Enable the widen strategy for Python

[deivid-rodriguez]

The service currently does not accept that users configure the widen strategy in their configuration file.

However, we do have widen support in Python, since it's the default strategy used for libraries.

There may be some issues, but we should accept it, so that users are free to try it out and experiment what strategy works best for their case. Docs at https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#versioning-strategy would also need to be updated.

Noticed at #6625 (comment).

[jeffwidman]

It looks like #6632 fixes this, but you didn't cross-link it... does it only fix a subset for some reason?

[deivid-rodriguez]

The widen is strategy is supported by dependabot-core (at least partially, and better with #6632). However, it's not yet enabled at the service level.

We need to make internal changes to start accepting explicit versioning-strategy: widen for Python in .dependabot.yml. Currently the widen strategy only gets used for Python libraries because it's the default, but users cannot opt into it explicitly.

[phillipuniverse]

Currently the widen strategy only gets used for Python libraries because it's the default, but users cannot opt into it explicitly.

@deivid-rodriguez does Dependabot make the determination of a Python project being a "service" an application or a "library"?

[deivid-rodriguez]

We try to differentiate between "application" and "library", but I'm not sure that makes sense in the Python ecosystem, and we may stop doing that. See #6685.