add freeze for development and full range for install

[Borda]

What does this PR do?

Closes #12383
set all max versions of today's latest released version and define dependabot to open PR when a new release appears...
in setup add logic for removing this upper bound unless it is commented in as strict

Before submitting

• Was this discussed/approved via a GitHub issue? (not for typos and docs)
• Did you read the contributor guideline, Pull Request section?
• Did you make sure your PR does only one thing, instead of bundling different changes together?
• Did you make sure to update the documentation with your changes? (if necessary)
• Did you write any new necessary tests? (not for typos and docs)
• Did you verify new and existing tests pass locally with your changes?
• Did you list all the breaking changes introduced by this pull request?
• Did you update the CHANGELOG? (not for typos, docs, test updates, or minor internal changes/refactors)

PR review

Anyone in the community is welcome to review the PR.
Before you start reviewing, make sure you have read the review guidelines. In short, see the following bullet-list:

• Is this pull request ready for review? (if not, please submit in draft mode)
• Check that all items from Before submitting are resolved
• Make sure the title is self-explanatory and the description concisely explains the PR
• Add labels and milestones (and optionally projects) to the PR so it can be classified

Did you have fun?

Make sure you had fun coding 🙃

cc @carmocca @akihironitta @Borda @tchaton @rohitgr7

[awaelchli]

awesome!

[awaelchli]

can you explain what the core change is here, on a high level? I'm not exactly sure what it does or when it is used

[Borda]

when you install PL as a python package our requirements listed in files need to be loaded and passed to the setup function... till now we just dropped all comments and HTTP links, but now we also remove all upper bound version limitations unless it is intended (the commend after package includes word strict)

[awaelchli]

Okay I see. So basically if the requirement says x >= 1.5, <1.7, we will install as if x >= 1.5. Sounds good! Do we actually have examples where the comment includes "strict"?

[Borda]

Okay I see. So basically if the requirement says x >= 1.5, <1.7, we will install as if x >= 1.5

the pattern for replacement is <= not < as the dependabot would list the last feasible version

Do we actually have examples where the comment includes "strict"?

not yet as we do not have such case yet :/

[akihironitta]

This is nice! Please correct me if I'm wrong, but with this logic, we don't need to change anything in the requirements files (i.e., we don't need to unpin the upper-bounded versions) when releasing, right?

[Borda]

@kaushikb11 ^^

[awaelchli]

Okay I see. So basically if the requirement says x >= 1.5, <1.7, we will install as if x >= 1.5. Sounds good! Do we actually have examples where the comment includes "strict"?

[akihironitta]

The change in setup_tools.py is very interesting 🚀

[akihironitta]

noob question: How is it different from specifying the exact version? e.g. <=2.1.* vs. <=2.1.2

Not sure why some use .* and others use exact versions.

[Borda]

.* includes all bugfixes...
<=2.1.* is the same as <2.2

[akihironitta]

Should all upper bounds be written that way then?

For example,

- matplotlib>3.1, <=3.5.1
- torchtext>=0.9.*, <=0.12.0
+ matplotlib>3.1, <=3.5.*
+ torchtext>=0.9.*, <=0.12.*

[akihironitta]

I think it's nothing critical, but I'm just curious why some are written so while others aren't.

[Borda]

we can convert them to a specific version :)

[akihironitta]

IMHO, we should have specific versions for all packages to further reduce the possibility of something getting broken. (meaning we shouldn't use *.)

[kaushikb11]

The comment will go next to horovod.

[Borda]

it was too long line, but yes, we can move it back...

[Borda]

->