requests package requirements

[Trojan17]

I would suggest to at least set up:

requests>=2.32.3 ; python_version >= "3.9" and python_version < "4.0"

It's preventing upgrading package to the newest one and I don't think the minor upgrade of requests would be incompatible in the future

[ALERTua]

ab5a5e3 this will do?

[Trojan17]

I think so, thanks

But why not use >=? Requests being updated quite often so the next ones would cause the same issue.

[ALERTua]

Well, because Caret Requirements limits the upper version of a module to the next major version, and major versions tend to have breaking changes, I'm accustomed to changing versions to the next major version only consciously, manually, by running all tests locally.
If one changes ^ to >=, and, say, requests bumps to 3.0 with breaking changes, you won't know that your module is now broken until someone clones your repo and tries to poetry install for local development, or you try to compile a new version.
So, from a perspective of regular updates, it's better to have >=, but I rely on the bus factor, as I am from Kyiv, Ukraine, and with ^ the module will be usable forever even without a maintainer.

[Trojan17]

I get the point but actually your requirements sets it with ==. That's why I see requests>=2.32.5,<3.0.0 would not apply to major versions but still make it upgradable

Consider using requests~=2.32.5 for example in your requirements.txt, that would allow patches to be applied

[ALERTua]

Okay, I guess you are talking about requirements.txt, not pyproject.toml. requirements.txt is being automatically exported by a pre-commit check and is not used by anything. It only represents the exact snapshot of the development environment the last build was built on.

[Trojan17]

It is being used by pip's dependency resolver

[ALERTua]

How so? The wheel is being built by poetry. Here's my clean test

~\temp via 🐍 v3.13.7 (.venv_test) took 1s
➜ pip install msteamsapi -v --force
Using pip 25.2 from C:\Users\alexe\temp\.venv_test\Lib\site-packages\pip (python 3.13)
Collecting msteamsapi
  Obtaining dependency information for msteamsapi from https://files.pythonhosted.org/packages/b3/26/49ef6eda467ca2ea5089975befd88e3f710e28aed9b8511604ed6a59bd58/msteamsapi-0.9.5-py2.py3-none-any.whl.metadata
  Using cached msteamsapi-0.9.5-py2.py3-none-any.whl.metadata (4.4 kB)
Collecting importlib-resources<7.0.0,>=6.4.0 (from msteamsapi)
  Obtaining dependency information for importlib-resources<7.0.0,>=6.4.0 from https://files.pythonhosted.org/packages/a4/ed/1f1afb2e9e7f38a545d628f864d562a5ae64fe6f7a10e28ffb9b185b4e89/importlib_resources-6.5.2-py3-none-any.whl.metadata
  Using cached importlib_resources-6.5.2-py3-none-any.whl.metadata (3.9 kB)
Collecting requests<3.0.0,>=2.32.3 (from msteamsapi)
  Obtaining dependency information for requests<3.0.0,>=2.32.3 from https://files.pythonhosted.org/packages/1e/db/4254e3eabe8020b458f1a747140d32277ec7a271daf1d235b70dc0b4e6e3/requests-2.32.5-py3-none-any.whl.metadata
  Using cached requests-2.32.5-py3-none-any.whl.metadata (4.9 kB)
Collecting charset_normalizer<4,>=2 (from requests<3.0.0,>=2.32.3->msteamsapi)
  Obtaining dependency information for charset_normalizer<4,>=2 from https://files.pythonhosted.org/packages/9a/8f/ae790790c7b64f925e5c953b924aaa42a243fb778fed9e41f147b2a5715a/charset_normalizer-3.4.3-cp313-cp313-win_amd64.whl.metadata
  Using cached charset_normalizer-3.4.3-cp313-cp313-win_amd64.whl.metadata (37 kB)
Collecting idna<4,>=2.5 (from requests<3.0.0,>=2.32.3->msteamsapi)
  Obtaining dependency information for idna<4,>=2.5 from https://files.pythonhosted.org/packages/76/c6/c88e154df9c4e1a2a66ccf0005a88dfb2650c1dffb6f5ce603dfbd452ce3/idna-3.10-py3-none-any.whl.metadata
  Using cached idna-3.10-py3-none-any.whl.metadata (10 kB)
Collecting urllib3<3,>=1.21.1 (from requests<3.0.0,>=2.32.3->msteamsapi)
  Obtaining dependency information for urllib3<3,>=1.21.1 from https://files.pythonhosted.org/packages/a7/c2/fe1e52489ae3122415c51f387e221dd0773709bad6c6cdaa599e8a2c5185/urllib3-2.5.0-py3-none-any.whl.metadata
  Using cached urllib3-2.5.0-py3-none-any.whl.metadata (6.5 kB)
Collecting certifi>=2017.4.17 (from requests<3.0.0,>=2.32.3->msteamsapi)
  Obtaining dependency information for certifi>=2017.4.17 from https://files.pythonhosted.org/packages/e5/48/1549795ba7742c948d2ad169c1c8cdbae65bc450d6cd753d124b17c8cd32/certifi-2025.8.3-py3-none-any.whl.metadata
  Using cached certifi-2025.8.3-py3-none-any.whl.metadata (2.4 kB)
Using cached msteamsapi-0.9.5-py2.py3-none-any.whl (7.8 kB)
Using cached importlib_resources-6.5.2-py3-none-any.whl (37 kB)
Using cached requests-2.32.5-py3-none-any.whl (64 kB)
Using cached charset_normalizer-3.4.3-cp313-cp313-win_amd64.whl (107 kB)
Using cached idna-3.10-py3-none-any.whl (70 kB)
Using cached urllib3-2.5.0-py3-none-any.whl (129 kB)
Using cached certifi-2025.8.3-py3-none-any.whl (161 kB)
Installing collected packages: urllib3, importlib-resources, idna, charset_normalizer, certifi, requests, msteamsapi
  Attempting uninstall: urllib3
    Found existing installation: urllib3 2.5.0
    Uninstalling urllib3-2.5.0:
      Removing file or directory c:\users\alexe\temp\.venv_test\lib\site-packages\urllib3-2.5.0.dist-info\
      Removing file or directory c:\users\alexe\temp\.venv_test\lib\site-packages\urllib3\
      Successfully uninstalled urllib3-2.5.0
  Attempting uninstall: importlib-resources
    Found existing installation: importlib_resources 6.5.2
    Uninstalling importlib_resources-6.5.2:
      Removing file or directory c:\users\alexe\temp\.venv_test\lib\site-packages\importlib_resources-6.5.2.dist-info\
      Removing file or directory c:\users\alexe\temp\.venv_test\lib\site-packages\importlib_resources\
      Successfully uninstalled importlib_resources-6.5.2
  Attempting uninstall: idna
    Found existing installation: idna 3.10
    Uninstalling idna-3.10:
      Removing file or directory c:\users\alexe\temp\.venv_test\lib\site-packages\idna-3.10.dist-info\
      Removing file or directory c:\users\alexe\temp\.venv_test\lib\site-packages\idna\
      Successfully uninstalled idna-3.10
  Attempting uninstall: charset_normalizer
    Found existing installation: charset-normalizer 3.4.3
    Uninstalling charset-normalizer-3.4.3:
      Removing file or directory c:\users\alexe\temp\.venv_test\lib\site-packages\charset_normalizer-3.4.3.dist-info\
      Removing file or directory c:\users\alexe\temp\.venv_test\lib\site-packages\charset_normalizer\
      Removing file or directory c:\users\alexe\temp\.venv_test\scripts\normalizer.exe
      Successfully uninstalled charset-normalizer-3.4.3
  Attempting uninstall: certifi
    Found existing installation: certifi 2025.8.3
    Uninstalling certifi-2025.8.3:
      Removing file or directory c:\users\alexe\temp\.venv_test\lib\site-packages\certifi-2025.8.3.dist-info\
      Removing file or directory c:\users\alexe\temp\.venv_test\lib\site-packages\certifi\
      Successfully uninstalled certifi-2025.8.3
  Attempting uninstall: requests
    Found existing installation: requests 2.32.5
    Uninstalling requests-2.32.5:
      Removing file or directory c:\users\alexe\temp\.venv_test\lib\site-packages\requests-2.32.5.dist-info\
      Removing file or directory c:\users\alexe\temp\.venv_test\lib\site-packages\requests\
      Successfully uninstalled requests-2.32.5
  Attempting uninstall: msteamsapi
    Found existing installation: msteamsapi 0.9.5
    Uninstalling msteamsapi-0.9.5:
      Removing file or directory c:\users\alexe\temp\.venv_test\lib\site-packages\msteamsapi-0.9.5.dist-info\
      Removing file or directory c:\users\alexe\temp\.venv_test\lib\site-packages\msteamsapi\
      Successfully uninstalled msteamsapi-0.9.5
Successfully installed certifi-2025.8.3 charset_normalizer-3.4.3 idna-3.10 importlib-resources-6.5.2 msteamsapi-0.9.5 requests-2.32.5 urllib3-2.5.0

Here are the constraints for the wheel: Collecting requests<3.0.0,>=2.32.3 (from msteamsapi). Which resulted in requests-2.32.5
Am I doing something wrong?