Pin backend dependencies to minor version according to lockfile

[grahamalama]

Checklist:

Before submitting your PR, please confirm that you have done the following:

• I have opened my PR against the staging branch, NOT against main
• I've run the relevant formatting and linting tools listed in the setup docs
• I have commented hard-to-understand areas in my code
• I've reviewed any merge conflicts to make sure they are resolved
• My changes generate no new warnings

Description

I noticed that many backend dependencies were specified with a wildcard * in the Pipfile. This could lead to situations where we install dependencies that are way out of sync with what we intend. For example, next time someone installs something with pipenv install <package>, pipenv would run pipenv lock then pipenv sync. This could lead to some unintended changes, like another dependency being bumped by a major version.

In this PR, we pin dependencies at the minor level. This means we'll get security updates when we pip install, but we'll stay stable at the minor level unless we intentionally increment the version.

I used the dependency versions currently in the lockfile to come up with what's now in the Pipfile.

Eventually, we should probably even pin to the patch version and manage dependency updates through Dependabot, when that's able to be re-enabled (see #1012)

Type of change

• Bug fix
• New feature
• Breaking change

How Has This Been Tested?

This has not been tested thoroughly, though I hope this is more or less a "noop", since my intent is only to pin versions in the Pipfile to match what's present in the lockfile.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
vacant-lots-proj	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 18, 2025 6:54pm