Correct minimum versions in dependency version ranges

[dlqqq]

Description

• Fixes Minimum dependencies CI job is failing #1273.
• Fixes the Python Tests / Unit tests (Python 3.9, minimum dependencies) workflow, currently failing on CI.
  • Example of failing run: https://github.com/jupyterlab/jupyter-ai/actions/runs/13762125319/job/38480403001?pr=1271
• Updates dependency version floors to be usable, i.e. a user can install Jupyter AI with each dependency pinned to the version floor we declare.

Details

• Removes 2 unused dependencies: typing_extensions and aiosqlite.
• Bumps traitlets>=5.0 to traitlets>=5.6 to match JupyterLab 4's dependencies.
• Bumps jupyter_server>=1.6 to jupyter_server>=2.11.1 to match jupyter_server_ydoc>=3 dependencies.
  • When backporting, we should try to lower this to jupyter_server>=2.4 to match JupyterLab 4's dependencies.
• Bumps click>=8.0.0 to click>=8.1.0. click==8.0.0 was released almost 4 years ago and is a very common dependency. Bumping this floor speeds up minimum versions tests in CI.
• Bumps pydantic>=2.0.0 to pydantic>=2.10.0.
  • pydantic<2.10.0 fails with Jupyter AI, since it raises a "protected namespaces" error due to our usage of a model_id attribute: https://docs.pydantic.dev/latest/api/config/#pydantic.config.ConfigDict.protected_namespaces
• Drops Python 3.8 support, since it has reached end-of-life and we are not testing that in our CI workflows.
• Removes importlib_metadata package, as the importlib.metadata module is now part of the standard library in Python 3.8+.
  • Not possible because entry_points().select(...) fails in Python 3.9, since the API wasn't finalized until Python 3.10.

[dlqqq]

The latest CI failure is being caused by typing_extensions. The typing_extensions dependency was added in #192, but does not appear to be used. I'll remove this and see what happens.

[dlqqq]

One issue is that the minimum dependencies job is now taking 20+ minutes. I think the runner may be struggling with memory use when trying to resolve the dependency set, since network downloads of PyPI packages shouldn't take this long.

[dlqqq]

I found a couple more issues with our dependencies that may be causing this job to take forever:

1. aiosqlite is required but never used.
2. ollama>=0.4.0 requires pydantic>=2.9.0: https://github.com/ollama/ollama-python/blob/v0.4.0/pyproject.toml

[dlqqq]

The qianfan package has a huge list of dependencies which may also be slowing down the resolver: https://github.com/baidubce/bce-qianfan-sdk/blob/main/python/pyproject.toml

[dlqqq]

Failed after 55 minutes (!): https://github.com/jupyterlab/jupyter-ai/actions/runs/13775086781/job/38522465409?pr=1272

[dlqqq]

Looks like bumping pydantic and dropping importlib_metadata really helped speed up the dev-install step for jupyter_ai_magics. The jupyter_ai package is still taking a long time to dev-install however. Will check in this PR tomorrow, have to head off today.

[dlqqq]

Bumping the pydantic, click, and jupyter_server version floors allowed pip to quickly resolve the dependency set and complete installation in the CI.

Unfortunately, even though importlib.metadata provides entry points in Python 3.8+, the API wasn't finalized until Python 3.10.

CI is able to install the dependencies, but the tests fail because the entry_points().select(...) method only exists in Python 3.10+, not Python 3.9. 🤦

I'll likely have to add importlib_metadata back to fix Python 3.9 support. We can finally remove this dependency once Python 3.9 reaches EOL in October of this year.

[srdas]

All changes look good and the CI is also passing with these changes. Thanks for sorting out these dependency issues!

[dlqqq]

@krassowski Thank you for contributing to maintainer-tools to add this to our CI. I never knew that an excessively loose version range can trigger this error for users in older environments:

"RuntimeError: maximum recursion depth exceeded while calling a Python object"

Thanks to your contributions, our minimum dependency versions will now be correct & verifiable (as of v2.30.0+). pip install jupyter_ai should be faster & more reliable for users in older environments now. This is awesome! 🤗

[dlqqq]

@meeseeksdev please backport to 2.x

[krassowski]

Thank you for the work here, I appreciate it was a deep hole! The most important thing is it will help to catch some issues when using a function from a new version of a package and forgetting to bump the dependency constraint.