The pgadmin4 package [1] has strict version pins for packages with a lower and upper bound. The upper bound prevents me from updating python-cryptography to latest version, see #2211237 and https://bodhi.fedoraproject.org/updates/FEDORA-2023-11f1c85512 .

[1] https://src.fedoraproject.org/rpms/pgadmin4/blob/rawhide/f/pgadmin4.spec

Reproducible: Always

Steps to Reproduce:
1. Update python-cryptography to a newer version
2. File an update request on Bodhi
3.
Actual Results:  
Fedora QA fails:

Dependency problems with repos:
nothing provides (python3dist(cryptography) >= 40 with python3dist(cryptography) < 40.1) needed by pgadmin4-7.0-1.fc39.x86_64
nothing provides (python3dist(cryptography) >= 40 with python3dist(cryptography) < 40.1) needed by pgadmin4-7.0-1.fc39.x86_64

Expected Results:  
No dependency problem

Neither RPM nor Python packages should have a speculative upper version bound for dependencies. The lower and upper version of a dependency should only be restricted when there is a known issue. Otherwise you are inflicting additional work and pain on every maintainer of a dependency. 

https://docs.fedoraproject.org/en-US/packaging-guidelines/#_package_dependencies
> Versioned dependencies (build-time or runtime) SHOULD ONLY be used when actually necessary to guarantee that the proper version of a package is present.

https://iscinumpy.dev/post/bound-version-constraints/ explains the issue with upper version bounds in great details and why it's frowned upon in Python eco system.