pyrsistent "transitive dep" is problematic #19501
Description
Background
As discussed in the Synapse Package Maintainers room,
pyproject.toml declares synapse's dependencies. In addition to what synapse actually depends on there are "transitive dependencies". These are a least-bad approach for avoiding user problems (and bug reports!) because A that Synapse depends on is a version which is good enough, except that it depends on B, and the B installed was good enough for what A said at release, except that it actually isn't good enough for correct behavior. Synapse therefore adds a dependency on new-enough B. This is all merely background.
Description
One of the "transitive dependencies" is pyrsistent, said to be for jsonschema. However, jsonschema dropped pyrsistent as a dependency in 4.18.0, summer of 2023. People who are up to date then won't need pyrsistent. But Synapse only requires jsonschema > 3, and people with ancient jsonschema might have problems.
My suggestion is to require jsonschema >= 4.18.0, and drop the pyrsistent transitive dependency. (I realize that wades into the supporting LTS question, but I don't understand wanting new synapse and old everything else.)
Steps to reproduce
Read the source code and then go read lots of other repo history.
Homeserver
reading.the.code
Synapse Version
1.148.0
Installation Method
Other (please mention below)
Database
none
Workers
I don't know
Platform
Discovered during packaging by code reading.
Configuration
No response
Relevant log output
N/AAnything else that would be useful to know?
No response