Problems in model dependencies (CVE-2024-5980)

[dafmdev]

Hi, thanks for creating Toto. I've tried testing it, but I see that there are many fixed dependencies that can cause conflicts or leave little room for security updates.

Currently, the Lightning transitive dependency has a critical CVE, and I need to update to version 2.3.3. However, the fixed version of Gluonts is only supported up to Lightning version 2.2.

Can you please define supported version ranges in the requirements.txt?