Use loose dependencies for package in order to make it easier for downstream...

Use loose dependencies for package in order to make it easier for downstream projects to bump versions of dependencies for security constraints