Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/requirements/common.in

182 lines
4.5 KiB
Plaintext
Raw Normal View History

requirements: Add documentation on regenerating lockfiles.
2017-08-30 00:45:33 +02:00
# After editing this file, you MUST afterward run
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these.
2017-11-17 02:41:06 +01:00
# /tools/update-locked-requirements to update requirements/dev.txt
# and requirements/prod.txt.
requirements: Add documentation on regenerating lockfiles.
2017-08-30 00:45:33 +02:00
# See requirements/README.md for more detail.
common.txt: Delete patched Django comment.
2017-10-19 06:48:23 +02:00
# Django itself
dependencies: Upgrade to Django 2.2.10. Django 2.2.x is the next LTS release after Django 1.11.x; I expect we'll be on it for a while, as Django 3.x won't have an LTS release series out for a while. Because of upstream API changes in Django, this commit includes several changes beyond requirements and: * urls: django.urls.resolvers.RegexURLPattern has been replaced by django.urls.resolvers.URLPattern; affects OpenAPI code and related features which re-parse Django's internals. https://code.djangoproject.com/ticket/28593 * test_runner: Change number to suffix. Django changed the name in this ticket: https://code.djangoproject.com/ticket/28578 * Delete now-unnecessary SameSite cookie code (it's now the default). * forms: urlsafe_base64_encode returns string in Django 2.2. https://docs.djangoproject.com/en/2.2/ref/utils/#django.utils.http.urlsafe_base64_encode * upload: Django's File.size property replaces _get_size(). https://docs.djangoproject.com/en/2.2/_modules/django/core/files/base/ * process_queue: Migrate to new autoreload API. * test_messages: Add an extra query caused by .refresh_from_db() losing the .select_related() on the Realm object. * session: Sync SessionHostDomainMiddleware with Django 2.2. There's a lot more we can do to take advantage of the new release; this is tracked in #11341. Many changes by Tim Abbott, Umair Waheed, and Mateusz Mandera squashed are squashed into this commit. Fixes #10835.
2018-02-02 05:43:18 +01:00
Django==2.2.*
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
mypy: Migrate from mypy_extensions to typing_extensions. This gives us access to typing_extensions.Deque, which was not added to typing until 3.5.4. (PROVISION_VERSION is not bumped because the transitive dependency set in dev.txt hasn’t changed.) Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-08-06 01:29:34 +02:00
# needed for Deque (in Python < 3.5.4) and TypedDict
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
typing-extensions
mypy: Use TypedDict for UnreadMessageResult.
2017-08-09 04:01:00 +02:00
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for rendering backend templates
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
Jinja2
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for markdown processing
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
Markdown
Pygments
hyperlink
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for manage.py
requirements: Upgrade versions of indirect dependencies.
2019-12-11 21:17:26 +01:00
# Upgrade blocked because ipython dropped Python 3.5 support.
ipython==7.9.*
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for Image Processing
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
Pillow
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for building complex DB queries
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
SQLAlchemy
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for password hashing
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
argon2-cffi
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for S3 file uploads
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
boto
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for integrations
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
defusedxml
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for LDAP support
requirements: Use our fork of django-auth-ldap.
2019-09-30 03:21:15 +02:00
# Using our fork for the feature of searching users by email.
# https://github.com/django-auth-ldap/django-auth-ldap/pull/150 for monitoring
# progress on merging this upstream.
requirements: Use archive zip files from GitHub. This avoids expensive `git clone` operations during provisioning and installation, and will also allow us to use `pip-compile --generate-hashes` for better security. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-03 04:51:29 +02:00
https://github.com/zulip/django-auth-ldap/archive/e26d0ef2a7ff77ab3fdd7b6578a76081f780778c.zip#egg=django-auth-ldap==2.0.0zulip1
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Django extension providing bitfield support
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
django-bitfield
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Django extension for sending data to statsd
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
django-statsd-mozilla
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for Android push notifications
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
python-gcm
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for the email mirror
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
html2text
httplib2
requirements: Add comments with explanatory links for forked packages. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-11-12 00:40:57 +01:00
# Forked to avoid pulling in scipy: https://github.com/mailgun/talon/issues/130
requirements: Use archive zip files from GitHub. This avoids expensive `git clone` operations during provisioning and installation, and will also allow us to use `pip-compile --generate-hashes` for better security. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-03 04:51:29 +02:00
https://github.com/zulip/talon/archive/7d8bdc4dbcfcc5a73298747293b99fe53da55315.zip#egg=talon==1.2.10.zulip1
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
hipchat: Improve import of public room subscribers. Now, if you pass an api_key, we'll initialize the public room subscribers to be whatever they were at the time the import happened. Also, document the situation on the caveats section.
2019-01-10 00:42:38 +01:00
# Needed for hipchat import
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
hypchat
hipchat: Improve import of public room subscribers. Now, if you pass an api_key, we'll initialize the public room subscribers to be whatever they were at the time the import happened. Also, document the situation on the caveats section.
2019-01-10 00:42:38 +01:00
requirements: Add premailer for inlining email CSS.
2017-09-16 14:29:51 +02:00
# Needed for inlining the CSS in emails
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
premailer
requirements: Add premailer for inlining email CSS.
2017-09-16 14:29:51 +02:00
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for JWT-based auth
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
PyJWT
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for including other markdown files for user docs
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
markdown-include
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for mock objects in decorators
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
mock
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed to access rabbitmq
Upgrade pika to 1.1.*. Upgrade pika to 1.1.* and make some changes accordingly to comply with the new version. Fixes #12899.
2019-10-09 04:38:43 +02:00
pika
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed to access our database
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
psycopg2 --no-binary psycopg2
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for memcached usage
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
pylibmc
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
django-pylibmc: Add dependancy and use as cache backend for memcached.
2018-06-11 04:19:16 +02:00
# Needed for compression support in memcached via pylibmc
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
django-pylibmc
django-pylibmc: Add dependancy and use as cache backend for memcached.
2018-06-11 04:19:16 +02:00
requirements: Mark dateutil as being explicitly used by tests. Since it's a library we might eventually start using in production code without thinking about it, I'd rather just have it be available in all environments.
2017-08-22 19:32:38 +02:00
# Needed for zerver/tests/test_timestamp.py
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
python-dateutil
requirements: Mark dateutil as being explicitly used by tests. Since it's a library we might eventually start using in production code without thinking about it, I'd rather just have it be available in all environments.
2017-08-22 19:32:38 +02:00
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for timezone work
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
pytz
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for redis
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
redis
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for Python 2+3 compatibility
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
six
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed to parse source maps for error reporting
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
sourcemap
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Tornado used for server->client push system
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
tornado==4.* # https://github.com/zulip/zulip/issues/8913
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Fast JSON parser
requirements: Add comments with explanatory links for forked packages. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-11-12 00:40:57 +01:00
# Forked for an issue related to unpaired Unicode surrogates:
# https://github.com/zulip/zulip/issues/6332, https://github.com/esnme/ultrajson/pull/284
requirements: Use archive zip files from GitHub. This avoids expensive `git clone` operations during provisioning and installation, and will also allow us to use `pip-compile --generate-hashes` for better security. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-03 04:51:29 +02:00
https://github.com/zulip/ultrajson/archive/70ac02becc3e11174cd5072650f885b30daab8a8.zip#egg=ujson==1.35+git
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Django extension for serving webpack modules
requirements: Use webpack4 fork of django-webpack-loader. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-22 02:57:27 +02:00
django-webpack4-loader
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for iOS push notifications
requirements: Upgrade apns2. My PR https://github.com/Pr0Ger/PyAPNs2/pull/90 fixing Python 3.5.2 support was merged. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-08 22:42:48 +02:00
apns2
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
python-twitter
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# To parse po files
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
polib
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for cloning virtual environments
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
virtualenv-clone
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for reading json as stream
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
ijson
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
# Needed for link preview
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
beautifulsoup4
pyoembed
python-magic
requirements: Squash common.txt into py3_common.txt.
2017-08-22 00:16:18 +02:00
Revert "requirements: Use pypi versions of zulip and zulip_bots." This reverts commit 6b142b35e63e72a910173603fd4f1063c25fd9ed.
2018-04-17 01:36:00 +02:00
# The Zulip API bindings, from its own repository. We integrate with
# these tightly, including fetching content not included in the normal
# release tarballs (which is a bug). So we need to pin it makes sense
# to pin a version from Git rather than a release.
requirements: Upgrade python-api-bindings. python 3.8 support for python-api-bindings was fixed in commit https://github.com/zulip/python-zulip-api/commit/63bc9b8a4fe922befac8c8b0000d30b22911d797 so upgraded python-api-bindings to tag 0.6.3 which included this fix. Bumped PROVISION_VERSION.
2020-03-23 09:48:17 +01:00
https://github.com/zulip/python-zulip-api/archive/0.6.3.zip/#egg=zulip==0.6.3_git&subdirectory=zulip
https://github.com/zulip/python-zulip-api/archive/0.6.3.zip/#egg=zulip_bots==0.6.3+git&subdirectory=zulip_bots
requirements: Move common includes to py2/py3, not dev/prod. This is a nonfunctional refactor of how the common.txt requirements are included. It is preparation for a new model for freezing our recursive dependencies based on `pip compile`.
2017-05-14 07:09:42 +02:00
Add python3-specific requirements files.
2016-07-02 07:26:18 +02:00
# Used for Hesiod lookups, etc.
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
py3dns
requirements/py3_common.txt: Add missing packages. These packages are imported but not used during setup. So it's okay to include them even if zulip doesn't support them yet.
2016-07-03 09:21:33 +02:00
Add socialauth requirements file.
2016-07-20 12:16:02 +02:00
# Install Python Social Auth
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
social-auth-app-django
requirements: Ask social-auth to pull in its own reqs for Azure, SAML. This makes no actual change to the installed packages, but may help upgrades go more correctly. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-02-06 09:56:32 +01:00
social-auth-core[azuread,saml]
requirements: Add 'lxml' as a dependency required for parsing HTML. We need to parse rendered HTML content of messages while preparing content for mobile push notifications and for doing so we need to use lxml's HTML parser.
2017-10-05 23:03:30 +02:00
# Needed for messages' rendered content parsing in push notifications.
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
lxml
requirements: Add dependencies for two-factor auth. We're not yet ready to add 2FA to Zulip yet, but we've determined we'd like to work from these libraries. I'm not bothering to bump PROVISION_VERSION for this, since we're likely to do something else that bumps it soon, and we're not merging anything that uses these new libraries.
2017-11-29 00:13:09 +01:00
# Needed for 2-factor authentication
requirements: Upgrade all Python requirements. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-02-05 08:22:03 +01:00
django-two-factor-auth[phonenumberslite]
requirements: Explicitly specefy phonenumberslite as a dependency. If we don't specify phonenumberslite explicitly it would be removed when setuptools is upgraded to latest version.
2019-05-27 14:20:54 +02:00
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
twilio
requirements: Include stripe in common.in.
2018-01-13 19:36:21 +01:00
billing: Update stripe python package. Needed for stripe.Invoice.finalize_invoice().
2018-12-17 20:32:11 +01:00
# Needed for processing payments (in corporate)
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
stripe
local-uploads: Start running authentication checks on file requests. From here on we start to authenticate uploaded file request before serving this files in production. This involves allowing NGINX to pass on these file requests to Django for authentication and then serve these files by making use on internal redirect requests having x-accel-redirect field. The redirection on requests and loading of x-accel-redirect param is handled by django-sendfile. NOTE: This commit starts to authenticate these requests for Zulip servers running platforms either Ubuntu Xenial (16.04) or above. Fixes: #320 and #291 partially.
2018-02-12 18:18:03 +01:00
# Needed for serving uploaded files from nginx but perform auth checks in django.
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
django-sendfile2
email: Use PyPi module for disposable email providers list.
2018-03-05 12:28:41 +01:00
# For checking whether email of the user is from a disposable email provider.
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
disposable-email-domains
requirements: Add dependency for parsing OpenAPI-formatted YAML files.
2018-05-26 00:59:35 +02:00
# Needed for parsing YAML with JSON references from the REST API spec files
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
yamole
thumbor: Add libthumbor dependency. We need this for signing thumbnail requests from within Zulip.
2018-07-12 17:25:05 +02:00
# Needed for signing thumbnail requests so that they can be authenticated on the
requirements: Add comments with explanatory links for forked packages. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-11-12 00:40:57 +01:00
# other end. Using a fork to eliminate a really slow pkgresources import:
# https://github.com/thumbor/libthumbor/pull/37
requirements: Use archive zip files from GitHub. This avoids expensive `git clone` operations during provisioning and installation, and will also allow us to use `pip-compile --generate-hashes` for better security. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-03 04:51:29 +02:00
https://github.com/zulip/libthumbor/archive/60ed2431c07686a12f2770b2d852c5650f3ccfc6.zip#egg=libthumbor==1.3.2zulip
alert_words: Performance improvements in looking for alert_words. This commit leverages the ahocorasick algorithm to build a set of user_ids that have their alert_words present in the message. It runs in linear time of the order of length of the input message as opposed to number of alert_words. This is after building a ahocorasick Automaton which runs in O(number of alert_words in entire realm) which is usually cached.
2019-02-11 15:19:38 +01:00
# Needed for string matching in AlertWordProcessor
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
pyahocorasick
requirements: Add 'decorator' dependency. We already had this as an indirect dependency, but now it's going to be needed to write a decorator for rate limiting authenticate() functions, so it should be added to common.in.
2019-08-01 15:04:02 +02:00
# Needed for function decorators that don't break introspection.
# Used for rate limiting authentication.
requirements: Remove unnecessary version bounds from *.in. This makes no changes to the locked versions in *.txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from *.txt and re-run `update-locked-requirements`; * marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 01:34:04 +02:00
decorator
dependencies: Add dependencies needed for SAML.
2019-09-19 22:31:52 +02:00
security: Send SameSite=Lax cookies. Send the `csrftoken` and `sessionid` cookies with `SameSite=Lax`. This adds a layer of defense against CSRF attacks and matches the new default in Django 2.1: https://docs.djangoproject.com/en/2.1/releases/2.1/#samesite-cookies This can be reverted when we upgrade to Django ≥ 2.1. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-30 04:23:54 +01:00
# Use SameSite cookies in legacy Django (remove with Django 2.1)
django-cookies-samesite
auth: Use zxcvbn to ensure password strength on server side. For a long time, we've been only doing the zxcvbn password strength checks on the browser, which is helpful, but means users could through hackery (or a bug in the frontend validation code) manage to set a too-weak password. We fix this by running our password strength validation on the backend as well, using python-zxcvbn. In theory, a bug in python-zxcvbn could result in it producing a different opinion than the frontend version; if so, it'd be a pretty bad bug in the library, and hopefully we'd hear about it from users, report upstream, and get it fixed that way. Alternatively, we can switch to shelling out to node like we do for KaTeX. Fixes #6880.
2019-11-18 08:11:03 +01:00
# For server-side enforcement of password strength
zxcvbn