Freeze requirements and setup dependabot

.github/dependabot.yaml

@@ -0,0 +1,14 @@
+# dependabot.yml reference: https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/configuration-options-for-dependency-updates
+version: 2
+updates:
+  # Maintain Python dependencies for jupyterhub-traefik-proxy
+  - package-ecosystem: pip-compile
+    directory: "/"
+    schedule:
+      interval: weekly
+      time: "00:00"
+      timezone: "Etc/UTC"
+    versioning-strategy: lockfile-only
+    labels:
+      - maintenance
+      - dependencies

requirements.in

@@ -0,0 +1,9 @@
+# This file is automatically maintained by Dependabot, as configured in
+# .github/dependabot.yaml.
+jupyterhub
+etcd3
+aiohttp
+python-consul2
+passlib
+toml
+escapism

requirements.txt

@@ -1,7 +1,136 @@
-jupyterhub>=0.9
-etcd3
-aiohttp
-python-consul2
-passlib
-toml
-escapism
+#
+# This file is autogenerated by pip-compile
+# To update, run:
+#
+#    pip-compile --output-file=requirements.txt requirements.in
+#
+aiohttp==3.7.3
+    # via -r requirements.in
+alembic==1.5.4
+    # via jupyterhub
+async-generator==1.10
+    # via jupyterhub
+async-timeout==3.0.1
+    # via aiohttp
+attrs==20.3.0
+    # via
+    #   aiohttp
+    #   jsonschema
+certifi==2020.12.5
+    # via requests
+certipy==0.1.3
+    # via jupyterhub
+cffi==1.14.5
+    # via cryptography
+chardet==3.0.4
+    # via
+    #   aiohttp
+    #   requests
+cryptography==3.4.6
+    # via pyopenssl
+entrypoints==0.3
+    # via jupyterhub
+escapism==1.0.1
+    # via -r requirements.in
+etcd3==0.12.0
+    # via -r requirements.in
+grpcio==1.35.0
+    # via etcd3
+idna==2.10
+    # via
+    #   requests
+    #   yarl
+importlib-metadata==3.4.0
+    # via jsonschema
+ipython-genutils==0.2.0
+    # via traitlets
+jinja2==2.11.3
+    # via jupyterhub
+jsonschema==3.2.0
+    # via jupyter-telemetry
+jupyter-telemetry==0.1.0
+    # via jupyterhub
+jupyterhub==1.3.0
+    # via -r requirements.in
+mako==1.1.4
+    # via alembic
+markupsafe==1.1.1
+    # via
+    #   jinja2
+    #   mako
+multidict==5.1.0
+    # via
+    #   aiohttp
+    #   yarl
+oauthlib==3.1.0
+    # via jupyterhub
+pamela==1.0.0
+    # via jupyterhub
+passlib==1.7.4
+    # via -r requirements.in
+prometheus-client==0.9.0
+    # via jupyterhub
+protobuf==3.15.0
+    # via etcd3
+pycparser==2.20
+    # via cffi
+pyopenssl==20.0.1
+    # via certipy
+pyrsistent==0.17.3
+    # via jsonschema
+python-consul2==0.1.5
+    # via -r requirements.in
+python-dateutil==2.8.1
+    # via
+    #   alembic
+    #   jupyterhub
+python-editor==1.0.4
+    # via alembic
+python-json-logger==2.0.1
+    # via jupyter-telemetry
+requests==2.25.1
+    # via
+    #   jupyterhub
+    #   python-consul2
+ruamel.yaml.clib==0.2.2
+    # via ruamel.yaml
+ruamel.yaml==0.16.12
+    # via jupyter-telemetry
+six==1.15.0
+    # via
+    #   etcd3
+    #   grpcio
+    #   jsonschema
+    #   protobuf
+    #   pyopenssl
+    #   python-consul2
+    #   python-dateutil
+    #   tenacity
+sqlalchemy==1.3.23
+    # via
+    #   alembic
+    #   jupyterhub
+tenacity==6.3.1
+    # via etcd3
+toml==0.10.2
+    # via -r requirements.in
+tornado==6.1
+    # via jupyterhub
+traitlets==5.0.5
+    # via
+    #   jupyter-telemetry
+    #   jupyterhub
+typing-extensions==3.7.4.3
+    # via
+    #   aiohttp
+    #   importlib-metadata
+    #   yarl
+urllib3==1.26.3
+    # via requests
+yarl==1.6.3
+    # via aiohttp
+zipp==3.4.0
+    # via importlib-metadata
+
+# The following packages are considered to be unsafe in a requirements file:
+# setuptools