fix(release): pin pyjwt to version <2

[villebro]

SUMMARY

Currently pip install apache-superset pulls in an incompatible version of PyJWT due to it being restricted on one of the dependencies. See https://stackoverflow.com/questions/60303682/why-is-pip-installing-an-incompatible-package-version for more info. Note: this is just a quick fix; we should preferably do some more work in this area to have more robust dependency resolution and achieving proper locking e.g. via poetry.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TEST PLAN

ADDITIONAL INFORMATION

• Has associated issue:
• Changes UI
• Requires DB Migration.
• Confirm DB Migration upgrade and downgrade tested.
• Introduces new feature or API
• Removes existing feature or API

[codecov-io]

Codecov Report

Merging #12804 (c5dd7a9) into master (14de7b4) will decrease coverage by 3.60%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master   #12804      +/-   ##
==========================================
- Coverage   67.01%   63.40%   -3.61%     
==========================================
  Files        1022      488     -534     
  Lines       50100    30138   -19962     
  Branches     5065        0    -5065     
==========================================
- Hits        33573    19109   -14464     
+ Misses      16403    11029    -5374     
+ Partials      124        0     -124     

Flag	Coverage Δ
cypress	?
javascript	?
python	63.40% <ø> (-0.68%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
superset/db_engines/hive.py	0.00% <0.00%> (-85.72%)	⬇️
superset/sql_validators/postgres.py	50.00% <0.00%> (-50.00%)	⬇️
superset/db_engine_specs/hive.py	73.84% <0.00%> (-17.31%)	⬇️
superset/databases/commands/create.py	83.67% <0.00%> (-8.17%)	⬇️
superset/databases/commands/update.py	85.71% <0.00%> (-8.17%)	⬇️
superset/connectors/sqla/models.py	84.31% <0.00%> (-6.28%)	⬇️
superset/db_engine_specs/sqlite.py	90.62% <0.00%> (-6.25%)	⬇️
superset/databases/commands/test_connection.py	84.78% <0.00%> (-4.35%)	⬇️
superset/utils/celery.py	96.42% <0.00%> (-3.58%)	⬇️
superset/models/core.py	85.59% <0.00%> (-3.27%)	⬇️
... and 545 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 14de7b4...c5dd7a9. Read the comment docs.

[dpgaspar]

I would prefer to pin all our main dependencies under the next major

Yes, we should give poetry another try

[villebro]

I would prefer to pin all our main dependencies under the next major

Yes, we should give poetry another try

After some more research, I believe tackling this properly will require fairly extensive updating of how we manage dependencies. As such I'd prefer to keep this as a hotfix one-liner, and not add pinning to all deps listed in setup.py, because we already know this won't solve the full problem. As can be seen, PyJWT was not previously listed as a dependency, hence we would have to pin all implicit deps from requirements/base.txt here to catch them all, which in itself might be risky and reduce the maintainability of setup.py.

[ktmud]

I used poetry in another project and absolutely loved it!

[dpgaspar]

I liked it (poetry) also, but got stuck on a step at the time, heres my try at it: https://github.com/apache/superset/pull/8079/files

@villebro true that this is a bigger problem