Don't pin dev-deps in pyproject; use lower bounds (#14227)
* Don't pin dev-deps in pyproject; use lower bounds
This makes it slightly less tedious to update these things via
successive dependabot updates, by reducing the likelihood of a merge
conflict.
* Changelog
* Changelog
Specify dev-dependencies using lower bounds, to reduce the likelihood of a dependabot merge conflict. The lockfile continues to pin to specific versions.