Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/requirements/common.in

195 lines
4.7 KiB
Plaintext
Raw Normal View History

requirements: Add documentation on regenerating lockfiles.
2017-08-30 00:45:33 +02:00
# After editing this file, you MUST afterward run
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these.
2017-11-17 02:41:06 +01:00
# /tools/update-locked-requirements to update requirements/dev.txt
# and requirements/prod.txt.
requirements: Add documentation on regenerating lockfiles.
2017-08-30 00:45:33 +02:00
# See requirements/README.md for more detail.
common.txt: Delete patched Django comment.
2017-10-19 06:48:23 +02:00
# Django itself
dependencies: Upgrade to Django 2.2.10. Django 2.2.x is the next LTS release after Django 1.11.x; I expect we'll be on it for a while, as Django 3.x won't have an LTS release series out for a while. Because of upstream API changes in Django, this commit includes several changes beyond requirements and: * urls: django.urls.resolvers.RegexURLPattern has been replaced by django.urls.resolvers.URLPattern; affects OpenAPI code and related features which re-parse Django's internals. https://code.djangoproject.com/ticket/28593 * test_runner: Change number to suffix. Django changed the name in this ticket: https://code.djangoproject.com/ticket/28578 * Delete now-unnecessary SameSite cookie code (it's now the default). * forms: urlsafe_base64_encode returns string in Django 2.2. https://docs.djangoproject.com/en/2.2/ref/utils/#django.utils.http.urlsafe_base64_encode * upload: Django's File.size property replaces _get_size(). https://docs.djangoproject.com/en/2.2/_modules/django/core/files/base/ * process_queue: Migrate to new autoreload API. * test_messages: Add an extra query caused by .refresh_from_db() losing the .select_related() on the Realm object. * session: Sync SessionHostDomainMiddleware with Django 2.2. There's a lot more we can do to take advantage of the new release; this is tracked in #11341. Many changes by Tim Abbott, Umair Waheed, and Mateusz Mandera squashed are squashed into this commit. Fixes #10835.
2018-02-02 05:43:18 +01:00
Django==2.2.*
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
python: Use standard NoReturn (Python ≥ 3.6). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 21:18:16 +02:00
# needed for Literal, TypedDict
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
typing-extensions
mypy: Use TypedDict for UnreadMessageResult.
2017-08-09 04:01:00 +02:00
python: Replace NamedTuple with dataclass. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 21:44:23 +02:00
# Backport of @dataclass
dataclasses;python_version<"3.7"
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for rendering backend templates
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
Jinja2
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for markdown processing
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
Markdown
requirements: Upgrade Python requirements. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-25 02:29:22 +02:00
importlib-metadata;python_version<"3.8" # for Markdown
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
Pygments
hyperlink
requirements: Add jsx-lexer for syntax highlighting React code.
2020-04-24 08:52:33 +02:00
jsx-lexer
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for manage.py
requirements: Unblock IPython upgrade since Python 3.5 dropped.
2020-04-24 08:57:51 +02:00
ipython
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for Image Processing
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
Pillow
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for building complex DB queries
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
SQLAlchemy
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for password hashing
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
argon2-cffi
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for S3 file uploads
requirements: Upgrade boto to boto3. Fixes: #3490 Contributors include: Author: whoodes <hoodesw@hawaii.edu> Author: zhoufeng1989 <zhoufengloop@gmail.com> Author: rht <rhtbot@protonmail.com>
2018-12-07 17:52:01 +01:00
boto3
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for integrations
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
defusedxml
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for LDAP support
requirements: Use our fork of django-auth-ldap.
2019-09-30 03:21:15 +02:00
# Using our fork for the feature of searching users by email.
# https://github.com/django-auth-ldap/django-auth-ldap/pull/150 for monitoring
# progress on merging this upstream.
requirements: Use archive zip files from GitHub. This avoids expensive `git clone` operations during provisioning and installation, and will also allow us to use `pip-compile --generate-hashes` for better security. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-03 04:51:29 +02:00
https://github.com/zulip/django-auth-ldap/archive/e26d0ef2a7ff77ab3fdd7b6578a76081f780778c.zip#egg=django-auth-ldap==2.0.0zulip1
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Django extension providing bitfield support
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
django-bitfield
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Django extension for sending data to statsd
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
django-statsd-mozilla
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for Android push notifications
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
python-gcm
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for the email mirror
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
html2text
httplib2
requirements: Add comments with explanatory links for forked packages. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-11-12 00:40:57 +01:00
# Forked to avoid pulling in scipy: https://github.com/mailgun/talon/issues/130
requirements: Use archive zip files from GitHub. This avoids expensive `git clone` operations during provisioning and installation, and will also allow us to use `pip-compile --generate-hashes` for better security. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-03 04:51:29 +02:00
https://github.com/zulip/talon/archive/7d8bdc4dbcfcc5a73298747293b99fe53da55315.zip#egg=talon==1.2.10.zulip1
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
hipchat: Improve import of public room subscribers. Now, if you pass an api_key, we'll initialize the public room subscribers to be whatever they were at the time the import happened. Also, document the situation on the caveats section.
2019-01-10 00:42:38 +01:00
# Needed for hipchat import
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
hypchat
hipchat: Improve import of public room subscribers. Now, if you pass an api_key, we'll initialize the public room subscribers to be whatever they were at the time the import happened. Also, document the situation on the caveats section.
2019-01-10 00:42:38 +01:00
requirements: Add premailer for inlining email CSS.
2017-09-16 14:29:51 +02:00
# Needed for inlining the CSS in emails
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
premailer
requirements: Add premailer for inlining email CSS.
2017-09-16 14:29:51 +02:00
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for JWT-based auth
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
PyJWT
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for including other markdown files for user docs
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
markdown-include
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed to access rabbitmq
Upgrade pika to 1.1.*. Upgrade pika to 1.1.* and make some changes accordingly to comply with the new version. Fixes #12899.
2019-10-09 04:38:43 +02:00
pika
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed to access our database
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
psycopg2 --no-binary psycopg2
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for memcached usage
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
pylibmc
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
django-pylibmc: Add dependancy and use as cache backend for memcached.
2018-06-11 04:19:16 +02:00
# Needed for compression support in memcached via pylibmc
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
django-pylibmc
django-pylibmc: Add dependancy and use as cache backend for memcached.
2018-06-11 04:19:16 +02:00
requirements: Mark dateutil as being explicitly used by tests. Since it's a library we might eventually start using in production code without thinking about it, I'd rather just have it be available in all environments.
2017-08-22 19:32:38 +02:00
# Needed for zerver/tests/test_timestamp.py
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
python-dateutil
requirements: Mark dateutil as being explicitly used by tests. Since it's a library we might eventually start using in production code without thinking about it, I'd rather just have it be available in all environments.
2017-08-22 19:32:38 +02:00
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for timezone work
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
pytz
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for redis
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
redis
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed to parse source maps for error reporting
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
sourcemap
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Tornado used for server->client push system
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
tornado==4.* # https://github.com/zulip/zulip/issues/8913
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Fast JSON parser
requirements: Add comments with explanatory links for forked packages. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-11-12 00:40:57 +01:00
# Forked for an issue related to unpaired Unicode surrogates:
# https://github.com/zulip/zulip/issues/6332, https://github.com/esnme/ultrajson/pull/284
requirements: Use archive zip files from GitHub. This avoids expensive `git clone` operations during provisioning and installation, and will also allow us to use `pip-compile --generate-hashes` for better security. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-03 04:51:29 +02:00
https://github.com/zulip/ultrajson/archive/70ac02becc3e11174cd5072650f885b30daab8a8.zip#egg=ujson==1.35+git
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Django extension for serving webpack modules
requirements: Use webpack4 fork of django-webpack-loader. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-22 02:57:27 +02:00
django-webpack4-loader
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for iOS push notifications
requirements: Upgrade apns2. My PR https://github.com/Pr0Ger/PyAPNs2/pull/90 fixing Python 3.5.2 support was merged. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-08 22:42:48 +02:00
apns2
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
python-twitter
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# To parse po files
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
polib
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for cloning virtual environments
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
virtualenv-clone
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for reading json as stream
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
ijson
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for link preview
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
beautifulsoup4
pyoembed
python-magic
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
Revert "requirements: Use pypi versions of zulip and zulip_bots." This reverts commit 6b142b35e63e72a910173603fd4f1063c25fd9ed.
2018-04-17 01:36:00 +02:00
# The Zulip API bindings, from its own repository. We integrate with
pypi: Upgrade Zulip's PyPI packages to version 0.6.4.
2020-03-27 00:37:21 +01:00
# these tightly, including fetching content not included in the official
# PyPI release tarballs, such as logos, assets and documentation files
# that we render on our /integrations page. Therefore, we need to pin
# the version from Git rather than a PyPI release. Keeping everything in
# one repository simplifies the process of implementing and documenting
# new bots for new contributors.
pypi: Upgrade zulip/zulip-bots dependencies to version 0.7.0. Includes this change: * openapi/python_examples: Update get_single_user. This updates get_single_user to pass keyword arguments to get_user_by_id instead of passing a dictionary. Which is required for CI to pass, as we indeed fixed the API of that function (which had only been present with the wrong API for one release).
2020-04-22 02:09:20 +02:00
https://github.com/zulip/python-zulip-api/archive/0.7.0.zip/#egg=zulip==0.7.0_git&subdirectory=zulip
https://github.com/zulip/python-zulip-api/archive/0.7.0.zip/#egg=zulip_bots==0.7.0+git&subdirectory=zulip_bots
requirements: Move common includes to py2/py3, not dev/prod. This is a nonfunctional refactor of how the common.txt requirements are included. It is preparation for a new model for freezing our recursive dependencies based on `pip compile`.
2017-05-14 07:09:42 +02:00
Add python3-specific requirements files.
2016-07-02 07:26:18 +02:00
# Used for Hesiod lookups, etc.
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
py3dns
requirements/py3_common.txt: Add missing packages. These packages are imported but not used during setup. So it's okay to include them even if zulip doesn't support them yet.
2016-07-03 09:21:33 +02:00
Add socialauth requirements file.
2016-07-20 12:16:02 +02:00
# Install Python Social Auth
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
social-auth-app-django
requirements: Update social-auth-core to latest version. Uses git release as this version 3.4.0 is not released to pypi. This is required for removing some overriden functions of apple auth backend class AppleAuthBackend. With the update we also make following changes: * Fix full name being populated as "None None". c5c74f27dd that's included in update assigns first_name and last_name to None when no name is provided by apple. Due to this our code is filling return_data['full_name'] to 'None None'. This commit fixes it by making first and last name strings empty. * Remove decode_id_token override. Python social auth merged the PR we sent including the changes we made to decode_id_token function. So, now there is no necessity for the override. * Add _AUDIENCE setting in computed_settings.py. `decode_id_token` is dependent on this setting.
2020-06-24 15:28:47 +02:00
https://github.com/python-social-auth/social-core/archive/3.4.0.zip/#egg=social-auth-core[azuread,saml]==3.4.0
requirements: Add 'lxml' as a dependency required for parsing HTML. We need to parse rendered HTML content of messages while preparing content for mobile push notifications and for doing so we need to use lxml's HTML parser.
2017-10-05 23:03:30 +02:00
auth: Use the clipboard instead of zulip:// for desktop auth flow. This does not rely on the desktop app being able to register for the zulip:// scheme (which is problematic with, for example, the AppImage format). It also is a better interface for managing changes to the system, since the implementation exists almost entirely in the server/webapp project. This provides a smoother user experience, where the user doesn't need to do the paste step, when combined with https://github.com/zulip/zulip-desktop/pull/943. Fixes #13613. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-04-25 06:49:19 +02:00
# For encrypting a login token to the desktop app
cryptography
requirements: Add 'lxml' as a dependency required for parsing HTML. We need to parse rendered HTML content of messages while preparing content for mobile push notifications and for doing so we need to use lxml's HTML parser.
2017-10-05 23:03:30 +02:00
# Needed for messages' rendered content parsing in push notifications.
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
lxml
requirements: Add dependencies for two-factor auth. We're not yet ready to add 2FA to Zulip yet, but we've determined we'd like to work from these libraries. I'm not bothering to bump PROVISION_VERSION for this, since we're likely to do something else that bumps it soon, and we're not merging anything that uses these new libraries.
2017-11-29 00:13:09 +01:00
# Needed for 2-factor authentication
requirements: Upgrade all Python requirements. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-02-05 08:22:03 +01:00
django-two-factor-auth[phonenumberslite]
requirements: Explicitly specefy phonenumberslite as a dependency. If we don't specify phonenumberslite explicitly it would be removed when setuptools is upgraded to latest version.
2019-05-27 14:20:54 +02:00
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
twilio
requirements: Include stripe in common.in.
2018-01-13 19:36:21 +01:00
billing: Update stripe python package. Needed for stripe.Invoice.finalize_invoice().
2018-12-17 20:32:11 +01:00
# Needed for processing payments (in corporate)
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
stripe
local-uploads: Start running authentication checks on file requests. From here on we start to authenticate uploaded file request before serving this files in production. This involves allowing NGINX to pass on these file requests to Django for authentication and then serve these files by making use on internal redirect requests having x-accel-redirect field. The redirection on requests and loading of x-accel-redirect param is handled by django-sendfile. NOTE: This commit starts to authenticate these requests for Zulip servers running platforms either Ubuntu Xenial (16.04) or above. Fixes: #320 and #291 partially.
2018-02-12 18:18:03 +01:00
# Needed for serving uploaded files from nginx but perform auth checks in django.
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
django-sendfile2
email: Use PyPi module for disposable email providers list.
2018-03-05 12:28:41 +01:00
# For checking whether email of the user is from a disposable email provider.
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
disposable-email-domains
requirements: Add dependency for parsing OpenAPI-formatted YAML files.
2018-05-26 00:59:35 +02:00
# Needed for parsing YAML with JSON references from the REST API spec files
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
yamole
thumbor: Add libthumbor dependency. We need this for signing thumbnail requests from within Zulip.
2018-07-12 17:25:05 +02:00
# Needed for signing thumbnail requests so that they can be authenticated on the
requirements: Upgrade libthumbor to latest release. Upgrade libthumbor in main zulip venv. This version drops support for python 2 and runs on py>=3.6. As such, it is our first commit taking advantage of our having dropped support for Debian Stretch and Ubuntu Xenial, our previous Python 3.5-based platforms.
2020-04-22 02:06:01 +02:00
# other end.
requirements: Unpin libthumbor version in common.in. Versions should not be pinned in *.in unless specific circumstances merit an exception to this rule. Every existing exception is commented. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-22 09:07:16 +02:00
libthumbor
alert_words: Performance improvements in looking for alert_words. This commit leverages the ahocorasick algorithm to build a set of user_ids that have their alert_words present in the message. It runs in linear time of the order of length of the input message as opposed to number of alert_words. This is after building a ahocorasick Automaton which runs in O(number of alert_words in entire realm) which is usually cached.
2019-02-11 15:19:38 +01:00
# Needed for string matching in AlertWordProcessor
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
pyahocorasick
requirements: Add 'decorator' dependency. We already had this as an indirect dependency, but now it's going to be needed to write a decorator for rate limiting authenticate() functions, so it should be added to common.in.
2019-08-01 15:04:02 +02:00
# Needed for function decorators that don't break introspection.
# Used for rate limiting authentication.
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
decorator
dependencies: Add dependencies needed for SAML.
2019-09-19 22:31:52 +02:00
security: Send SameSite=Lax cookies. Send the `csrftoken` and `sessionid` cookies with `SameSite=Lax`. This adds a layer of defense against CSRF attacks and matches the new default in Django 2.1: https://docs.djangoproject.com/en/2.1/releases/2.1/#samesite-cookies This can be reverted when we upgrade to Django ≥ 2.1. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-30 04:23:54 +01:00
# Use SameSite cookies in legacy Django (remove with Django 2.1)
django-cookies-samesite
auth: Use zxcvbn to ensure password strength on server side. For a long time, we've been only doing the zxcvbn password strength checks on the browser, which is helpful, but means users could through hackery (or a bug in the frontend validation code) manage to set a too-weak password. We fix this by running our password strength validation on the backend as well, using python-zxcvbn. In theory, a bug in python-zxcvbn could result in it producing a different opinion than the frontend version; if so, it'd be a pretty bad bug in the library, and hopefully we'd hear about it from users, report upstream, and get it fixed that way. Alternatively, we can switch to shelling out to node like we do for KaTeX. Fixes #6880.
2019-11-18 08:11:03 +01:00
# For server-side enforcement of password strength
zxcvbn
compose: Rewrite Zoom video call integration to use OAuth. This reimplements our Zoom video call integration to use an OAuth application. In addition to providing a cleaner setup experience, especially on zulipchat.com where the server administrators can have done the app registration already, it also fixes the limitation of the previous integration that it could only have one call active at a time when set up with typical Zoom API keys. Fixes #11672. Co-authored-by: Marco Burstein <marco@marco.how> Co-authored-by: Tim Abbott <tabbott@zulipchat.com> Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-11-16 09:26:28 +01:00
# Needed for sending HTTP requests
requests[security]
requests-oauthlib
openapi: Use third-party validator for schema validation. Our previous OpenAPI schema validator that we implemented ourselves was useful training wheels for our understanding OpenAPI properly, and was mostly correct. But given that we've finally reached the point where our OpenAPI file accurately describes the API, it makes sense to switch to use an official OpenAPI validator. We lose some ability to do exclude rules for particular elements, but those were primarily important for us when we had a lot of them. As part of this change, we need to add `additionalProperties: false` for all of our dictonaries/objects where we've documented every parameter; otherwise the OpenAPI schema checker won't know that we expect every parameter to be documented.
2020-07-01 19:07:31 +02:00
# For OpenAPI schema validation.
openapi-core
sentry: Add sentry_sdk dependency.
2020-07-02 02:19:40 +02:00
# For reporting errors to sentry.io
sentry-sdk