pin dependencies more tightly, updating versions

Some dependencies had no versioning; others used ">=" which is prone to
breakage as libraries have breaking changes.

This way means more maintenance but is safer against breakage.

Some projects also check in the lockfile for perfect reproducibility.

Where a ">=" was used, the version was generally updated to the latest,
which is probably what was being used in practice.

The "~=" operator allows the patch version to increment.

Author: rolandwalker

changelog.md

@@ -17,6 +17,7 @@ Internal
 * Prefer `yield from` over yielding in a loop.
 * Update `ruff` linter and CI.
 * Update `LICENSE.txt` for dates and GitHub detection.
+* Pin dependencies more tightly in `pyproject.toml`.
 
 
 1.53.0 (2026/02/12)

pyproject.toml

@@ -9,18 +9,18 @@ authors = [{ name = "Mycli Core Team", email = "mycli-dev@googlegroups.com" }]
 urls = { homepage = "http://mycli.net" }
 
 dependencies = [
-    "click >= 8.3.1",
-    "cryptography >= 1.0.0",
+    "click ~= 8.3.1",
+    "cryptography ~= 46.0.5",
     "Pygments ~= 2.19.2",
     "prompt_toolkit>=3.0.6,<4.0.0",
-    "PyMySQL >= 0.9.2",
+    "PyMySQL ~= 1.1.2",
     "sqlparse>=0.3.0,<0.6.0",
     "sqlglot[rs] == 27.*",
-    "configobj >= 5.0.5",
-    "cli_helpers[styles] >= 2.10.0",
-    "pyperclip >= 1.8.1",
-    "pycryptodomex",
-    "pyfzf >= 0.3.1",
+    "configobj ~= 5.0.0",
+    "cli_helpers[styles] ~= 2.10.0",
+    "pyperclip ~= 1.11.0",
+    "pycryptodomex ~= 3.23.0",
+    "pyfzf ~= 0.3.1",
     "rapidfuzz ~= 3.14.3",
     "keyring ~= 25.7.0",
 ]
@@ -34,33 +34,33 @@ build-backend = "setuptools.build_meta"
 
 [project.optional-dependencies]
 ssh = [
-    "paramiko~=3.5.1",
-    "sshtunnel",
+    "paramiko ~= 3.5.1",
+    "sshtunnel ~= 0.4.0",
 ]
 llm = [
-    "llm>=0.19.0",
-    "setuptools",                   # Required by llm commands to install models
-    "pip",
+    "llm ~= 0.28.0",
+    "setuptools == 82.*",                   # Required by llm commands to install models
+    "pip == 26.*",
 ]
 all = [
   "mycli[ssh]",
   "mycli[llm]",
 ]
 dev = [
-    "behave>=1.2.6",
-    "coverage>=7.2.7",
-    "mypy~=1.18.1",
-    "pexpect>=4.9.0",
-    "pytest>=7.4.4",
-    "pytest-cov>=4.1.0",
-    "tox>=4.8.0",
-    "pdbpp>=0.10.3",
-    "paramiko~=3.5.1",
-    "sshtunnel",
-    "llm>=0.19.0",
-    "setuptools",                   # Required by llm commands to install models
-    "pip",
-    "ruff~=0.15.0",
+    "behave ~= 1.3.3",
+    "coverage ~= 7.13.4",
+    "mypy ~= 1.19.1",
+    "pexpect ~= 4.9.0",
+    "pytest ~= 9.0.2",
+    "pytest-cov ~= 7.0.0",
+    "tox ~= 4.35.0",
+    "pdbpp ~= 0.11.7",
+    "paramiko ~= 3.5.1",
+    "sshtunnel ~= 0.4.0",
+    "llm ~= 0.28.0",
+    "setuptools == 82.*",                   # Required by llm commands to install models
+    "pip == 26.*",
+    "ruff ~= 0.15.0",
 ]
 
 [project.scripts]