Our policy for supporting versions of other packages is pretty loose. We should document how we decide what versions of our dependencies to support somewhere.
A draft policy is below:
scmdata is intended as a library so has loose dependency version requirements and as few required dependencies as possible to make life easier for downstream users, with the tradeoff being that users need to install more than just the base package to get some pieces of functionality and we don't guarantee installations will just work, for example we don't pin the maximum version of dependencies so in the case where a package comes out with a new major version things might break and users would have to do that pin themselves until we push a fix. We test that our minimum supported versions are actually supported and intend to add CI to check that installing development versions of upstream repositories don't break things (see #279). We check the minimums simultaneously i.e. we try to install all minimum versions at once (rather than some other option e.g. checking that minimum supported versions can be installed without pinning other dependencies).
Our policy for supporting versions of other packages is pretty loose. We should document how we decide what versions of our dependencies to support somewhere.
A draft policy is below:
See also discussion in #275