From a053a925b3c24e12bab0cf9a2cf5d5f65c360c0a Mon Sep 17 00:00:00 2001
From: Anders Kaseorg <anders@zulipchat.com>
Date: Sat, 24 Aug 2019 16:12:15 -0700
Subject: [PATCH] requirements: Upgrade pip-tools to 3.8.0; downgrade pip to
 19.1.1.

These are not the latest versions, but pip-tools 3.9.0 or 4.0.0 fails
to resolve dependencies from Git URLs:

pip._internal.exceptions.DistributionNotFound: No matching distribution found for zulip==0.6.1_git (from -r requirements/common.in (line 135))

while pip 19.2 breaks pip-tools 3.8.0:

TypeError: __init__() got an unexpected keyword argument 'find_links'

Fixes #10802.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
---
 requirements/dev.in              | 2 +-
 requirements/dev.txt             | 7 +++++--
 requirements/docs.txt            | 3 +++
 requirements/pip.txt             | 2 +-
 requirements/prod.txt            | 4 ++++
 requirements/unupgradable.json   | 5 ++++-
 tools/update-locked-requirements | 3 +++
 version.py                       | 2 +-
 8 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/requirements/dev.in b/requirements/dev.in
index ee6bc136fd..d8c080df41 100644
--- a/requirements/dev.in
+++ b/requirements/dev.in
@@ -50,7 +50,7 @@ transifex-client==0.12.5
 python-digitalocean==1.14.0
 
 # Needed for updating the locked pip dependencies
-pip-tools==2.0.2
+pip-tools==3.8.0
 
 # zulip's linting framework - zulint
 -e git+https://github.com/zulip/zulint@aaed679f1ad38b230090eadd3870b7682500f60c#egg=zulint==0.0.1
diff --git a/requirements/dev.txt b/requirements/dev.txt
index a581482cbb..6f64493d68 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -63,7 +63,6 @@ docker==4.0.2             # via moto
 docutils==0.14            # via botocore, recommonmark, sphinx
 ecdsa==0.13.2             # via python-jose, sshpubkeys
 fakeldap==0.6.1
-first==2.0.2              # via pip-tools
 gitlint==0.12.0
 h2==2.6.2                 # via hyper
 hpack==3.0.0              # via h2
@@ -107,7 +106,7 @@ phonenumberslite==8.10.15
 pickleshare==0.7.5        # via ipython
 pika==0.13.0
 pillow==6.1.0
-pip-tools==2.0.2
+pip-tools==3.8.0
 polib==1.1.0
 premailer==3.5.0
 prompt-toolkit==1.0.16    # via ipython
@@ -189,3 +188,7 @@ wrapt==1.11.2             # via aws-xray-sdk
 xmltodict==0.12.0         # via moto
 yamole==2.1.6
 zope.interface==4.6.0     # via datetime, twisted
+
+# The following packages are considered to be unsafe in a requirements file:
+# pip==19.2.2
+# setuptools==41.2.0        # via cfn-lint, ipython, jsonschema, markdown, pyhamcrest, sphinx, zope.interface
diff --git a/requirements/docs.txt b/requirements/docs.txt
index 5f01d33d61..c01cfed247 100644
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -29,3 +29,6 @@ sphinx-rtd-theme==0.4.3
 sphinx==1.8.4
 sphinxcontrib-websupport==1.1.2  # via sphinx
 urllib3==1.25.3           # via requests
+
+# The following packages are considered to be unsafe in a requirements file:
+# setuptools==41.2.0        # via sphinx
diff --git a/requirements/pip.txt b/requirements/pip.txt
index 6c6f7dd599..38d68afa0d 100644
--- a/requirements/pip.txt
+++ b/requirements/pip.txt
@@ -1,4 +1,4 @@
 # Dependencies for setting up pip to install our requirements.txt file.
-pip==19.2.1
+pip==19.1.1
 setuptools==41.0.1
 wheel==0.33.4
diff --git a/requirements/prod.txt b/requirements/prod.txt
index 913cc7abc4..f898633c99 100644
--- a/requirements/prod.txt
+++ b/requirements/prod.txt
@@ -119,3 +119,7 @@ uwsgi==2.0.17.1
 virtualenv-clone==0.5.3
 wcwidth==0.1.7            # via prompt-toolkit
 yamole==2.1.6
+
+# The following packages are considered to be unsafe in a requirements file:
+# pip==19.2.2
+# setuptools==41.2.0        # via ipython, markdown
diff --git a/requirements/unupgradable.json b/requirements/unupgradable.json
index 3cc5688576..bbd10d0a0d 100644
--- a/requirements/unupgradable.json
+++ b/requirements/unupgradable.json
@@ -14,8 +14,11 @@
     "transifex-client": {
         "issue": "https://github.com/zulip/zulip/issues/8914"
     },
+    "pip": {
+        "issue": "https://github.com/zulip/zulip/issues/13067"
+    },
     "pip-tools": {
-        "issue": "https://github.com/zulip/zulip/issues/10802"
+        "issue": "https://github.com/zulip/zulip/issues/13067"
     },
     "defusedxml": {
         "issue": "https://github.com/zulip/zulip/issues/12191"
diff --git a/tools/update-locked-requirements b/tools/update-locked-requirements
index 24cc008292..e1dfec6693 100755
--- a/tools/update-locked-requirements
+++ b/tools/update-locked-requirements
@@ -41,6 +41,9 @@ EOF
         # This perl invocation strips the existing block of header comments.
         perl -0pe 's/\A(^#.*\n)*//m' "$output"
     ) | sponge "$output"
+
+    # Work around https://github.com/jazzband/pip-tools/issues/268
+    chmod a+r "$output"
 }
 
 OUTPUT_BASE_DIR='requirements'
diff --git a/version.py b/version.py
index 917b8ea611..5c3901c63a 100644
--- a/version.py
+++ b/version.py
@@ -26,4 +26,4 @@ LATEST_RELEASE_ANNOUNCEMENT = "https://blog.zulip.org/2019/03/01/zulip-2-0-relea
 #   historical commits sharing the same major version, in which case a
 #   minor version bump suffices.
 
-PROVISION_VERSION = '49.1'
+PROVISION_VERSION = '49.2'