Upgrade whitenoise from 6.3.0 to 6.8.2

[mikerkelly]

We suspect whitenoise PR #612 may resolve an issue with the database connection intermittently and randomly closing during requests observed in production.

For some reason, Dependabot did not automatically make this upgrade, but it appears to work without issue in local testing.

Investigation done:

• I didn't see anything obvious in requirements*.txt or pyproject.toml or dependabot.yaml explicitly limiting the version update. I don't see a *.lock file.
• Dependabot seemingly did manage to raise this PR to update Airlock from 6.6 to 6.7 but the change was made manually along with many others in Upgrade all the things Pull Registration Form into Application #422 for reasons that aren't clear from the PR. No obvious changes between Airlock's dependabot.yaml / requirements.txts and Job Server's.
  • opensafely-github-bot made a 6.8 upgrade.
• Attempting to prompt an update to a prod set of requirements via various routes locally seems to work without issue.
• I don't know how to debug/understand the failure to bump. This GitHub doc talks about Dependabot logs but they didn't seem useful for this.
• I checked packages that haven't had a version bump since 2023-06, then checked if there were updates available. There are a few missing bumps, but I haven't gone into detail to understand if there are conflicting dependencies or other reasons for the lack of updates.
  • environs hasn't gone from 9.5.0 to 11.1.0
  • django-anymail hasn't gone from 9.0 to 12.0
  • requests-oauthlib hasn't gone from 1.3.1 to 2.0.0
  • pycparser hasn't gone from 2.21 to 2.22
• I started trying to get dependabot running locally to debug it but that seemed like too much work.

Overall I would probably rather we try opensafely-github-bot than do further investigation into why Dependabot isn't updating some packages, if we think that's the way we're going anyway.