Upper version limits in dependencies

requests currently has a bunch of version restrictions:

• chardet>=3.0.2,<5
• idna>=2.5,<3
• urllib3>=1.21.1,<1.27

In particular with idna and urllib3, which are widely used themself, whenever another package triggers installation of an open-ended version of these libraries, a subsequent install of requests then will lead to warnings or errors the like

requests 2.25.1 requires idna<3,>=2.5, but you'll have idna 3.1 which is incompatible.

Are there actual reasons to limit the upper versions? Could these be lifted?

Putting version upper limits into widely used libraries leads to major headaches for downstream project. Even when following a dedicated-venv-per-app model, if that app has multiple dependencies that in turn depend on above, this is tricky to fix (order dependency, finding an intersecting version in the first place, …). fwiw, I’ve spent countless hours on fixing fallout from such scenarios …