Currently plaid-python and plaid-python-legacy both have a sub-dependency of requests and it is locked to a specific version ==2.7.0.
It is extremely rare to have a library lock a sub-dependency like this, as it causes all sorts of issues with sub-dependency clashes (in fact, our application has over 50 packages, and 0 have a fully locked sub-dependency, all are >= other than plaid-python), and it locks the users of your library out of valuable bug fixes that have been implemented since 2.7.0 was released in May of 2015.
Finally, requests will not introduce any breaking changes except on major version updates (http://docs.python-requests.org/en/master/community/release-process/).
For those reasons, I would recommend you change your dependency on requests to >=2.7.0, or <3.0.0,>=2.7.0 if you want to be safer.
Currently
plaid-pythonandplaid-python-legacyboth have a sub-dependency ofrequestsand it is locked to a specific version==2.7.0.It is extremely rare to have a library lock a sub-dependency like this, as it causes all sorts of issues with sub-dependency clashes (in fact, our application has over 50 packages, and 0 have a fully locked sub-dependency, all are
>=other thanplaid-python), and it locks the users of your library out of valuable bug fixes that have been implemented since2.7.0was released in May of 2015.Finally,
requestswill not introduce any breaking changes except on major version updates (http://docs.python-requests.org/en/master/community/release-process/).For those reasons, I would recommend you change your dependency on
requeststo>=2.7.0, or<3.0.0,>=2.7.0if you want to be safer.