diff --git a/requirements/constraints.txt b/requirements/constraints.txt new file mode 100644 index 0000000000..ee5dc4ddb8 --- /dev/null +++ b/requirements/constraints.txt @@ -0,0 +1,13 @@ +# Version constraints for pip-installation. +# +# This file doesn't install any packages. It specifies version constraints +# that will be applied if a package is needed. +# +# When pinning something here, please provide an explanation of why. Ideally, +# link to other information that will help people in the future to remove the +# pin when possible. Writing an issue against the offending project and +# linking to it here is good. + +# six is at 1.12.0, but transifex-client requires ==1.11.0 +# https://github.com/transifex/transifex-client/issues/252 +six==1.11.0 diff --git a/requirements/edx-sandbox/base.in b/requirements/edx-sandbox/base.in index 39df686604..23d5bee6dd 100644 --- a/requirements/edx-sandbox/base.in +++ b/requirements/edx-sandbox/base.in @@ -7,5 +7,7 @@ # * confirm that it has no system requirements beyond what we already install # * run "make upgrade" to update the detailed requirements files +-c ../constraints.txt + -r shared.txt # Dependencies in common with LMS and Studio matplotlib==1.3.1 # 2D plotting library diff --git a/requirements/edx-sandbox/base.txt b/requirements/edx-sandbox/base.txt index 804988efe0..f8e537deba 100644 --- a/requirements/edx-sandbox/base.txt +++ b/requirements/edx-sandbox/base.txt @@ -14,7 +14,7 @@ cffi==1.11.5 cryptography==2.4.2 enum34==1.1.6 futures==3.2.0 # via tornado -idna==2.7 +idna==2.8 ipaddress==1.0.22 lxml==3.8.0 markupsafe==1.1.0 diff --git a/requirements/edx-sandbox/shared.in b/requirements/edx-sandbox/shared.in index c5057c8914..fc60d8e87b 100644 --- a/requirements/edx-sandbox/shared.in +++ b/requirements/edx-sandbox/shared.in @@ -7,6 +7,8 @@ # * confirm that it has no system requirements beyond what we already install # * run "make upgrade" to update the detailed requirements files +-c ../constraints.txt + cryptography # Implementations of assorted cryptography algorithms lxml==3.8.0 # XML parser networkx==1.7 # Utilities for creating, manipulating, and studying network graphs @@ -16,13 +18,6 @@ pyparsing # Python parsing library; used by the calc p sympy==0.7.1 # Symbolic math library; used by the calc package scipy==0.14.0 # Math, science, and engineering library; used by the calc package -# Pinned early: -# edx-sandbox/shared.in has cryptography, which wants idna, and finds 2.8 -# paver.in has requests, which wants idna<2.8 -# but paver.in includes edx-sandbox/shared.txt which now pins idna==2.8 -# *conflict* -idna<2.8 - # Install these packages from the edx-platform working tree # NOTE: if you change code in these packages, you MUST change the version # number in its setup.py or the code WILL NOT be installed during deploy. diff --git a/requirements/edx-sandbox/shared.txt b/requirements/edx-sandbox/shared.txt index 59ccac511d..adc8434188 100644 --- a/requirements/edx-sandbox/shared.txt +++ b/requirements/edx-sandbox/shared.txt @@ -12,7 +12,7 @@ asn1crypto==0.24.0 # via cryptography cffi==1.11.5 # via cryptography cryptography==2.4.2 enum34==1.1.6 # via cryptography -idna==2.7 +idna==2.8 # via cryptography ipaddress==1.0.22 # via cryptography lxml==3.8.0 markupsafe==1.1.0 diff --git a/requirements/edx/base.in b/requirements/edx/base.in index 699fb302f8..bf0d6d6601 100644 --- a/requirements/edx/base.in +++ b/requirements/edx/base.in @@ -7,6 +7,9 @@ # * confirm that it has no system requirements beyond what we already install # * run "make upgrade" to update the detailed requirements files # + +-c ../constraints.txt + -r ../edx-sandbox/shared.txt # Dependencies which are also used by code sandboxes -r github.in # Forks and other dependencies not yet on PyPI -r local.in # Packages in edx-platform which have their own setup.py diff --git a/requirements/edx/base.txt b/requirements/edx/base.txt index 0bb76d1cda..f3ab055a2c 100644 --- a/requirements/edx/base.txt +++ b/requirements/edx/base.txt @@ -145,7 +145,7 @@ hash-ring==1.3.1 # via django-memcached-hashring help-tokens==1.0.3 html5lib==1.0.1 httplib2==0.12.0 # via oauth2, zendesk -idna==2.7 +idna==2.8 ipaddr==2.1.11 ipaddress==1.0.22 isodate==0.6.0 # via python-saml @@ -210,7 +210,7 @@ pyyaml==3.13 redis==2.10.6 reportlab==3.5.12 requests-oauthlib==1.0.0 -requests==2.20.1 +requests==2.21.0 rest-condition==1.0.3 rfc6266-parser==0.0.5.post2 rules==2.0.1 diff --git a/requirements/edx/coverage.in b/requirements/edx/coverage.in index 5c137479db..26a1299140 100644 --- a/requirements/edx/coverage.in +++ b/requirements/edx/coverage.in @@ -9,5 +9,8 @@ # * confirm that it has no system requirements beyond what we already install # * run "make upgrade" to update the detailed requirements files # + +-c ../constraints.txt + coverage==4.4 # Code coverage testing for Python diff-cover==0.9.8 # Automatically find diff lines that need test coverage diff --git a/requirements/edx/development.in b/requirements/edx/development.in index 7d80639ad2..db76c97814 100644 --- a/requirements/edx/development.in +++ b/requirements/edx/development.in @@ -8,6 +8,8 @@ # When adding a new dependency which is imported from edx-platform code as a library, # update scripts/dependencies/development.txt accordingly. +-c ../constraints.txt + -r pip-tools.txt # pip-tools and its dependencies, for managing requirements files -r testing.txt # Dependencies for running the various test suites diff --git a/requirements/edx/development.txt b/requirements/edx/development.txt index 4f19b585bb..8287043299 100644 --- a/requirements/edx/development.txt +++ b/requirements/edx/development.txt @@ -180,7 +180,7 @@ help-tokens==1.0.3 html5lib==1.0.1 httplib2==0.12.0 httpretty==0.9.6 -idna==2.7 +idna==2.8 imagesize==1.1.0 # via sphinx incremental==17.5.0 inflect==2.1.0 @@ -289,7 +289,7 @@ radon==2.4.0 redis==2.10.6 reportlab==3.5.12 requests-oauthlib==1.0.0 -requests==2.20.1 +requests==2.21.0 rest-condition==1.0.3 rfc6266-parser==0.0.5.post2 rules==2.0.1 diff --git a/requirements/edx/paver.in b/requirements/edx/paver.in index 6bf7811f9e..a051ed3173 100644 --- a/requirements/edx/paver.in +++ b/requirements/edx/paver.in @@ -7,6 +7,9 @@ # * confirm that it has no system requirements beyond what we already install # * run "make upgrade" to update the detailed requirements files # + +-c ../constraints.txt + edx-opaque-keys # Create and introspect course and xblock identities lazy==1.1 # Lazily-evaluated attributes for Python objects libsass==0.10.0 # Python bindings for the LibSass CSS compiler diff --git a/requirements/edx/paver.txt b/requirements/edx/paver.txt index 892869ec46..0555710508 100644 --- a/requirements/edx/paver.txt +++ b/requirements/edx/paver.txt @@ -9,7 +9,7 @@ argparse==1.4.0 # via stevedore certifi==2018.11.29 # via requests chardet==3.0.4 # via requests edx-opaque-keys==0.4.4 -idna==2.7 # via requests +idna==2.8 # via requests lazy==1.1 libsass==0.10.0 markupsafe==1.1.0 @@ -22,7 +22,7 @@ psutil==1.2.1 pymongo==2.9.1 python-memcached==1.48 pyyaml==3.13 # via watchdog -requests==2.20.1 +requests==2.21.0 six==1.11.0 # via edx-opaque-keys, libsass, paver, stevedore stevedore==1.10.0 urllib3==1.23 diff --git a/requirements/edx/pip-tools.in b/requirements/edx/pip-tools.in index 06c8949d5d..50f3de3e19 100644 --- a/requirements/edx/pip-tools.in +++ b/requirements/edx/pip-tools.in @@ -7,4 +7,6 @@ # * confirm that it has no system requirements beyond what we already install # * run "make upgrade" to update the detailed requirements files +-c ../constraints.txt + pip-tools # Contains pip-compile, used to generate pip requirements files diff --git a/requirements/edx/testing.in b/requirements/edx/testing.in index b00249fd66..cb4ffb8d83 100644 --- a/requirements/edx/testing.in +++ b/requirements/edx/testing.in @@ -12,6 +12,8 @@ # * run "make upgrade" to update the detailed requirements files # * add an appropriate pattern to scripts/dependencies/testing.py +-c ../constraints.txt + -r base.txt # Core edx-platform production dependencies -r coverage.txt # Utilities for calculating test coverage @@ -21,7 +23,7 @@ bok-choy # Framework for browser automation tests, based on sel cssselect # Used to extract HTML fragments via CSS selectors in 2 test cases and pyquery ddt # Run a test case multiple times with different input; used in many, many of our tests edx-i18n-tools>=0.4.6 # Commands for developers and translators to extract, compile and validate translations -edx-lint # pylint extensions for Open edX repositories +edx-lint==0.6.0 # pylint extensions for Open edX repositories pylint-plugin-utils==0.3 # required by edx-lint and pinned explicitly here because newer versions don't guarantee python 2 support. # can be removed when we get to python 3 factory_boy==2.8.1 # Library for creating test fixtures, used in many tests diff --git a/requirements/edx/testing.txt b/requirements/edx/testing.txt index 1c53767617..b39e4b1e7e 100644 --- a/requirements/edx/testing.txt +++ b/requirements/edx/testing.txt @@ -174,7 +174,7 @@ help-tokens==1.0.3 html5lib==1.0.1 httplib2==0.12.0 httpretty==0.9.6 -idna==2.7 +idna==2.8 incremental==17.5.0 # via twisted inflect==2.1.0 ipaddr==2.1.11 @@ -278,7 +278,7 @@ radon==2.4.0 redis==2.10.6 reportlab==3.5.12 requests-oauthlib==1.0.0 -requests==2.20.1 +requests==2.21.0 rest-condition==1.0.3 rfc6266-parser==0.0.5.post2 rules==2.0.1