Upgrade dependency constraints in pyproject.toml

- gremlinpython: ==3.7.4 -> >=3.7.4,<4 (allows 3.8.0)
- setuptools: >=42 -> >=70 in build-system.requires
- cython: unversioned -> >=3.2 in dev dependencies
- packaging: unversioned -> >=25.0 in dev dependencies
- cryptography: >=35.0 -> >=42.0

Author: dkropachev

TODO.md

@@ -0,0 +1,52 @@
+# Dependency Upgrade TODO
+
+Action items for upgrading dependencies (Python 3.10-3.14 support).
+
+## Later
+
+- [ ] **Upgrade `pytest`**: Change from `~=8.0` to `~=9.0` in `pyproject.toml` (major version upgrade)
+
+## High Priority
+
+- [x] **Upgrade `gremlinpython`**: Change from `==3.7.4` to `>=3.7.4,<4` in `pyproject.toml` (latest is 3.8.0)
+- [x] **Raise `setuptools` floor**: Change from `>=42` to `>=70` in `build-system.requires`
+
+## Medium Priority - Deprecated/Unmaintained Packages
+
+- [ ] **Replace `asynctest`**: Package unmaintained since 2020, incompatible with Python 3.12+
+  - Migrate to `unittest.IsolatedAsyncioTestCase` (stdlib) or `pytest-asyncio`
+  - Search codebase: `grep -r "asynctest" tests/`
+
+- [ ] **Migrate from `pytz` to `zoneinfo`**: `pytz` is deprecated
+  - `zoneinfo` is in stdlib since Python 3.9
+  - Django 5.x dropped pytz support entirely
+  - Search codebase: `grep -r "pytz" cassandra/ tests/`
+
+- [ ] **Evaluate `scales` dependency**: Last release in 2015, only tested on Python 2.7/3.3
+  - Determine if still needed for metrics
+  - Consider alternatives or removal
+
+- [ ] **Monitor `pure-sasl`**: Last release in 2019, unmaintained
+  - Works but no active maintenance
+  - Consider `pysasl` as potential alternative if issues arise
+
+## Low Priority - Minor Updates
+
+- [x] **Pin `cython` version**: Add `cython>=3.2` constraint in dev dependencies
+- [x] **Pin `packaging` version**: Add `packaging>=25.0` constraint in dev dependencies
+- [x] **Update `cryptography` floor**: Consider raising from `>=35.0` to `>=42.0`
+
+## Notes
+
+- **`eventlet`**: At latest (0.40.4) but in maintenance-only mode. New projects discouraged from using it. Consider long-term migration to asyncio.
+- **`geomet`**: No updates available (1.1.0 is latest, package appears unmaintained)
+- **`python-snappy`**: At latest (0.7.3) but limited maintenance activity
+- **`twisted`**, **`gevent`**, **`futurist`**: Already at latest versions
+
+## References
+
+- gremlinpython: https://pypi.org/project/gremlinpython/
+- pytest changelog: https://docs.pytest.org/en/stable/changelog.html
+- pytz deprecation: https://fedoraproject.org/wiki/Changes/DeprecatePytz
+- asynctest status: https://pypi.org/project/asynctest/
+- eventlet maintenance policy: https://pypi.org/project/eventlet/

pyproject.toml

@@ -31,8 +31,8 @@ requires-python = ">=3.9"
 "Issues" = "https://github.com/scylladb/python-driver/issues"
 
 [project.optional-dependencies]
-graph = ['gremlinpython==3.7.4']
-cle = ['cryptography>=35.0']
+graph = ['gremlinpython>=3.7.4,<4']
+cle = ['cryptography>=42.0']
 compress-lz4 = ['lz4']
 compress-snappy = ['python-snappy']
 
@@ -46,8 +46,8 @@ dev = [
     "twisted[tls]",
     "gevent",
     "eventlet>=0.33.3",
-    "cython",
-    "packaging",
+    "cython>=3.2",
+    "packaging>=25.0",
     "futurist",
     "asynctest",
     "pyyaml",
@@ -75,7 +75,7 @@ version = { attr = "cassandra.__version__" }                  # any module attri
 readme = { file = "README.rst", content-type = "text/x-rst" }
 
 [build-system]
-requires = ["setuptools>=42", "Cython"]
+requires = ["setuptools>=70", "Cython"]
 
 build-backend = "setuptools.build_meta"