no versions specified in requirements.txt cause unpredictable failures due to dependency upgrades. #526
Description
I had made some modifications to our operational pysteps, tested the new version and this worked fine in our staging environment. Our production team created a new docker image on the production environment, but here the new prod runs crashed quite dramatically due to an error in a very freshly upgraded dependency.
This can happen at unpredictable moments because the requirements.txt file does not pin specific versions.
I have pinned our docker dependencies to a version that I know works. However, @jbelien pointed out to me that it would make more sense to simply specify the versions in the mainline pysteps requirements.txt instead.
I propose therefore to pin the versions of dependencies for reproducability.
To avoid having to update this manually every time packages are updated, one can run dependabot.