Update apispec, stop using forked copy

[lbeaufort]

Summary

We should update apispec, stop using forked copy. Some issues with our specs: #3422. We should also add back swagger validation tests.

Related issue #3782

Completion criteria

• Upgrade by adding apispec @2.0.x back into requirements so that it pulls from original source
• Make sure to reinstall requirements and make sure apispec is functioning as expected. It should pass all pytests and snyk tests
• Add more thorough tests to PR
• pass thorough testing, i.e., complete testing steps explicitly defined in PR

[jason-upchurch]

Full changelog available here: https://apispec.readthedocs.io/en/stable/changelog.html

[jason-upchurch]

pipdeptree shows that apispec is a dependency of flask-apispec:

flask-apispec==0.7.0
  - apispec [required: >=0.17.0, installed: 0.39.0]
    - PyYAML [required: >=3.10, installed: 5.1.2]
  - flask [required: >=0.10.1, installed: 1.0.2]
    - click [required: >=5.1, installed: 6.7]
    - itsdangerous [required: >=0.24, installed: 1.1.0]
    - Jinja2 [required: >=2.10, installed: 2.10.1]
      - MarkupSafe [required: >=0.23, installed: 1.1.1]
    - Werkzeug [required: >=0.14, installed: 0.16.0]
  - marshmallow [required: >=2.0.0, installed: 2.16.3]
  - six [required: >=1.9.0, installed: 1.12.0]
  - webargs [required: >=0.18.0, installed: 5.3.1]
    - marshmallow [required: >=2.15.2, installed: 2.16.3]

apispec versions to work through:

version	pytest passed	breaking change	is_fixed	fix
0.39.0	True

[jason-upchurch]

as of 9/27/2019 the changes in the completed table with the additional toying around with basePath argument modification in spec.py allows the local api to be run. In incognito mode the rendering does not look correct, but unsure if this is a function of any spec changes (non-incognito mode seems to render fine).

temporarily resolved one pytest failure on test_swagger by updating basePath. Treating as openapi_version@2.0 because this constructor APISpec now requires this argument. The missing argument previously defaulted to "2.0" per apispec, therefore it follows that any prior validation was done against the "2.0" specification. Approach: only pytests that fail are the test_swagger (which were previously disabled). Attempt to resolve these one by one.

This approach is an experiment--as it stands, the endpoints show the /v1 in the endpoint name. This change may not be desirable, but the first order approach is to get validation to pass and then augment the codebase as necessary to accommodate the basePath with the endpoint url (among apispec breaking changes are to no longer strip the basePath).