2017-08-30 00:45:33 +02:00
|
|
|
# After editing this file, you MUST afterward run
|
2017-11-17 02:41:06 +01:00
|
|
|
# /tools/update-locked-requirements to update requirements/dev.txt
|
|
|
|
# and requirements/prod.txt.
|
2017-08-30 00:45:33 +02:00
|
|
|
# See requirements/README.md for more detail.
|
2017-10-19 06:48:23 +02:00
|
|
|
# Django itself
|
2018-02-02 05:43:18 +01:00
|
|
|
Django==2.2.*
|
2017-08-22 00:16:18 +02:00
|
|
|
|
2019-08-06 01:29:34 +02:00
|
|
|
# needed for Deque (in Python < 3.5.4) and TypedDict
|
2019-09-23 01:34:04 +02:00
|
|
|
typing-extensions
|
2017-08-09 04:01:00 +02:00
|
|
|
|
2017-08-22 00:16:18 +02:00
|
|
|
# Needed for rendering backend templates
|
2019-09-23 01:34:04 +02:00
|
|
|
Jinja2
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed for markdown processing
|
2019-09-23 01:34:04 +02:00
|
|
|
Markdown
|
|
|
|
Pygments
|
|
|
|
hyperlink
|
2020-04-24 08:52:33 +02:00
|
|
|
jsx-lexer
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed for manage.py
|
2020-04-24 08:57:51 +02:00
|
|
|
ipython
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed for Image Processing
|
2019-09-23 01:34:04 +02:00
|
|
|
Pillow
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed for building complex DB queries
|
2019-09-23 01:34:04 +02:00
|
|
|
SQLAlchemy
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed for password hashing
|
2019-09-23 01:34:04 +02:00
|
|
|
argon2-cffi
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed for S3 file uploads
|
2019-09-23 01:34:04 +02:00
|
|
|
boto
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed for integrations
|
2019-09-23 01:34:04 +02:00
|
|
|
defusedxml
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed for LDAP support
|
2019-09-30 03:21:15 +02:00
|
|
|
# Using our fork for the feature of searching users by email.
|
|
|
|
# https://github.com/django-auth-ldap/django-auth-ldap/pull/150 for monitoring
|
|
|
|
# progress on merging this upstream.
|
2019-10-03 04:51:29 +02:00
|
|
|
https://github.com/zulip/django-auth-ldap/archive/e26d0ef2a7ff77ab3fdd7b6578a76081f780778c.zip#egg=django-auth-ldap==2.0.0zulip1
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Django extension providing bitfield support
|
2019-09-23 01:34:04 +02:00
|
|
|
django-bitfield
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Django extension for sending data to statsd
|
2019-09-23 01:34:04 +02:00
|
|
|
django-statsd-mozilla
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed for Android push notifications
|
2019-09-23 01:34:04 +02:00
|
|
|
python-gcm
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed for the email mirror
|
2019-09-23 01:34:04 +02:00
|
|
|
html2text
|
|
|
|
httplib2
|
2019-11-12 00:40:57 +01:00
|
|
|
# Forked to avoid pulling in scipy: https://github.com/mailgun/talon/issues/130
|
2019-10-03 04:51:29 +02:00
|
|
|
https://github.com/zulip/talon/archive/7d8bdc4dbcfcc5a73298747293b99fe53da55315.zip#egg=talon==1.2.10.zulip1
|
2017-08-22 00:16:18 +02:00
|
|
|
|
2019-01-10 00:42:38 +01:00
|
|
|
# Needed for hipchat import
|
2019-09-23 01:34:04 +02:00
|
|
|
hypchat
|
2019-01-10 00:42:38 +01:00
|
|
|
|
2017-09-16 14:29:51 +02:00
|
|
|
# Needed for inlining the CSS in emails
|
2019-09-23 01:34:04 +02:00
|
|
|
premailer
|
2017-09-16 14:29:51 +02:00
|
|
|
|
2017-08-22 00:16:18 +02:00
|
|
|
# Needed for JWT-based auth
|
2019-09-23 01:34:04 +02:00
|
|
|
PyJWT
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed for including other markdown files for user docs
|
2019-09-23 01:34:04 +02:00
|
|
|
markdown-include
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed to access rabbitmq
|
2019-10-09 04:38:43 +02:00
|
|
|
pika
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed to access our database
|
2019-09-23 01:34:04 +02:00
|
|
|
psycopg2 --no-binary psycopg2
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed for memcached usage
|
2019-09-23 01:34:04 +02:00
|
|
|
pylibmc
|
2017-08-22 00:16:18 +02:00
|
|
|
|
2018-06-11 04:19:16 +02:00
|
|
|
# Needed for compression support in memcached via pylibmc
|
2019-09-23 01:34:04 +02:00
|
|
|
django-pylibmc
|
2018-06-11 04:19:16 +02:00
|
|
|
|
2017-08-22 19:32:38 +02:00
|
|
|
# Needed for zerver/tests/test_timestamp.py
|
2019-09-23 01:34:04 +02:00
|
|
|
python-dateutil
|
2017-08-22 19:32:38 +02:00
|
|
|
|
2017-08-22 00:16:18 +02:00
|
|
|
# Needed for timezone work
|
2019-09-23 01:34:04 +02:00
|
|
|
pytz
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed for redis
|
2019-09-23 01:34:04 +02:00
|
|
|
redis
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed for Python 2+3 compatibility
|
2019-09-23 01:34:04 +02:00
|
|
|
six
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed to parse source maps for error reporting
|
2019-09-23 01:34:04 +02:00
|
|
|
sourcemap
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Tornado used for server->client push system
|
2019-09-23 01:34:04 +02:00
|
|
|
tornado==4.* # https://github.com/zulip/zulip/issues/8913
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Fast JSON parser
|
2019-11-12 00:40:57 +01:00
|
|
|
# Forked for an issue related to unpaired Unicode surrogates:
|
|
|
|
# https://github.com/zulip/zulip/issues/6332, https://github.com/esnme/ultrajson/pull/284
|
2019-10-03 04:51:29 +02:00
|
|
|
https://github.com/zulip/ultrajson/archive/70ac02becc3e11174cd5072650f885b30daab8a8.zip#egg=ujson==1.35+git
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Django extension for serving webpack modules
|
2019-10-22 02:57:27 +02:00
|
|
|
django-webpack4-loader
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed for iOS push notifications
|
2019-10-08 22:42:48 +02:00
|
|
|
apns2
|
2017-08-22 00:16:18 +02:00
|
|
|
|
2019-09-23 01:34:04 +02:00
|
|
|
python-twitter
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# To parse po files
|
2019-09-23 01:34:04 +02:00
|
|
|
polib
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed for cloning virtual environments
|
2019-09-23 01:34:04 +02:00
|
|
|
virtualenv-clone
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed for reading json as stream
|
2019-09-23 01:34:04 +02:00
|
|
|
ijson
|
2017-08-22 00:16:18 +02:00
|
|
|
|
|
|
|
# Needed for link preview
|
2019-09-23 01:34:04 +02:00
|
|
|
beautifulsoup4
|
|
|
|
pyoembed
|
|
|
|
python-magic
|
2017-08-22 00:16:18 +02:00
|
|
|
|
2018-04-17 01:36:00 +02:00
|
|
|
# The Zulip API bindings, from its own repository. We integrate with
|
2020-03-27 00:37:21 +01:00
|
|
|
# these tightly, including fetching content not included in the official
|
|
|
|
# PyPI release tarballs, such as logos, assets and documentation files
|
|
|
|
# that we render on our /integrations page. Therefore, we need to pin
|
|
|
|
# the version from Git rather than a PyPI release. Keeping everything in
|
|
|
|
# one repository simplifies the process of implementing and documenting
|
|
|
|
# new bots for new contributors.
|
2020-04-22 02:09:20 +02:00
|
|
|
https://github.com/zulip/python-zulip-api/archive/0.7.0.zip/#egg=zulip==0.7.0_git&subdirectory=zulip
|
|
|
|
https://github.com/zulip/python-zulip-api/archive/0.7.0.zip/#egg=zulip_bots==0.7.0+git&subdirectory=zulip_bots
|
2017-05-14 07:09:42 +02:00
|
|
|
|
2016-07-02 07:26:18 +02:00
|
|
|
# Used for Hesiod lookups, etc.
|
2019-09-23 01:34:04 +02:00
|
|
|
py3dns
|
2016-07-03 09:21:33 +02:00
|
|
|
|
2016-07-20 12:16:02 +02:00
|
|
|
# Install Python Social Auth
|
2019-09-23 01:34:04 +02:00
|
|
|
social-auth-app-django
|
2020-02-06 09:56:32 +01:00
|
|
|
social-auth-core[azuread,saml]
|
2017-10-05 23:03:30 +02:00
|
|
|
|
2020-04-25 06:49:19 +02:00
|
|
|
# For encrypting a login token to the desktop app
|
|
|
|
cryptography
|
|
|
|
|
2017-10-05 23:03:30 +02:00
|
|
|
# Needed for messages' rendered content parsing in push notifications.
|
2019-09-23 01:34:04 +02:00
|
|
|
lxml
|
2017-11-29 00:13:09 +01:00
|
|
|
|
|
|
|
# Needed for 2-factor authentication
|
2020-02-05 08:22:03 +01:00
|
|
|
django-two-factor-auth[phonenumberslite]
|
2019-05-27 14:20:54 +02:00
|
|
|
|
2019-09-23 01:34:04 +02:00
|
|
|
twilio
|
2018-01-13 19:36:21 +01:00
|
|
|
|
2018-12-17 20:32:11 +01:00
|
|
|
# Needed for processing payments (in corporate)
|
2019-09-23 01:34:04 +02:00
|
|
|
stripe
|
2018-02-12 18:18:03 +01:00
|
|
|
|
|
|
|
# Needed for serving uploaded files from nginx but perform auth checks in django.
|
2019-09-23 01:34:04 +02:00
|
|
|
django-sendfile2
|
2018-03-05 12:28:41 +01:00
|
|
|
|
|
|
|
# For checking whether email of the user is from a disposable email provider.
|
2019-09-23 01:34:04 +02:00
|
|
|
disposable-email-domains
|
2018-05-26 00:59:35 +02:00
|
|
|
|
|
|
|
# Needed for parsing YAML with JSON references from the REST API spec files
|
2019-09-23 01:34:04 +02:00
|
|
|
yamole
|
2018-07-12 17:25:05 +02:00
|
|
|
|
|
|
|
# Needed for signing thumbnail requests so that they can be authenticated on the
|
2020-04-22 02:06:01 +02:00
|
|
|
# other end.
|
2020-04-22 09:07:16 +02:00
|
|
|
libthumbor
|
2019-02-11 15:19:38 +01:00
|
|
|
|
|
|
|
# Needed for string matching in AlertWordProcessor
|
2019-09-23 01:34:04 +02:00
|
|
|
pyahocorasick
|
2019-08-01 15:04:02 +02:00
|
|
|
|
|
|
|
# Needed for function decorators that don't break introspection.
|
|
|
|
# Used for rate limiting authentication.
|
2019-09-23 01:34:04 +02:00
|
|
|
decorator
|
2019-09-19 22:31:52 +02:00
|
|
|
|
2019-10-30 04:23:54 +01:00
|
|
|
# Use SameSite cookies in legacy Django (remove with Django 2.1)
|
|
|
|
django-cookies-samesite
|
auth: Use zxcvbn to ensure password strength on server side.
For a long time, we've been only doing the zxcvbn password strength
checks on the browser, which is helpful, but means users could through
hackery (or a bug in the frontend validation code) manage to set a
too-weak password. We fix this by running our password strength
validation on the backend as well, using python-zxcvbn.
In theory, a bug in python-zxcvbn could result in it producing a
different opinion than the frontend version; if so, it'd be a pretty
bad bug in the library, and hopefully we'd hear about it from users,
report upstream, and get it fixed that way. Alternatively, we can
switch to shelling out to node like we do for KaTeX.
Fixes #6880.
2019-11-18 08:11:03 +01:00
|
|
|
|
|
|
|
# For server-side enforcement of password strength
|
|
|
|
zxcvbn
|