[Dependencies] Create a dependency checklist of ignored warnings, caveats and their reasons

[calina-c]

Background / motivation

We have a few ignored warnings from 3rd party libraries. E.g. here: #1242.

Also, there are dependencies we marked as unstable, i.e. asyncio in the code here:

pdr-backend/setup.py

Line 38 in 80604eb

# pytest-asyncio: do not use dependabot to upgrade without checking lib changelog

and related to this issue that has been opened and reopened accidentally a few times: #790

Due to the volume of dependencies to upgrade (each Monday dependabot throws 3-8 dependency upgrades my way) this is becoming difficult to keep just in mind. Plus, it is not right that this information is just in my mind, it should be available and manageable by the entire dev team, when issues arise.

TODOs / DoD

What this document should contain:

• dependencies that are frozen and why they are frozen. What are we looking for in the changelog of a new version, in order to do a safe upgrade? -> as is the case for asyncio right now
• warnings that have been ignored from 3rd parties and why. What can we remove from the ignore list after an upgrade?
• instructions on adding ignores when adding dependencies -> as it was the case with types-requests recently, which was added as a dependency although we generally address missing stubs from 3rd parties by ignoring the issue in mypy.

I would like to document these in a README or something similar.

After discussing with Trent:

• we should not allow pytest tests to pass in CI if they contain warnings (pre-requisite: a tutorial for S3)