Commit Graph

25 Commits

Author SHA1 Message Date
Anders Kaseorg 5179e65493 requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-11-11 17:19:46 -08:00
Anders Kaseorg d4443bc4f8 requirements: Upgrade Python requirements.
Addresses a potential Pillow DoS vulnerability, among other things.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-28 16:42:20 -07:00
Anders Kaseorg 3d876aacc6 requirements: Use pip-compile --generated-hashes for better security.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-06 15:21:18 -07:00
Anders Kaseorg f671ca3780 requirements: Upgrade Python requirements.
This commit was generated by deleting these lock files and rerunning
update-locked-requirements.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 13:23:58 -07:00
Anders Kaseorg 2573ecb7d1 requirements: Bump thumbor Django to match main Django.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 11:56:36 -07:00
Anders Kaseorg 92b42573fb requirements: Compile thumbor requirements with pip-tools on Python 2.
The reason that `pip-tools` running on Python 3 didn’t detect the
right requirements for `thumbor` on Python 2 is simply that some of
them are conditional on the Python version.

As for the requirements that had been manually added as a workaround:
`backports-abc` and `singledispatch` are now correctly detected, while
`backports.ssl-match-hostname` was vendored into `urllib3` some time
ago and `certifi` is no longer necessary.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-23 11:56:36 -07:00
Vishnu Ks cb8b935ee8 requirements: Upgrade certifi from 2019.3.9 to 2019.6.16. 2019-07-26 10:57:31 -07:00
Vishnu Ks 8143b4e47f requirements: Upgrade indirect python dependencies. 2019-07-07 22:28:54 -07:00
Vishnu Ks a956854df3 requirements: Upgrade indirect dependencies in thumbor.txt. 2019-04-26 16:22:00 -07:00
Vishnu Ks 5bf437b964 thumbor requirements: Upgrade virtualenv-clone from 0.4.0 to 0.5.1. 2019-01-30 09:50:43 -08:00
Tim Abbott 11ffd6b370 requirements: Revert updates to thumbor virtualenv.
Apparently, this set of upgrades fails on the Travis production test
suite.  Not yet clear why, but reverting for now in any case.
2018-11-13 12:41:09 -08:00
Tim Abbott 6aee656f6b requirements: Update recursive dependencies.
This was generated by:
* `rm -f requirements/*.txt`
* `./tools/update-locked-requirements`

and passes tests.  The effect is to unpin ourselves from old versions
of a bunch of recursive dependencies of our third-party dependencies.
2018-11-13 12:31:35 -08:00
Vishnu Ks 77473c2a6a requirements: Upgrade django-auth-ldap to 1.7.0. 2018-11-12 15:27:26 -08:00
Vishnu Ks 4f91a564ef requirements: Upgrade virtualenv-clone to 0.4.0. 2018-11-12 15:27:26 -08:00
Vishnu Ks 8f5cbb5c8c requirements: Upgrade typing to 3.6.6. 2018-11-12 15:27:26 -08:00
Vishnu Ks 5ec9eb819b requirements: Upgrade certifi to 2018.10.15. 2018-11-09 10:17:55 -08:00
Vishnu Ks 22f4828dc9 requirements: Upgrade thumbor dependencies. 2018-07-31 11:13:22 -07:00
Tim Abbott 30a3c48ff3 thumbor: Fix missing virtualenv-clone package in dependencies.
This package is important in order to avoid scary-looking errors
whenever we upgrade the dependencies in thumbor.txt (where
virtualenv-clone isn't installed in the venv, and then gets installed
by the code we just added a TODO comment to.
2018-07-30 11:55:16 -07:00
Aditya Bansal 0e50afb599 thumbor: Add ldap and django as a dependancy.
We add this dependancy to thumbor for no use other than making an
import possible in one of the upcoming commits. Basically we wanted to
import LOCAL_UPLOADS_DIR from zproject.prod_settings or
zproject.dev_settings and prod_settings_template.py imports
django-auth-ldap (which depends on python-ldap and django).

This seems counterproductive, but it makes it possible for us to save
significant thumbor server startup time that would have been consumed
in `get-django-setting`, and once thumbor supports Python 3, we'll
probably be merging the virtualenvs anyway (in which case this change
would become a no-op).
2018-07-15 00:03:21 +05:30
Tim Abbott d615e84421 requirements: Update thumbor dependencies. 2018-06-05 10:09:09 -07:00
Aditya Bansal dedef11fe5 thumbor: Upgrade thumbor to v6.4.1. 2018-02-21 01:00:40 +05:30
Vishnu Ks f93f1972e9 requirements: Upgrade certifi to 2018.1.18. 2018-02-14 09:41:49 -08:00
Vishnu Ks 9effe27eab requirements: Upgrade typing to 3.6.4. 2018-02-14 09:41:49 -08:00
Harshit Bansal e75f0c1ee4 requirements: Rename requirements files.
This commit renames various source requirements files like `dev.txt`,
`mypy.txt` etc to `dev.in`, `mypy.in` etc and various locked requirements
files like `dev_lock.txt`, `mypy_lock.txt` etc to `dev.txt`, `mypy.txt`
etc. This will help in emphasizing to the user that *.in are actually
input to `update-locked-requirements` tool which should be run after
updating any of these.
2017-11-21 02:38:26 +05:30
Aditya Bansal dd037df2c4 thumbor: Add dependencies and virtualenv setup script.
In this commit we add new dependencies needed for running thumbor.
Also we add the script for creating the virtual environment ready
for thumbor.
Note: Thumbor will use python2 and thus have different virtualenv
dedicated to it.
Credits to @TigorC and @joshland as well for there work on this.
2017-11-16 22:38:29 -08:00