Python Package dependencies should not be pinned #4500
Description
Describe the bug
Installing CodeChecker form pypi forces strict versions of this project's dependencies, this is not recommended by the Python Packaging User Guide.
It is not considered best practice to use install_requires to pin dependencies to specific versions, or to specify sub-dependencies (i.e. dependencies of your dependencies). This is overly-restrictive, and prevents the user from gaining the benefit of dependency upgrades.
CodeChecker version
$ CodeChecker version
[INFO 2025-03-21 09:12] - CodeChecker analyzer version:
---------------------------------------------------------------
Kind | Version
---------------------------------------------------------------
Base package version | 6.25.1
Package build date | 2025-03-20T18:05
Git commit ID (hash) | c63dcdd8aa8dbd47360a0a02234c94e45107fb76
Git tag information | 6.25.1
---------------------------------------------------------------
[INFO 2025-03-21 09:12] - CodeChecker web version:
------------------------------------------------------------------------------
Kind | Version
------------------------------------------------------------------------------
Base package version | 6.25.1
Package build date | 2025-03-20T18:05
Git commit ID (hash) | c63dcdd8aa8dbd47360a0a02234c94e45107fb76
Git tag information | 6.25.1
Server supported Thrift API version | 6.61
Client Thrift API version | 6.61
------------------------------------------------------------------------------To Reproduce
N/A
Expected behaviour
The python package published to pypi should only specify the minimal version required for its dependencies, rather than a hard dependency.
Desktop (please complete the following information)
N/A
Additional context
The annoyance is most apparent if multiple packages would do this.