Update/pin requirements.txt versions

[hugovk]

Includes #89 to confirm passes CI (it does).

The last commit is unique for this PR: 564b176.

[meshy]

Was there a reason that this needed to change? I'd rather keep the versions in requirements.txt pinned to specific versions. (I'm surprised that pytz isn't pinned.)

Instead of removing the specific version from this, i'd be more comfortable with changing the version to something more recent.

[hugovk]

Main reason was to make sure it still works with the latest version whenever the CI runs, so we don't get any surprises when updating locally, and also to be able to use a more recent version for other projects.

But it's fine to pin both to the latest, and update from time to time. I've updated this PR.

[ghickman]

@meshy – you could enable something like dependabot or pyup for this project, depends if you want the overhead of updating requirements weekly.

[meshy]

@hugovk @ghickman I'm happy to bump the requirements to the latest version at the moment, but I'm not keen on the idea of updating them regularly without a pressing reason. I think that rules out dependabot, as far as I can see.

Pyup is interesting though. A security update could seem like a reasonable justification for automating updates. I'll install it, and see what happens!

[meshy]

@hugovk any chance you could rebase master into this so that I can merge the requirements changes?

If not, don't worry, I'll use #93 instead, but I prefer yours because you've pinned pytz.

EDIT: oops, I referenced #92 in the first version of this comment.

[hugovk]

@meshy Rebased.

[meshy]

Thank you :)