Outdated (and possibly too restrictive) dependency settings

[florian-huber]

In the pyproject.toml we switched at some point to more restrictive < or ^ settings. That gave the advantage of not always breaking with new dependency releases. But I feel that it is fairly restrictive. And, it requires that we frequently inspect those settings to not miss important updates.

Currently, rdkit fails in the CI pipeline.
And, at least some dependencies underwent major updates. Numpy, for instance, went to 2.0.
Pandas is now at 2.2.2 with many bug fixes on the way.
Numba is at 0.59. (which no longer supports Python 3.8, but does now support 3.12).
Etc.

Current settings are:

[tool.poetry.dependencies]
python = ">=3.8,<3.12"
numpy = "<1.25"
scipy = "<1.11"
pandas = "^2.0.3"
pillow = "!=9.4.0"
lxml = "^4.9.3"
matplotlib = "^3.7.2"
networkx = "^3.1"
numba = "^0.57.1"
pickydict = "^0.4.0"
pyteomics = "^4.6"
requests = "^2.31.0"
sparsestack = "^0.4.1"
tqdm = "^4.65.0"
rdkit = "^2023.3.2"
pyyaml = "^6.0.1"
deprecated = "^1.2.14"
pubchempy = "*"

See also https://packaging.python.org/en/latest/specifications/dependency-specifiers/ for documentation on how to add dependencies.

[florian-huber]

I would actually prefer switching to a > style where we mostly define minimal versions that work. And then set a cronjob to test every month for possible things breaking. This way, we will at least not miss out on bug fixes and updates.

[Adafede]

I was about to open such an issue!
Thank you for it @florian-huber.

I find the numpy and rdkit (from the latest 0.25 version) quite annoying as if matchms wants to be added as a dependency to a package using the latest versions of them, the latter needs to stay on "outdated" versions 😢