Specify minimum dependencies

[daenney]

trafficstars

@singingwolfboy Should we consider specifying some minimum dependencies in requirements.txt at this point? Right now there's a fairly wide range of allowed versions, which aren't likely to all work well together.

It can also cause some confusion like in #236, where at least the dependency wouldn't have been able to be satisfied returning an error to the user instead of failing at runtime.

For example, I would suggest we use:

• Flask >= 1.0.0
• requests-oauthlib >= 1.2.0

We should probably do this as part of #231.

[singingwolfboy]

We already require Flask >= 0.7 and requests-oauthlib >= 1.0. Maybe we should add a minimum version for oauthlib, as well?

[daenney]

Do you want to keep support for Flask pre-1.0? 0.7 specifically was released in 2011. Seems it might be fine to up the minimum now, especially since we're heading towards a major version increase. We're also not testing with such old versions anymore so it's hard to know if we're still functional on Flask 0.7.

I would prefer a lower limit of at least 0.10 but that still puts us in 2013. 0.12 might be more appropriate and should limit the amount of variance between 0.12 and 1.x while ensuring we support Flask versions all the way back to 2016.

Debian Jessie/oldstable packages Flask 0.10, Jessie backports and Stretch/stable 0.12 and the upcoming Buster has 1.0.2. That's probably a good indication that we could/should move to 0.12 without breaking the world.

From what I can see based on #236 we would need to bump oauthlib to > 3.0 for the Twitch one to work out of the box. That would also imply/require requests-oauthlib >= 1.2.0?