I have a website based off Mezzanine of which Bleach is installed as a dependency. Bleach 2.0 is incompatible with my version of Mezzanine. I tried specifying Bleach's version as ==1.5 in my requirements.txt file but every pip install still upgrades the version. I'm thinking another dependency keeps forcing the upgrade.
Is there a way to tell pip to lockdown a package's version, or barring that a way to see a dependency tree? Worst case the OS's python is forcing Bleach 2.0.