I’ve talked with several contributors in the past about dependencies and fixing versions (for fear that future versions may not be compatible). I’m currently revisiting all that stuff while investigating the switch to poetry config files and found this excellent post, going into a lot of detailed arguments about the problems with capping versions. It focuses on the upper caps, but a lot of the arguments made are relevant both ways.
For info, I’m creating a pyproject.toml with relatively flexible version capping for dependencies: the lower version will be based on the PsychoPy 2022.2.3 MacOS Standalone and the upper version will be blank unless I know the next version of the dependency to be broken.
I will also supply a poetry lock file so most users will get a fixed set of dependencies but can easily update them using poetry update. This is still a work in progress.