I am +1 on pinning core packages, even though this adds a bit of manual
labor for maintenance. This latest werkzeug issue highlights why this is a
good idea.
Also +1 on changing the versioning scheme to something more akin to semver.
The current scheme basically does not support patch-only release
I think the recent case with werkzeug calls for action here (also see
https://issues.apache.org/jira/browse/AIRFLOW-4903 ). We again ended up
with released Airflow version that cannot be installed easily because of
some transient dependencies upgrade.
I think this is something we should at least c
