zulip/requirements/dev.in

# After editing this file, you MUST afterward run
# /tools/update-locked-requirements to update requirements/dev.txt.
# See requirements/README.md for more detail.
-r pip.in
-r prod.in
-r docs.in

# moto s3 mock
moto[s3]<2.2.2  # https://github.com/spulec/moto/pull/4214

# Needed for running tools/run-dev.py
Twisted

# Needed for documentation links test
https://github.com/scrapy/scrapy/archive/c5b1ee810167266fcd259f263dbfc0fe0204761a.zip#egg=Scrapy==2.5.0+git  # aioapns requires h2 ≥ 4.0: https://github.com/scrapy/scrapy/pull/5113

# Needed to compute test coverage
coverage

# fake for LDAP testing
fakeldap

# For testing mock http requests
responses

# For sorting imports
isort

# For doing highly usable Python profiling
line-profiler

# for pep8 linter
pycodestyle

# Python reformatter
black

# Needed to run pyflakes linter
pyflakes

# Needed for watching file changes
pyinotify

# Needed to run tests in parallel
tblib

# Needed to lint Git commit messages
gitlint

# Needed for visualising cprofile reports
snakeviz

# Needed for creating DigitalOcean droplets
python-digitalocean

# Needed for updating the locked pip dependencies
pip-tools

# zulip's linting framework - zulint
https://github.com/zulip/zulint/archive/9908540b7734b51f86ccabab706befc2ff33212a.zip#egg=zulint==0.0.1

-r mypy.in

# These modules are built into later versions of Python and will
# generate different locked files if executed with Python ≥ 3.7, so
# despite being dependent packages, they have to be added separately.
importlib-metadata;python_version<"3.8"  # for jsonpickle, jsonschema

# Needed for using integration logo svg files as bot avatars
cairosvg

# Needed for tools/check-thirdparty
python-debian

# Pattern-based lint tool
semgrep

# Contains Pysa, a security-focused static analyzer
pyre-check
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00			`# After editing this file, you MUST afterward run`
			`# /tools/update-locked-requirements to update requirements/dev.txt.`
			`# See requirements/README.md for more detail.`
update-locked-requirements: Generate prod locks from dev locks. This guarantees that we don’t accidentally upgrade one without the other, which could happen for example due to different third-party version constraints between the two. Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2020-04-18 01:45:40 +02:00			`-r pip.in`
			`-r prod.in`
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00			`-r docs.in`

			`# moto s3 mock`
requirements: Upgrade Python requirements. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-08-24 01:25:50 +02:00			`moto[s3]<2.2.2 # https://github.com/spulec/moto/pull/4214`
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00
			`# Needed for running tools/run-dev.py`
requirements: Remove unnecessary version bounds from .in. This makes no changes to the locked versions in .txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from .txt and re-run `update-locked-requirements`; marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2019-09-23 01:34:04 +02:00			`Twisted`
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00
			`# Needed for documentation links test`
requirements: Upgrade Python requirements. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-07-06 08:06:18 +02:00			`https://github.com/scrapy/scrapy/archive/c5b1ee810167266fcd259f263dbfc0fe0204761a.zip#egg=Scrapy==2.5.0+git # aioapns requires h2 ≥ 4.0: https://github.com/scrapy/scrapy/pull/5113`
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00
			`# Needed to compute test coverage`
requirements: Remove unnecessary version bounds from .in. This makes no changes to the locked versions in .txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from .txt and re-run `update-locked-requirements`; marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2019-09-23 01:34:04 +02:00			`coverage`
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00
			`# fake for LDAP testing`
requirements: Upgrade fakeldap dependency to the latest version. 2020-06-25 04:50:03 +02:00			`fakeldap`
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00
requirements: Add httpretty to dependencies. We'll be using this for a range of testing mocks in our auth code. 2018-05-21 06:57:24 +02:00			`# For testing mock http requests`
requirements: Upgrade moto to 1.3.17.dev230. This unblocks the upgrade to responses 0.12.1. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-01-29 20:57:02 +01:00			`responses`
requirements: Add httpretty to dependencies. We'll be using this for a range of testing mocks in our auth code. 2018-05-21 06:57:24 +02:00
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00			`# For sorting imports`
requirements: Upgrade Python requirements. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-07-09 23:43:25 +02:00			`isort`
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00
requirements: Upgrade Python requirements. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-07-09 23:43:25 +02:00			`# For doing highly usable Python profiling`
requirements: Upgrade Python requirements. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-07-03 02:47:21 +02:00			`line-profiler`
requirements: Use PyPI fork of line_profiler supporting Python 3.7. Also move it to dev.in. Other notes for posterity: this should have been installed with a pinned commit hash, and could have been installed directly from the upstream Git repository, even on Python 3.7, as long as Cython was installed as well. Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2019-09-07 01:33:33 +02:00
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00			`# for pep8 linter`
requirements: Remove unnecessary version bounds from .in. This makes no changes to the locked versions in .txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from .txt and re-run `update-locked-requirements`; marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2019-09-23 01:34:04 +02:00			`pycodestyle`
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00
lint: Replace (most of) pycodestyle with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-09-02 05:22:01 +02:00			`# Python reformatter`
			`black`

requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00			`# Needed to run pyflakes linter`
requirements: Remove unnecessary version bounds from .in. This makes no changes to the locked versions in .txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from .txt and re-run `update-locked-requirements`; marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2019-09-23 01:34:04 +02:00			`pyflakes`
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00
requirements: Add pyinotify dependency. 2019-05-29 01:25:49 +02:00			`# Needed for watching file changes`
requirements: Remove unnecessary version bounds from .in. This makes no changes to the locked versions in .txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from .txt and re-run `update-locked-requirements`; marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2019-09-23 01:34:04 +02:00			`pyinotify`
requirements: Add pyinotify dependency. 2019-05-29 01:25:49 +02:00
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00			`# Needed to run tests in parallel`
requirements: Remove unnecessary version bounds from .in. This makes no changes to the locked versions in .txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from .txt and re-run `update-locked-requirements`; marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2019-09-23 01:34:04 +02:00			`tblib`
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00
			`# Needed to lint Git commit messages`
requirements: Upgrade Python requirements. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-03-26 01:13:54 +01:00			`gitlint`
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00
			`# Needed for visualising cprofile reports`
requirements: Remove unnecessary version bounds from .in. This makes no changes to the locked versions in .txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from .txt and re-run `update-locked-requirements`; marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2019-09-23 01:34:04 +02:00			`snakeviz`
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00
docs: Replace Digital Ocean with DigitalOcean. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-07-30 02:09:05 +02:00			`# Needed for creating DigitalOcean droplets`
requirements: Remove unnecessary version bounds from .in. This makes no changes to the locked versions in .txt, but it reduces duplicate information and gives us sane workflows for * upgrading packages: remove some or all lines from .txt and re-run `update-locked-requirements`; marking packages as intentionally held back: add a version bound to *.in with an explanatory comment. Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2019-09-23 01:34:04 +02:00			`python-digitalocean`
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00
			`# Needed for updating the locked pip dependencies`
requirements: Upgrade Python requirements. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-05-08 02:27:36 +02:00			`pip-tools`
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00
zulint: Use zulint from the extracted repository. zulint will be added as a "third-party" dependency in zulip from now on. See the new project at https://github.com/zulip/zulint for more details. 2019-07-26 04:45:18 +02:00			`# zulip's linting framework - zulint`
requirements: Upgrade Python requirements. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-06-04 20:11:00 +02:00			`https://github.com/zulip/zulint/archive/9908540b7734b51f86ccabab706befc2ff33212a.zip#egg=zulint==0.0.1`
zulint: Use zulint from the extracted repository. zulint will be added as a "third-party" dependency in zulip from now on. See the new project at https://github.com/zulip/zulint for more details. 2019-07-26 04:45:18 +02:00
requirements: Rename requirements files. This commit renames various source requirements files like `dev.txt`, `mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt` etc. This will help in emphasizing to the user that *.in are actually input to `update-locked-requirements` tool which should be run after updating any of these. 2017-11-17 02:41:06 +01:00			`-r mypy.in`
requirements: Add importlib-metadata and importlib-resources in dev.in. importlib-metadata and importlib-resources are dependent packages for jsonschema and cfn-lint respectively. They are built-in modules in later versions of python (3.8, 3.7). When update-locked-requirements is run within python3.7 or 3.8 they will generate difference in locked files so we build these modules separately to avoid such conflicts. 2020-03-22 23:49:01 +01:00
requirements: Upgrade Python requirements. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-25 02:29:22 +02:00			`# These modules are built into later versions of Python and will`
			`# generate different locked files if executed with Python ≥ 3.7, so`
			`# despite being dependent packages, they have to be added separately.`
			`importlib-metadata;python_version<"3.8" # for jsonpickle, jsonschema`
requirements: Remove requirement on cairosvg in production. The import of cairosvg has been made lazy, and we no longer need cairosvg on production. This reverts commit 561ded5e59bc4a17dc41a39b4d148e587005025e. 2020-04-20 19:16:27 +02:00
			`# Needed for using integration logo svg files as bot avatars`
			`cairosvg`
lint: Check docs/THIRDPARTY for format errors. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-05-02 02:36:23 +02:00
			`# Needed for tools/check-thirdparty`
			`python-debian`
semgrep: Upgrade semgrep to 0.17.0. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-07-30 22:01:28 +02:00
			`# Pattern-based lint tool`
			`semgrep`
dependencies: Add dependency on pyre-check for running Pysa. This commit adds a dev dependency on the pyre-check package, to enable the running of Pysa (a python static analyzer for security) in integration tests. 2020-09-16 23:24:19 +02:00
			`# Contains Pysa, a security-focused static analyzer`
			`pyre-check`