Don't use strict dependency versions

[impervius]

1. Don't use strict == versions in pyproject.toml ("python-snappy>=0.6.1", "zstd>=1.5.5.1" instead of "python-snappy==0.6.1", "zstd==1.5.5.1")
2. Update tooling to use newer action versions, use uv and the package dependencies (uv sync) instead of installing the dependencies manually.

[impervius]

@sydp what do you think?

[sydp]

Hey there, thanks for the PR, note uv isn't the documented package manager for this repo and for now opting to leave updates to existing GH workflows in the hands of maintainers.

I'll take a look at relaxing the dependency versions, but can you share any more detail on any problems you are facing?

[impervius]

Regarding relaxing the version requirements of the dependencies:

1. It forces the versions of other packages and does not allow an environment that uses these packages with other versions.
2. It is just not needed.
3. It uses old versions with potential bugs that were fixed in future versions. (and potential improvements that are forcibly not included right now).
4. It uses old versions that don't include pre-built wheels for recent python versions (for example zstd 1.5.5.1 has pre-built wheels only for CPython<=3.11).

Regarding uv:
What do you mean "the documented package manager for this repo"?

The adjusted workflows that use uv over pip and setup-python are shorter, more readable, don't require updating the CI on each dependency update, really test the environment (right now the CI uses pip install zstd which is not good as it uses the latest zstd but the current requirements state a specific version) and they should be faster too.

Why not use it?

[sydp]

Hey thanks for the additional context and reasoning for your proposed changes, I definitely see your points regarding relaxing the requirements and compatibility with newer Python versions.

What do you mean "the documented package manager for this repo"?

To clarify, I meant that the current README instructions and CI flows are built around pip as the standard baseline for all users. While uv is great, and I do use it myself, we are aiming to keep the repo accessible to everyone regardless of their preferred toolset.

On the workflows: I’d like to revisit the migration later, but for now, my suggestion is to keep the existing workflows as the baseline. However, I’m open to relaxing the dependency versions for now.

[impervius]

we are aiming to keep the repo accessible to everyone regardless of their preferred toolset.

Note that my changes don't limit or force the toolset of the users or developers, it just switches the CI to use uv, so in that manner the repo with my changes is as accessible as it is today.

The README.md instructions are totally valid and installing the package using pip install dfindexeddb works today and will continue to work seamlessly with the proposed changes.

I will revert the other changes for now and leave only the dependency relaxation.

[sydp]

LGTM