Pin dependencies to y releases and use dependabot to update them
Recently, Pulp 3 package installs were broken by a new version of DRF which necessitated a new release of pulpcore (RC4). Our releases are fragile and unstable because they don't pin versions of dependencies.
Instead, pin pulpcore's dependencies to specific y release versions and use dependabot to notify us of new updates for pulpcore dependencies.
This was the outcome of a discussion on pulp-dev.
Please register to edit this issue