[mlir] Pin for the PyPi requirements for mlir

This change is pinning the requirements to a specific version (or a range) depending on the requirement. A couple of considerations:

* numpy 1.24 deprecates np.object, np.bool, np.float, np.complex, np.str, and np.int which are used heavily in onnx-mlir
* not all versions of each package are available on every platform - to the best of my knowledge, these ranges should work on Ubuntu, CentOS and Windows

Adding a minimum and maximum version, or pinning to a specific versions where possible, helps with two major goals - security and maintainability. It gives us an opportunity to make sure that the packages being used are not part of a security attack as well as guaranteeing that they support the features that mlir depends on (see note about numpy deprecation).

Let me know if you are aware of better versions or ranges to pin to.

Reviewed By: stellaraccident

Differential Revision: https://reviews.llvm.org/D142563

1 files changed, 4 insertions, 4 deletions

diff --git a/mlir/python/requirements.txt b/mlir/python/requirements.txt
index 991e8eb24335..aaf480f0bdc7 100644
--- a/mlir/python/requirements.txt
+++ b/mlir/python/requirements.txt
@@ -1,4 +1,4 @@
-numpy
-pybind11>=2.8.0
-PyYAML
-dataclasses
+numpy>=1.19.5, <=1.23.5
+pybind11>=2.8.0, <=2.10.3
+PyYAML==6.0
+dataclasses>=0.6, <=0.8