Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/requirements/common.in

184 lines
4.8 KiB
Plaintext
Raw Normal View History

requirements: Add documentation on regenerating lockfiles.
2017-08-30 00:45:33 +02:00
# After editing this file, you MUST afterward run
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these.
2017-11-17 02:41:06 +01:00
# /tools/update-locked-requirements to update requirements/dev.txt
# and requirements/prod.txt.
requirements: Add documentation on regenerating lockfiles.
2017-08-30 00:45:33 +02:00
# See requirements/README.md for more detail.
common.txt: Delete patched Django comment.
2017-10-19 06:48:23 +02:00
# Django itself
django: Upgrade Zulip to Django 3.2 LTS. This is a straightforward upgrade in terms of changes needed. Necessary changes were: - Set `DEFAULT_AUTO_FIELD` https://docs.djangoproject.com/en/3.2/releases/3.2/#customizing-type-of-auto-created-primary-keys - `The default_app_config application configuration variable is deprecated, due to the now automatic AppConfig discovery.` https://docs.djangoproject.com/en/3.2/releases/3.2/#automatic-appconfig-discovery To handle this one, we can remove default_app_config from zerver/__init__.py because it satisfies what release notes describe in https://docs.djangoproject.com/en/3.2/releases/3.2/#automatic-appconfig-discovery: "Most pluggable applications define an AppConfig subclass in an apps.py submodule. Many define a default_app_config variable pointing to this class in their __init__.py. When the apps.py submodule exists and defines a single AppConfig subclass, Django now uses that configuration automatically, so you can remove default_app_config." An important note is that rebuild-test-database needs to be run after this upgrade in dev environment - if tests are run with test db that was built on the previous version, they will fail due to a mysterious bug (?), where changing attributes of a user and .save()ing after logging in in the test via self.login_user, causes getting logged out - the next requests via self.client_get etc. are unauthed for some reason, unless self.login_user is called again. This behavior is no longer exhibited upon rebuilding the test db - and I can't reproduce it in production or dev db. So this can likely be reasonably dismissed as some quirk of the test client system that won't be relevant in the future and doesn't impact production.
2021-05-01 15:34:59 +02:00
Django[argon2]==3.2.*
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
python: Use standard NoReturn (Python ≥ 3.6). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 21:18:16 +02:00
# needed for Literal, TypedDict
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
typing-extensions
mypy: Use TypedDict for UnreadMessageResult.
2017-08-09 04:01:00 +02:00
python: Replace NamedTuple with dataclass. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 21:44:23 +02:00
# Backport of @dataclass
dataclasses;python_version<"3.7"
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for rendering backend templates
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
Jinja2
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
docs: Capitalize Markdown consistently. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-08-11 01:47:49 +02:00
# Needed for Markdown processing
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
Markdown
requirements: Upgrade Python requirements. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-25 02:29:22 +02:00
importlib-metadata;python_version<"3.8" # for Markdown
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
Pygments
requirements: Add jsx-lexer for syntax highlighting React code.
2020-04-24 08:52:33 +02:00
jsx-lexer
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for manage.py
requirements: Unblock IPython upgrade since Python 3.5 dropped.
2020-04-24 08:57:51 +02:00
ipython
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
requirements: Downgrade jedi dependency for ipython compatibility. ipython < 7.20.0 is incompatible with jedi >= 0.18.0; it fails to tab-complete in `./manage.py shell`, as described in ipython/ipython#12740. We cannot bump the ipython dependency because ipython 7.20.0 requires Python 3.7, and we must support Python 3.6 due to Ubuntu 18.04 support. Our only solution is thus to cap the version of `jedi` to the last one before its API changed.
2021-03-03 22:05:19 +01:00
# Needed for compatibility with ipython < 7.20, which we cannot
# install on Python <3.7; see
# https://github.com/ipython/ipython/issues/12740
jedi<0.18.0
docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 02:43:28 +02:00
# Needed for image processing
requirements: Upgrade Python requirements. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-03 02:47:21 +02:00
Pillow<8.3.0 # 8.3.0 imports defusedxml, which is pinned at 0.6.0 by python3-saml because social-auth-core because PyJWT because apns2 and twilio, and therefore breaks Python-Markdown (https://github.com/tiran/defusedxml/issues/54)
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for building complex DB queries
requirements: Upgrade Python requirements. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-26 01:13:54 +01:00
SQLAlchemy==1.3.* # 1.4 has badly busted type annotations
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for S3 file uploads
requirements: Upgrade boto to boto3. Fixes: #3490 Contributors include: Author: whoodes <hoodesw@hawaii.edu> Author: zhoufeng1989 <zhoufengloop@gmail.com> Author: rht <rhtbot@protonmail.com>
2018-12-07 17:52:01 +01:00
boto3
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for integrations
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
defusedxml
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for LDAP support
requirements: Use our fork of django-auth-ldap.
2019-09-30 03:21:15 +02:00
# Using our fork for the feature of searching users by email.
# https://github.com/django-auth-ldap/django-auth-ldap/pull/150 for monitoring
# progress on merging this upstream.
requirements: Use archive zip files from GitHub. This avoids expensive `git clone` operations during provisioning and installation, and will also allow us to use `pip-compile --generate-hashes` for better security. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-03 04:51:29 +02:00
https://github.com/zulip/django-auth-ldap/archive/e26d0ef2a7ff77ab3fdd7b6578a76081f780778c.zip#egg=django-auth-ldap==2.0.0zulip1
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Django extension providing bitfield support
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
django-bitfield
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Django extension for sending data to statsd
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
django-statsd-mozilla
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for Android push notifications
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
python-gcm
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for the email mirror
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
html2text
requirements: Upgrade talon fork to 1.4.8. https://github.com/mailgun/talon/pull/200 Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-12 07:06:16 +01:00
# Forked to avoid pulling in scipy: https://github.com/mailgun/talon/pull/200
https://github.com/zulip/talon/archive/1711705c952806d4a704c7dbf58f21db8e11756a.zip#egg=talon-core==1.4.8.zulip1&subdirectory=talon-core
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
requirements: Add premailer for inlining email CSS.
2017-09-16 14:29:51 +02:00
# Needed for inlining the CSS in emails
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
premailer
requirements: Add premailer for inlining email CSS.
2017-09-16 14:29:51 +02:00
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for JWT-based auth
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
PyJWT
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
docs: Capitalize Markdown consistently. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-08-11 01:47:49 +02:00
# Needed for including other Markdown files for user docs
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
markdown-include
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 02:43:28 +02:00
# Needed to access RabbitMQ
Upgrade pika to 1.1.*. Upgrade pika to 1.1.* and make some changes accordingly to comply with the new version. Fixes #12899.
2019-10-09 04:38:43 +02:00
pika
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed to access our database
requirements: Upgrade Python requirements. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-26 01:13:54 +01:00
psycopg2
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for memcached usage
requirements: Upgrade Python requirements. Fixes #16335. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-12 22:31:17 +02:00
python-binary-memcached
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
memcached: Switch from pylibmc to python-binary-memcached. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-09 22:23:33 +02:00
# Needed for compression support in memcached via python-binary-memcached
django-bmemcached
django-pylibmc: Add dependancy and use as cache backend for memcached.
2018-06-11 04:19:16 +02:00
requirements: Mark dateutil as being explicitly used by tests. Since it's a library we might eventually start using in production code without thinking about it, I'd rather just have it be available in all environments.
2017-08-22 19:32:38 +02:00
# Needed for zerver/tests/test_timestamp.py
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
python-dateutil
requirements: Mark dateutil as being explicitly used by tests. Since it's a library we might eventually start using in production code without thinking about it, I'd rather just have it be available in all environments.
2017-08-22 19:32:38 +02:00
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for timezone work
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
pytz
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 02:43:28 +02:00
# Needed for Redis
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
redis
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed to parse source maps for error reporting
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
sourcemap
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Tornado used for server->client push system
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
tornado==4.* # https://github.com/zulip/zulip/issues/8913
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Fast JSON parser
python: Replace ujson with orjson. Fixes #6507. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-08-07 01:09:47 +02:00
orjson
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for iOS push notifications
push_notifications: Replace PyAPNs2 with aioapns. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-06-08 02:45:49 +02:00
aioapns==1.* # 2.0 needs PyJWT 2: https://github.com/twilio/twilio-python/issues/556
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
python-twitter
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# To parse po files
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
polib
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for cloning virtual environments
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
virtualenv-clone
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for link preview
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
beautifulsoup4
pyoembed
python-magic
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
Revert "requirements: Use pypi versions of zulip and zulip_bots." This reverts commit 6b142b35e63e72a910173603fd4f1063c25fd9ed.
2018-04-17 01:36:00 +02:00
# The Zulip API bindings, from its own repository. We integrate with
pypi: Upgrade Zulip's PyPI packages to version 0.6.4.
2020-03-27 00:37:21 +01:00
# these tightly, including fetching content not included in the official
# PyPI release tarballs, such as logos, assets and documentation files
# that we render on our /integrations page. Therefore, we need to pin
# the version from Git rather than a PyPI release. Keeping everything in
# one repository simplifies the process of implementing and documenting
# new bots for new contributors.
pypi: Upgrade zulip/zulip-bots dependencies to version 0.8.0.
2021-05-20 03:47:49 +02:00
https://github.com/zulip/python-zulip-api/archive/0.8.0.zip#egg=zulip==0.8.0+git&subdirectory=zulip
https://github.com/zulip/python-zulip-api/archive/0.8.0.zip#egg=zulip_bots==0.8.0+git&subdirectory=zulip_bots
requirements: Move common includes to py2/py3, not dev/prod. This is a nonfunctional refactor of how the common.txt requirements are included. It is preparation for a new model for freezing our recursive dependencies based on `pip compile`.
2017-05-14 07:09:42 +02:00
Add python3-specific requirements files.
2016-07-02 07:26:18 +02:00
# Used for Hesiod lookups, etc.
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
py3dns
requirements/py3_common.txt: Add missing packages. These packages are imported but not used during setup. So it's okay to include them even if zulip doesn't support them yet.
2016-07-03 09:21:33 +02:00
Add socialauth requirements file.
2016-07-20 12:16:02 +02:00
# Install Python Social Auth
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
social-auth-app-django
push_notifications: Replace PyAPNs2 with aioapns. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-06-08 02:45:49 +02:00
social-auth-core[azuread,openidconnect,saml]<4.0.3 # 4.0.3 needs PyJWT 2: https://github.com/twilio/twilio-python/issues/556
requirements: Add 'lxml' as a dependency required for parsing HTML. We need to parse rendered HTML content of messages while preparing content for mobile push notifications and for doing so we need to use lxml's HTML parser.
2017-10-05 23:03:30 +02:00
auth: Use the clipboard instead of zulip:// for desktop auth flow. This does not rely on the desktop app being able to register for the zulip:// scheme (which is problematic with, for example, the AppImage format). It also is a better interface for managing changes to the system, since the implementation exists almost entirely in the server/webapp project. This provides a smoother user experience, where the user doesn't need to do the paste step, when combined with https://github.com/zulip/zulip-desktop/pull/943. Fixes #13613. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-04-25 06:49:19 +02:00
# For encrypting a login token to the desktop app
cryptography
requirements: Add 'lxml' as a dependency required for parsing HTML. We need to parse rendered HTML content of messages while preparing content for mobile push notifications and for doing so we need to use lxml's HTML parser.
2017-10-05 23:03:30 +02:00
# Needed for messages' rendered content parsing in push notifications.
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
lxml
requirements: Add dependencies for two-factor auth. We're not yet ready to add 2FA to Zulip yet, but we've determined we'd like to work from these libraries. I'm not bothering to bump PROVISION_VERSION for this, since we're likely to do something else that bumps it soon, and we're not merging anything that uses these new libraries.
2017-11-29 00:13:09 +01:00
# Needed for 2-factor authentication
requirements: Use django-two-factor-auth extra to pull in twilio. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-01-26 22:50:42 +01:00
django-two-factor-auth[call,phonenumberslite,sms]
requirements: Include stripe in common.in.
2018-01-13 19:36:21 +01:00
billing: Update stripe python package. Needed for stripe.Invoice.finalize_invoice().
2018-12-17 20:32:11 +01:00
# Needed for processing payments (in corporate)
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
stripe
local-uploads: Start running authentication checks on file requests. From here on we start to authenticate uploaded file request before serving this files in production. This involves allowing NGINX to pass on these file requests to Django for authentication and then serve these files by making use on internal redirect requests having x-accel-redirect field. The redirection on requests and loading of x-accel-redirect param is handled by django-sendfile. NOTE: This commit starts to authenticate these requests for Zulip servers running platforms either Ubuntu Xenial (16.04) or above. Fixes: #320 and #291 partially.
2018-02-12 18:18:03 +01:00
# Needed for serving uploaded files from nginx but perform auth checks in django.
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
django-sendfile2
email: Use PyPi module for disposable email providers list.
2018-03-05 12:28:41 +01:00
# For checking whether email of the user is from a disposable email provider.
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
disposable-email-domains
requirements: Add dependency for parsing OpenAPI-formatted YAML files.
2018-05-26 00:59:35 +02:00
# Needed for parsing YAML with JSON references from the REST API spec files
openapi: Remove yamole. As explained in the previous commit, yamole preprocessed allOf with an algorithm that is not standards compliant. We replicate that algorithm, but importantly, we only use it for our own code and not for building the openapi_core RequestValidator. This improves the time taken by OpenAPISpec().check_reload() from 1.69s to 0.53s, nearly all of which is inside openapi_core.create_spec. Closes #10484. Significantly improves #16068. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-08-12 01:35:02 +02:00
jsonref
thumbor: Add libthumbor dependency. We need this for signing thumbnail requests from within Zulip.
2018-07-12 17:25:05 +02:00
alert_words: Performance improvements in looking for alert_words. This commit leverages the ahocorasick algorithm to build a set of user_ids that have their alert_words present in the message. It runs in linear time of the order of length of the input message as opposed to number of alert_words. This is after building a ahocorasick Automaton which runs in O(number of alert_words in entire realm) which is usually cached.
2019-02-11 15:19:38 +01:00
# Needed for string matching in AlertWordProcessor
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
pyahocorasick
requirements: Add 'decorator' dependency. We already had this as an indirect dependency, but now it's going to be needed to write a decorator for rate limiting authenticate() functions, so it should be added to common.in.
2019-08-01 15:04:02 +02:00
# Needed for function decorators that don't break introspection.
# Used for rate limiting authentication.
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
decorator
dependencies: Add dependencies needed for SAML.
2019-09-19 22:31:52 +02:00
auth: Use zxcvbn to ensure password strength on server side. For a long time, we've been only doing the zxcvbn password strength checks on the browser, which is helpful, but means users could through hackery (or a bug in the frontend validation code) manage to set a too-weak password. We fix this by running our password strength validation on the backend as well, using python-zxcvbn. In theory, a bug in python-zxcvbn could result in it producing a different opinion than the frontend version; if so, it'd be a pretty bad bug in the library, and hopefully we'd hear about it from users, report upstream, and get it fixed that way. Alternatively, we can switch to shelling out to node like we do for KaTeX. Fixes #6880.
2019-11-18 08:11:03 +01:00
# For server-side enforcement of password strength
zxcvbn
compose: Rewrite Zoom video call integration to use OAuth. This reimplements our Zoom video call integration to use an OAuth application. In addition to providing a cleaner setup experience, especially on zulipchat.com where the server administrators can have done the app registration already, it also fixes the limitation of the previous integration that it could only have one call active at a time when set up with typical Zoom API keys. Fixes #11672. Co-authored-by: Marco Burstein <marco@marco.how> Co-authored-by: Tim Abbott <tabbott@zulipchat.com> Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-11-16 09:26:28 +01:00
# Needed for sending HTTP requests
requests[security]
requests-oauthlib
openapi: Use third-party validator for schema validation. Our previous OpenAPI schema validator that we implemented ourselves was useful training wheels for our understanding OpenAPI properly, and was mostly correct. But given that we've finally reached the point where our OpenAPI file accurately describes the API, it makes sense to switch to use an official OpenAPI validator. We lose some ability to do exclude rules for particular elements, but those were primarily important for us when we had a lot of them. As part of this change, we need to add `additionalProperties: false` for all of our dictonaries/objects where we've documented every parameter; otherwise the OpenAPI schema checker won't know that we expect every parameter to be documented.
2020-07-01 19:07:31 +02:00
# For OpenAPI schema validation.
requirements: Upgrade Python requirements. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-06-04 20:11:00 +02:00
openapi-core
sentry: Add sentry_sdk dependency.
2020-07-02 02:19:40 +02:00
# For reporting errors to sentry.io
sentry-sdk
markdown: Use tlds package to keep updated list of TLDs. Also remove a useage of "blacklist."
2020-09-22 03:10:16 +02:00
# For detecting URLs to link
tlds
compilemessages: Sort language list with Unicode Collation Algorithm. Right now the list of languages in Display settings → Default language is sorted in an unintuitive order due to the varying case conventions: British English Chinese (Taiwan) Deutsch English Hindi Indonesian (Indonesia) Lietuviškai Magyar Malayalam Nederlands Português Română Tiếng Việt Türkçe català español français galego italiano polski suomi svenska česky Русский Українська български српски فارسی தமிழ் 日本語 简体中文 繁體中文 한국어 Fix the sort to use the locale-independent Unicode Collation Algorithm: British English català česky Chinese (Taiwan) Deutsch English español français galego Hindi Indonesian (Indonesia) italiano Lietuviškai Magyar Malayalam Nederlands polski Português Română suomi svenska Tiếng Việt Türkçe български Русский српски Українська فارسی தமிழ் 한국어 日本語 简体中文 繁體中文 Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-21 23:38:45 +02:00
# Unicode Collation Algorithm for sorting multilingual strings
pyuca
email: Open a single SMTP connection to send email batches. Previously the outgoing emails were sent over several SMTP connections through the EmailSendingWorker; establishing a new connection each time adds notable overhead. Redefine EmailSendingWorker worker to be a LoopQueueProcessingWorker, which allows it to handle batches of events. At the same time, persist the connection across email sending, if possible. The connection is initialized in the constructor of the worker in order to keep the same connection throughout the whole process. The concrete implementation of the consume_batch function is simply processing each email one at a time until they have all been sent. In order to reuse the previously implemented decorator to retry sending failures a new method that meets the decorator's required arguments is declared inside the EmailSendingWorker class. This allows to retry the sending process of a particular email inside the batch if the caught exception leaves this process retriable. A second retry mechanism is used inside the initialize_connection function to redo the opening of the connection until it works or until three attempts failed. For this purpose the backoff module has been added to the dependencies and a test has been added to ensure that this retry mechanism works well. The connection is closed when the stop method is called. Fixes: #17672.
2021-03-20 14:07:02 +01:00
# Handle connection retries with exponential backoff
backoff