I'm the maintainer of an application which pins a recent version of lxml (applications should ideally pin everything to have a known-good set of deps). One of the users reported that they cannot install python-saml in the same environment because it pins the upper version of lxml.
Assuming there are no breaking changes (after all, it's not a major version bump), would you consider removing this upper bound?
ThiefMaster
commented
1 year ago
I'm the maintainer of an application which pins a recent version of lxml (applications should ideally pin everything to have a known-good set of deps). One of the users reported that they cannot install python-saml in the same environment because it pins the upper version of lxml.
Assuming there are no breaking changes (after all, it's not a major version bump), would you consider removing this upper bound?
PS: Nice blog post on the topic of why pinning upper versions in libraries is usually a bad idea: https://iscinumpy.dev/post/bound-version-constraints/