Unpin dependencies' versions

[NoureldinYosri]

Description of the issue
We have several dependencies pinned at specific old version because newer version break the CI. Ideally we should either not have a version requirement of have version requirement beyond a specific release (e.g. >= or >). specifying a version requirement with ==, ~=, <=, < shouldn't be used.

The list of requirements that should be unpinned is
in cirq-core/requirements.txt:

• matplotlib~=3.0
• numpy~=1.16
• sortedcontainers~=2.0

in cirq-core/cirq/contrib/requirements.txt:

• pylatex~=1.3.0
• quimb~=1.6.0
• numba~=0.58.0

in dev_tools/pr_monitor/requirements.txt:

• requests==2.31.0
• google-cloud-secret-manager==1.0.0

in dev_tools/requirements/deps/protos.txt:

• grpcio-tools~=1.56.0
• mypy-protobuf==3.4

in dev_tools/requirements/deps/format.txt:

• black==23.3.0

in dev_tools/requirements/deps/dev-tools.txt:

• qiskit-aer~=0.12.2
• rstcheck~=3.3.1

in dev_tools/requirements/deps/pylint.txt:

• pylint~=2.13.0

in dev_tools/requirements/deps/mypy.txt:

• mypy==1.2.0
• types-backports==0.1.3
• types-protobuf~=3.20
• types-requests==2.28.1
• types-setuptools==62.6.1

in dev_tools/requirements/deps/notebook.txt:

• notebook>=6.4.1,<=6.4.7
• ipykernel==5.3.4
• papermill~=2.3.2
• seaborn~=0.11.1

in dev_tools/requirements/deps/pytest.txt:

• pytest-cov~=3.0
• coverage<=6.2
• pytest-xdist~=2.2.0
• filelock~=3.0.12
• freezegun~=0.3.15

---

Optionally these verndor related requirements should be unpinned

in cirq-aqt/requirements.txt:

• requests~=2.18

in cirq-pasqal/requirements.txt:

• requests~=2.18

in cirq-ionq/requirements.txt:

• requests~=2.18

in cirq-rigetti/requirements.txt:

• pyquil>=3.2.0,<4.0.0

[pavoljuhas]

specifying a version requirement with ==, ~=, <=, < shouldn't be used.

I feel it depends case to case. Expressions like matplotlib~=3.0 freeze the major version numbers only so we have some assurance there would be no API-breaking changes; at the same time we should be getting minor upgrades and have a decent range of compatible versions. The last stable matplotlib is at 3.8.2 so that requirement allows for the newest version.

For the requirement specifications under dev_tools/requirements it may be good to pin to specific versions such as black==23.3.0. These packages are for development environment where it is good to have the same code formatter and linter versions as used in the CI. It should also avoid surprises that the CI checks would stop passing because of a newer formatter or linter release.

[mhucka]

I apologize if this is off the mark, but my $0.02 based just on general principles is that I agree with Pavol.

For non-dev requirements, not using a version requirement or setting only a minimum version (using >= or >) would seem risky for users. As you know, major version changes in packages like Matplotlib or Numpy could very well introduce breaking changes. A new cirq-core release could address the resulting incompatibilities, but users might choose not to update their version of cirq-core right away, or they may not be able to update right away because they have a dependency on a pinned version of cirq-core in other software of theirs. If the cirq-core requirements only set a minimum version, then if the users update their copies of Matplotlib or Numpy or whatever, they may experience errors. (On can image a worst-case scenario where there are no overt errors yet some cirq behaviors potentially change, or numerical results are off, etc., however likely that is.)

So, in the end, it seems like specifying the requirements as, e.g., sortedcontainers~=2.0, is preferable for the non-dev requirements.