Add bounds on dependency versions

[saattrupdan]

🚀 The feature, motivation and pitch

The current pyproject.toml file has dependencies with no lower or upper bounds on them, which means that package management systems that check for these kinds of things, like Poetry, takes ages to install your package, as it has to check all versions. A simple lower- and upper bound of compatible version for the small amount of dependencies in pyproject.toml file would do wonders.

Alternatives

An alternative is just doing nothing, but there's a large number of Poetry users out there (second most used Python packaging system), so that will make life unnecessarily hard for many.

Additional context

No response

[2015aroras]

Lower-bounds are another thing, but upper bounds can be harm more than good in the long-term for a library (and other programs consuming our package is a valid scenario). Even Poetry points this out: https://python-poetry.org/docs/faq/#are-unbound-version-constraints-a-bad-idea.

@dirkgr Thoughts?

[dirkgr]

I wouldn't mind putting in some reasonable lower bounds if it's just to keep the search times down. I wouldn't want to be too tight though, because that makes it really hard to use when you have lots of dependencies. If we did major versions only, would that be good enough?

[saattrupdan]

Lower bounds would be great! It took almost 6 hours to install the package with unbounded constraints - hopefully lower bounds will bring that down significantly.

Also, Poetry installed an early version of your dependency boto3, causing strange error messages, but these also went away by forcing a lower bound on the version.

[dumitrac]

I apologize for our delay in response. In order to help surface current, unresolved issues, we are closing tickets prior to February 29. Please reopen your ticket if you are continuing to experience this issue. Thank you!