2017-08-30 00:45:33 +02:00
# After editing this file, you MUST afterward run
2017-11-17 02:41:06 +01:00
# /tools/update-locked-requirements to update requirements/dev.txt
# and requirements/prod.txt.
2017-08-30 00:45:33 +02:00
# See requirements/README.md for more detail.
2017-10-19 06:48:23 +02:00
# Django itself
2021-05-01 15:34:59 +02:00
Django[argon2]==3.2.*
2017-08-22 00:16:18 +02:00
2020-06-11 21:18:16 +02:00
# needed for Literal, TypedDict
2019-09-23 01:34:04 +02:00
typing-extensions
2017-08-09 04:01:00 +02:00
2020-06-11 21:44:23 +02:00
# Backport of @dataclass
dataclasses;python_version<"3.7"
2017-08-22 00:16:18 +02:00
# Needed for rendering backend templates
2019-09-23 01:34:04 +02:00
Jinja2
2017-08-22 00:16:18 +02:00
2020-08-11 01:47:49 +02:00
# Needed for Markdown processing
2019-09-23 01:34:04 +02:00
Markdown
2020-06-25 02:29:22 +02:00
importlib-metadata;python_version<"3.8" # for Markdown
2019-09-23 01:34:04 +02:00
Pygments
2020-04-24 08:52:33 +02:00
jsx-lexer
2017-08-22 00:16:18 +02:00
# Needed for manage.py
2020-04-24 08:57:51 +02:00
ipython
2017-08-22 00:16:18 +02:00
2021-03-03 22:05:19 +01:00
# Needed for compatibility with ipython < 7.20, which we cannot
# install on Python <3.7; see
# https://github.com/ipython/ipython/issues/12740
jedi<0.18.0
2020-10-23 02:43:28 +02:00
# Needed for image processing
2021-07-03 02:47:21 +02:00
Pillow<8.3.0 # 8.3.0 imports defusedxml, which is pinned at 0.6.0 by python3-saml because social-auth-core because PyJWT because apns2 and twilio, and therefore breaks Python-Markdown (https://github.com/tiran/defusedxml/issues/54)
2017-08-22 00:16:18 +02:00
# Needed for building complex DB queries
2021-03-26 01:13:54 +01:00
SQLAlchemy==1.3.* # 1.4 has badly busted type annotations
2017-08-22 00:16:18 +02:00
# Needed for S3 file uploads
2018-12-07 17:52:01 +01:00
boto3
2017-08-22 00:16:18 +02:00
# Needed for integrations
2019-09-23 01:34:04 +02:00
defusedxml
2017-08-22 00:16:18 +02:00
# Needed for LDAP support
2019-09-30 03:21:15 +02:00
# Using our fork for the feature of searching users by email.
# https://github.com/django-auth-ldap/django-auth-ldap/pull/150 for monitoring
# progress on merging this upstream.
2019-10-03 04:51:29 +02:00
https://github.com/zulip/django-auth-ldap/archive/e26d0ef2a7ff77ab3fdd7b6578a76081f780778c.zip#egg=django-auth-ldap==2.0.0zulip1
2017-08-22 00:16:18 +02:00
# Django extension providing bitfield support
2019-09-23 01:34:04 +02:00
django-bitfield
2017-08-22 00:16:18 +02:00
# Django extension for sending data to statsd
2019-09-23 01:34:04 +02:00
django-statsd-mozilla
2017-08-22 00:16:18 +02:00
# Needed for Android push notifications
2019-09-23 01:34:04 +02:00
python-gcm
2017-08-22 00:16:18 +02:00
# Needed for the email mirror
2019-09-23 01:34:04 +02:00
html2text
2021-03-12 07:06:16 +01:00
# Forked to avoid pulling in scipy: https://github.com/mailgun/talon/pull/200
https://github.com/zulip/talon/archive/1711705c952806d4a704c7dbf58f21db8e11756a.zip#egg=talon-core==1.4.8.zulip1&subdirectory=talon-core
2017-08-22 00:16:18 +02:00
2017-09-16 14:29:51 +02:00
# Needed for inlining the CSS in emails
2019-09-23 01:34:04 +02:00
premailer
2017-09-16 14:29:51 +02:00
2017-08-22 00:16:18 +02:00
# Needed for JWT-based auth
2019-09-23 01:34:04 +02:00
PyJWT
2017-08-22 00:16:18 +02:00
2020-08-11 01:47:49 +02:00
# Needed for including other Markdown files for user docs
2019-09-23 01:34:04 +02:00
markdown-include
2017-08-22 00:16:18 +02:00
2020-10-23 02:43:28 +02:00
# Needed to access RabbitMQ
2019-10-09 04:38:43 +02:00
pika
2017-08-22 00:16:18 +02:00
# Needed to access our database
2021-03-26 01:13:54 +01:00
psycopg2
2017-08-22 00:16:18 +02:00
# Needed for memcached usage
2020-09-12 22:31:17 +02:00
python-binary-memcached
2017-08-22 00:16:18 +02:00
2020-05-09 22:23:33 +02:00
# Needed for compression support in memcached via python-binary-memcached
django-bmemcached
2018-06-11 04:19:16 +02:00
2017-08-22 19:32:38 +02:00
# Needed for zerver/tests/test_timestamp.py
2019-09-23 01:34:04 +02:00
python-dateutil
2017-08-22 19:32:38 +02:00
2017-08-22 00:16:18 +02:00
# Needed for timezone work
2019-09-23 01:34:04 +02:00
pytz
2017-08-22 00:16:18 +02:00
2020-10-23 02:43:28 +02:00
# Needed for Redis
2019-09-23 01:34:04 +02:00
redis
2017-08-22 00:16:18 +02:00
# Needed to parse source maps for error reporting
2019-09-23 01:34:04 +02:00
sourcemap
2017-08-22 00:16:18 +02:00
# Tornado used for server->client push system
2019-09-23 01:34:04 +02:00
tornado==4.* # https://github.com/zulip/zulip/issues/8913
2017-08-22 00:16:18 +02:00
# Fast JSON parser
2020-08-07 01:09:47 +02:00
orjson
2017-08-22 00:16:18 +02:00
# Needed for iOS push notifications
2019-10-08 22:42:48 +02:00
apns2
2017-08-22 00:16:18 +02:00
2019-09-23 01:34:04 +02:00
python-twitter
2017-08-22 00:16:18 +02:00
# To parse po files
2019-09-23 01:34:04 +02:00
polib
2017-08-22 00:16:18 +02:00
# Needed for cloning virtual environments
2019-09-23 01:34:04 +02:00
virtualenv-clone
2017-08-22 00:16:18 +02:00
# Needed for link preview
2019-09-23 01:34:04 +02:00
beautifulsoup4
pyoembed
python-magic
2017-08-22 00:16:18 +02:00
2018-04-17 01:36:00 +02:00
# The Zulip API bindings, from its own repository. We integrate with
2020-03-27 00:37:21 +01:00
# these tightly, including fetching content not included in the official
# PyPI release tarballs, such as logos, assets and documentation files
# that we render on our /integrations page. Therefore, we need to pin
# the version from Git rather than a PyPI release. Keeping everything in
# one repository simplifies the process of implementing and documenting
# new bots for new contributors.
2021-05-20 03:47:49 +02:00
https://github.com/zulip/python-zulip-api/archive/0.8.0.zip#egg=zulip==0.8.0+git&subdirectory=zulip
https://github.com/zulip/python-zulip-api/archive/0.8.0.zip#egg=zulip_bots==0.8.0+git&subdirectory=zulip_bots
2017-05-14 07:09:42 +02:00
2016-07-02 07:26:18 +02:00
# Used for Hesiod lookups, etc.
2019-09-23 01:34:04 +02:00
py3dns
2016-07-03 09:21:33 +02:00
2016-07-20 12:16:02 +02:00
# Install Python Social Auth
2019-09-23 01:34:04 +02:00
social-auth-app-django
2021-05-21 16:41:50 +02:00
social-auth-core[azuread,openidconnect,saml]<4.0.3 # 4.0.3 needs PyJWT 2: https://github.com/Pr0Ger/PyAPNs2/pull/122, https://github.com/twilio/twilio-python/issues/556
2017-10-05 23:03:30 +02:00
2020-04-25 06:49:19 +02:00
# For encrypting a login token to the desktop app
cryptography
2017-10-05 23:03:30 +02:00
# Needed for messages' rendered content parsing in push notifications.
2019-09-23 01:34:04 +02:00
lxml
2017-11-29 00:13:09 +01:00
# Needed for 2-factor authentication
2021-01-26 22:50:42 +01:00
django-two-factor-auth[call,phonenumberslite,sms]
2018-01-13 19:36:21 +01:00
2018-12-17 20:32:11 +01:00
# Needed for processing payments (in corporate)
2019-09-23 01:34:04 +02:00
stripe
2018-02-12 18:18:03 +01:00
# Needed for serving uploaded files from nginx but perform auth checks in django.
2019-09-23 01:34:04 +02:00
django-sendfile2
2018-03-05 12:28:41 +01:00
# For checking whether email of the user is from a disposable email provider.
2019-09-23 01:34:04 +02:00
disposable-email-domains
2018-05-26 00:59:35 +02:00
# Needed for parsing YAML with JSON references from the REST API spec files
2020-08-12 01:35:02 +02:00
jsonref
2018-07-12 17:25:05 +02:00
2019-02-11 15:19:38 +01:00
# Needed for string matching in AlertWordProcessor
2019-09-23 01:34:04 +02:00
pyahocorasick
2019-08-01 15:04:02 +02:00
# Needed for function decorators that don't break introspection.
# Used for rate limiting authentication.
2019-09-23 01:34:04 +02:00
decorator
2019-09-19 22:31:52 +02:00
auth: Use zxcvbn to ensure password strength on server side.
For a long time, we've been only doing the zxcvbn password strength
checks on the browser, which is helpful, but means users could through
hackery (or a bug in the frontend validation code) manage to set a
too-weak password. We fix this by running our password strength
validation on the backend as well, using python-zxcvbn.
In theory, a bug in python-zxcvbn could result in it producing a
different opinion than the frontend version; if so, it'd be a pretty
bad bug in the library, and hopefully we'd hear about it from users,
report upstream, and get it fixed that way. Alternatively, we can
switch to shelling out to node like we do for KaTeX.
Fixes #6880.
2019-11-18 08:11:03 +01:00
# For server-side enforcement of password strength
zxcvbn
2019-11-16 09:26:28 +01:00
# Needed for sending HTTP requests
requests[security]
requests-oauthlib
2020-07-01 19:07:31 +02:00
# For OpenAPI schema validation.
2021-06-04 20:11:00 +02:00
openapi-core
2020-07-02 02:19:40 +02:00
# For reporting errors to sentry.io
sentry-sdk
2020-09-22 03:10:16 +02:00
# For detecting URLs to link
tlds
2020-10-21 23:38:45 +02:00
# Unicode Collation Algorithm for sorting multilingual strings
pyuca
2021-03-20 14:07:02 +01:00
# Handle connection retries with exponential backoff
backoff