Ensure users and devs have a similar environment

[leoisl]

We had issues due to dependencies updating and API changes, modifying BIGSI behaviour. I feel very strongly that we should ensure that users and devs have the exact same environment, so the execution and issues are reproducible, and we don't have unexpected bugs. The only way to achieve this is to require everyone to use the containers, but I don't think that is feasible. So, we should at least fix the python dependencies versions, so at least the python environment and the dependencies are always the same.

I don't think there is the downside of our dependencies never getting upgraded if we fix the versions: we are just controlling the dependencies' versions. We will thus be responsible for upgrading the dependencies from time to time, but before upgrading the dependencies, we will be able to make sure everything works by running a comprehensive test suite.

[Zhicheng-Liu]

Hi @leoisl , I think it is a good idea to fix dependency versions. And we should try to move forward the dependency versions in every releases. If we have good test coverage, this should not take a lot of time.

There is a service provided by Github called dependabot. Its preview version is free to use. It looks promising so I just wanted to documented it here.