In short: downstream projects have no way to remove an artificial (wrong)
upper bound, but adding a missing one is easy. Since it's unknowable
which future versions will be compatible, it's better to err on the side of
allowing them, for the context of libraries.
In addition, we continuously check the newest dependency versions via
dependabot, and our CI is using pinned dependencies. As such, I believe we
can afford to leave out the upper limit.
Remove upper limits on dependencies. For context, see e.g. the discussion in https://iscinumpy.dev/post/bound-version-constraints/
In short: downstream projects have no way to remove an artificial (wrong) upper bound, but adding a missing one is easy. Since it's unknowable which future versions will be compatible, it's better to err on the side of allowing them, for the context of libraries.
In addition, we continuously check the newest dependency versions via dependabot, and our CI is using pinned dependencies. As such, I believe we can afford to leave out the upper limit.
Other changes: