Remove upper limits from dependencies

[LeoGrin]

https://prior-labs.slack.com/archives/C08LK13JRUN/p1773068482031969 some context

Summary

• Remove <3 cap on pandas
• Remove <5 cap on typing-extensions
• Change posthog~=6.7 (pins to <6.8) to posthog>=6.7

These upper bounds can cause unnecessary dependency conflicts downstream without providing meaningful protection.

Test plan

• Verify CI passes with uncapped dependencies
• Confirm no breaking changes with latest versions of pandas, typing-extensions, and posthog

🤖 Generated with Claude Code

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request aims to enhance the flexibility and compatibility of the project's dependencies by removing restrictive upper version bounds on key packages. By allowing pandas, typing-extensions, and posthog to update to newer major or minor versions, the change mitigates potential dependency conflicts in downstream projects and ensures the codebase can leverage the latest features and bug fixes from these libraries without being artificially constrained.

Highlights

• Dependency Upper Bounds Removed: The upper version limits for pandas (removed <3) and typing-extensions (removed <5) have been eliminated to prevent unnecessary dependency conflicts.
• Posthog Dependency Updated: The posthog dependency specification was changed from ~=6.7 (which pins to <6.8) to >=6.7, allowing for broader compatibility with future versions.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• pyproject.toml
  • Removed the upper version constraint for pandas (from <3).
  • Removed the upper version constraint for typing-extensions (from <5).
  • Updated the posthog dependency from ~=6.7 to >=6.7.

Activity

• The author plans to verify CI passes with the uncapped dependencies.
• The author plans to confirm no breaking changes occur with the latest versions of pandas, typing-extensions, and posthog.
• The pull request was generated with Claude Code.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request aims to improve dependency management by removing upper version caps. While this is a good goal for a library to reduce downstream conflicts, removing major version caps entirely for dependencies like pandas and posthog introduces a significant risk of future breakage when those dependencies release new major versions with breaking changes. My review includes suggestions to adopt a safer strategy of capping at the next major version, which balances flexibility with stability. I've left specific comments on the pyproject.toml file with code suggestions.

_{Note: Security Review has been skipped due to the limited scope of the PR.}

[gemini-code-assist]

While removing upper bounds can help with downstream dependency conflicts, completely removing the major version cap for pandas is risky. A future major version (e.g., v3.0 or v4.0) could introduce breaking changes that would cause tabpfn-common-utils to fail at runtime. A good compromise is to allow for the next major version while capping at the one after. This provides flexibility while still protecting against future breaking changes.

Suggested change

	"pandas>=1.4.0",
	"pandas>=1.4.0,<4",

[gemini-code-assist]

Removing the upper version cap for posthog is risky. The previous specifier ~=6.7 was equivalent to >=6.7,<7, which protected against breaking changes in a future v7.0 release. By changing to >=6.7, the library becomes vulnerable to such breakages. It's recommended to keep an upper bound to ensure future compatibility.

As a side note, the PR description's claim that ~=6.7 pins to <6.8 is incorrect for a two-part version number; according to PEP 440, it pins to <7.

Suggested change

	"posthog>=6.7",
	"posthog>=6.7,<7",

[brendan-priorlabs]

LGTM