Dependency versions

The renvate bot tries to update all the dependencies and since this is a library, I really hesitating to merge those updates. If a downstream project wants to use this library and they have their own restrictions, it would be super annoying if our versions are incompatible. I therefore would advocate for specifying minimum versions we really need for this library to work leaving it for the users if the library to take care for up-to-date dependencies.

This basically means we only raise version restrictions manually and the dependabot might only update the lock files.