Add versions to Pipfile

[sarayourfriend]

Problem

Right now most of our Pipfile entries use *. This means pipenv will always try to lock to the latest version of a dependency. It also means that if you make any change to the Pipfile pipenv will lock all dependencies to the latest version when it re-locks. This means we cannot do atomic dependency upgrades and causes unrelated changes to introduce potentially breaking version changes in dependencies that are not the focus of a particular change set.

Description

Add versions to Pipfile for the dependencies we already have. Copy the versions currently used from the lock file.

Alternatives

Switch to a different package manager that uses the actual standard pyproject.toml like PDM or Poetry.

Additional context

See this commit to remove locust also upgrading openapi-spec-validator up a minor version causing backwards incompatible changes to be introduced that break out usage of the tool: 7a5aa37

https://github.com/p1c2u/openapi-spec-validator/releases/tag/0.5.0

https://github.com/WordPress/openverse-api/actions/runs/3186730853/jobs/5197684852

Implementation

• 🙋 I would be interested in implementing this feature.