Is your feature request related to a problem? Please describe.

While using pyattck, I noticed that the install_requires points to the requirements file having pinned library versions. This is a departure from best practice. Refer to https://packaging.python.org/discussions/install-requires-vs-requirements/

It is not considered best practice to use install_requires to pin dependencies to specific versions, or to specify sub-dependencies (i.e. dependencies of your dependencies). This is overly-restrictive, and prevents the user from gaining the benefit of dependency upgrades.

The current pinned version of Pillow==8.2.0 has several vulnerabilities which have been fixed in the latest version. I'm not able to pin Pillow to 8.4.0 because pyattck pins it to 8.2.0. Vulnerabilities:

• https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
• https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html#security

Describe the solution you'd like

The more urgent request would be to allow Pillow>=8.2.0 . Overall, it would be nice to remove pinned versions.