Don't pin dependencies

[bpedersen2]

As this is a library, please don' hard-pin dependencies, instead use suitable ranges.

Especially: requests>=2.27.1 instead of requests==2.27.1 unless 2.28+ is really breaking yuos_query as e.g. has other deps that require >=2.28.1 resulting in conflict

[mattclarke]

PyPi seems to be a popular target for scumbags at the moment, so I am reluctant to have an open ended range if it can be avoided.
I can setup dependabot, so we can at least keep our version relatively up-to-date - work that be an acceptable compromise?

[bpedersen2]

I would allow a rather open intervall ( take a look at the numpy recommendations, they do latest +3 (minor) versions)
and pin the versions on the application (nicos, your internal apps) level. otherwise all consumers of this lib are locked to the single version, which gets hard to manage over time.

[danesss]

One recommended approach, specially for libraries, is to use setuptools install_requires to define compatible versions,
and leave the version pinning for the requirements.txt file.
install_requires would be used by dependent packages, and requirements.txt when installing the package directly.

It is not considered best practice to use install_requires to pin dependencies to specific versions

[mattclarke]

@bpedersen2: I've done what @danesss suggested and loosened the dependencies in the setup.py.
I am just creating a gerrit patch. Can you let me know if this fixes the issue pls?