Upgrade old packages that relied on distutils

[michelletran-codecov]

Purpose/Motivation

Builds were failing when setuptools upgraded to 71.x. It looks like they removed their own vendoring of distutils (ref) and that caused any dependencies that we had that referenced distutils to break. So I've upgraded these dependencies to fix the problem.

• cerberus
• django-model-utils
• django(?)
• packaging

Depends on: codecov/shared#302

I'm keeping setuptools pinned in the Dockerfile because it feels like the right thing to do (more reliable). Let me know if you're really against that and I will reconsider.

Legal Boilerplate

Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. In 2022 this entity acquired Codecov and as result Sentry is going to need some rights from me in order to utilize my contributions in this PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.

[codecov-notifications]

Codecov Report

All modified and coverable lines are covered by tests ✅

✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!

[codecov-qa]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.72%. Comparing base (3eab080) to head (91a4f46).

✅ All tests successful. No failed tests found.

@@           Coverage Diff           @@
##             main     #697   +/-   ##
=======================================
  Coverage   91.72%   91.72%           
=======================================
  Files         632      632           
  Lines       17054    17054           
=======================================
  Hits        15643    15643           
  Misses       1411     1411           

Flag	Coverage Δ
unit	91.72% <ø> (ø)
unit-latest-uploader	91.72% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

📣 Codecov offers a browser extension for seamless coverage viewing on GitHub. Try it in Chrome or Firefox today!

[codecov-public-qa]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.72%. Comparing base (3eab080) to head (91a4f46).

✅ All tests successful. No failed tests found.

@@           Coverage Diff           @@
##             main     #697   +/-   ##
=======================================
  Coverage   91.72%   91.72%           
=======================================
  Files         632      632           
  Lines       17054    17054           
=======================================
  Hits        15643    15643           
  Misses       1411     1411           

Flag	Coverage Δ
unit	91.72% <ø> (ø)
unit-latest-uploader	91.72% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.02%. Comparing base (3eab080) to head (91a4f46).

✅ All tests successful. No failed tests found.

Additional details and impacted files

@@             Coverage Diff             @@
##               main       #697   +/-   ##
===========================================
  Coverage   96.02000   96.02000           
===========================================
  Files           814        814           
  Lines         18405      18405           
===========================================
  Hits          17673      17673           
  Misses          732        732           

Flag	Coverage Δ
unit	91.72% <ø> (ø)
unit-latest-uploader	91.72% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[joseph-sentry]

is there a specific reason we want to upgrade setuptools to this version or is this just to be "healthy" and keep up with new versions as they come out?

[michelletran-codecov]

This is the newest version available for setuptools and I want us to be at least on the newest version. Pinning this will require us to be proactive about updating setuptools when new versions come out. I don't think that Dependabot is smart enough to pick up dep updates from Dockerfiles, so we will need to be vigilant about updating setuptools if we want to continue to be "up to date" on our dependencies (which is the tradeoff with pinning). On the plus side, if setuptools was pinned in the first place, we wouldn't have spend an afternoon of a bunch of engineer hours on this problem. But maybe the problem is actually deeper... we should be more proactive about upgrading our dependencies in general, and that setuptools broke in this way is a symptom of that.

Anyways, tl;dr is that I'm pinning the latest stable version which feels like the right thing to do (for stability, health, keep things working etc.), but it means that we need to be proactive about updating this version because it won't be automatically updated for us now.