Loosen dependency pins: cachetools, aiohttp, requests

[socketz]

Summary

Loosens overly strict dependency pins that cause conflicts with other packages in the same environment.

Fixes #127

Changes

Dependency	Before	After	Reason
cachetools	==4.2.0	>=4.2,<8	Hard pin to a 6-year-old version blocks users with other packages requiring cachetools>=5/6/7. Tested compatible with cachetools 7.0.5.
aiohttp	>=3.12.14,<=4	>=3,<4	<=4 only allowed exactly 4.0.0, unintentionally excluding 4.0.1+. Changed to <4 to correctly express the intent of staying on the v3 series.
requests	>=2.18.4	>=2.18.4,<3	Added upper bound to avoid unexpected breakage if a future v3 introduces breaking changes.

Testing

All existing tests pass with cachetools 7.0.5 and the updated constraints.

[Copilot]

Pull request overview

This PR loosens dependency constraints in the Python package metadata to reduce install-time conflicts for consumers (Fixes #127).

Changes:

• Relax cachetools from a hard pin (==4.2.0) to a range (>=4.2,<8).
• Correct aiohttp’s upper bound semantics by switching from <=4 (effectively <=4.0.0) to <4.
• Add an upper bound for requests (<3) to avoid potential future breaking changes.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File	Description
pyproject.toml	Updates published dependency specifiers for requests, cachetools, and aiohttp.
uv.lock	Updates the lockfile’s requires-dist metadata to match the new dependency specifiers.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[socketz]

Sorry for the AI-assisted approach — but this is a well-known pain point that's been affecting users for a while, and since the fix is straightforward, it felt worth resolving quickly rather than waiting.