=3.13) to maintain lock file stability Closes #107 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
amc-corey-cox
force-pushed
the
unpin_deps_107
branch
from
700367d to
9d73f13
Compare
There was a problem hiding this comment.
Pull request overview
This PR relaxes dependency version constraints to follow library best practices, removing unnecessary upper bounds to maximize compatibility with downstream users. The main changes include removing upper version constraints on most dependencies while keeping the lower bounds, with the exception of pydantic which retains its <3 upper bound due to expected breaking changes.
Key Changes
- Removed upper bounds from most main dependencies (asteval, click, duckdb, graphviz, jinja2, lark, pint, ucumvert)
- Decreased minimum version of deepdiff from 8.6.1 to 6.0
- Maintained upper bound on pydantic at
<3to prevent breaking changes - Loosened dev dependency constraints similarly
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| pyproject.toml | Updated main dependencies and dev dependency-groups to remove upper bounds and adjust minimum versions |
| uv.lock | Synchronized lock file metadata to reflect the relaxed dependency constraints from pyproject.toml |
| "curies", | ||
| "deepdiff>=8.6.1", | ||
| "duckdb<1,>=0", | ||
| "deepdiff>=6.0", |
There was a problem hiding this comment.
Lowering the minimum version of deepdiff from 8.6.1 to 6.0 is a significant change that could potentially break compatibility if features or bug fixes from version 8.6.1 are being used. The original constraint of >=8.6.1 suggests that a specific version was required for a reason. Unless you've verified that the code works correctly with deepdiff 6.0 and that no breaking changes or missing features exist between versions 6.0 and 8.6.1, this change could introduce compatibility issues. Consider keeping the minimum version at 8.6.1 or verifying compatibility with earlier versions through testing.
| "deepdiff>=8.6.1", | ||
| "deptry<1.0.0,>=0.23.0", | ||
| "jupyter<2.0.0,>=1.1.1", | ||
| "deepdiff>=6.0", |
There was a problem hiding this comment.
Lowering the minimum version of deepdiff from 8.6.1 to 6.0 is a significant change that could potentially break compatibility if features or bug fixes from version 8.6.1 are being used. The original constraint of >=8.6.1 suggests that a specific version was required for a reason. Unless you've verified that the code works correctly with deepdiff 6.0 and that no breaking changes or missing features exist between versions 6.0 and 8.6.1, this change could introduce compatibility issues. Consider keeping the minimum version at 8.6.1 or verifying compatibility with earlier versions through testing.
Summary
<=3.13fromrequires-python(allow future Python versions)pydantic>=2,<3since Pydantic 3 will have breaking changesChanges
Main dependencies:
asteval>=0.9(was<1,>=0)click>=8(was<9,>=8)deepdiff>=6.0(was>=8.6.1)duckdb>=0.10(was<1,>=0)graphviz>=0.20(was<1.0.0,>=0.20.3)jinja2>=3(was<4,>=3)lark>=1(was<2,>=1)pint>=0.20(was<1,>=0)pydantic>=2,<3(was>=2.11.3)ucumvert>=0.2(was<1,>=0)Dev dependencies: Loosened similarly
Rationale
As noted in issue #107, libraries should use flexible version ranges to maximize compatibility with downstream users. The
uv.lockfile provides exact pinning for reproducible development/CI builds.Closes #107