This commit upgrades the version of the lti-consumer-xblock library from version 9.0.2 to version 9.0.3. Version 9.0.3 includes a change to add logging for error cases in the access_token_endpoint view and the key handler classes.
Please see the CHANGELOG entry for this version for a full description of the change: https://github.com/openedx/xblock-lti-consumer/blob/master/CHANGELOG.rst#903---2023-04-18.
There was a `requirements/pip.txt` with old versions, and a newer
`requirements/edx/pip.txt` managed via a `pip.in` file. The old one was
used in most places, but came out of sync with pip-tools.txt, which was
managed properly. Eventually this caused a `pip check` failure due to the
mismatch.
This should resolve at least part of https://github.com/edx/edx-arch-experiments/issues/267
This PR moves pip.in and pip-tools.in and their corresponding pin files
up to the `requirements/` dir, since they should be shared between the edx
and sandbox environments. This also has the effect of upgrading pip to
match the version in the file we've been uselessly upgrading.
Other improvements:
- Remove `-q` option from pip and pip-sync calls, as it was hiding some
debugging information that would have resolved this sooner.
- Depend on `pre-requirements` from `compile-requirements`, rather than
from `upgrade`. (The base target is the one that actually needs it.)
This also lets us remove the explicit `pip install pip-tools` line.
- Install the recompiled pip and pip-tools files right away, not after the
loop. When we upgrade pip-tools, we want to use the upgraded version,
not the previous version. This requires moving the pip-tools.txt
recompilation outside of the loop and into its own explicit line.
- Don't upgrade pip if we're not running `make upgrade` (respect the
compile options).
- Remove apparently-unneeded `--no-emit-trusted-host --no-emit-index-url`
options (we don't pass trusted-host or index-url options).
This brings in some JWT verification monitoring.
This also includes a delayed upgrade of `edx-django-utils`, which had been manually and incompletely bumped in some previous PR.
Nine different URL-specified Python dependencies had
accumulated in edx-platform, noticably increasing the amount
time it took to install edx-platform requirements.
After many developer hours of work, we are nearly finished
converting them to PyPI-hosted depencencies:
openedx/wg-developer-experience#153
We're making these updates in hopes that we don't end
up with so many URL-specified depencencies again.
We're also updating OEP-18:
https://github.com/openedx/open-edx-proposals/pull/450
The CODEOWNERS update would mean that Arbi-BOM is notified
on all future PRs that change github.in. At the moment, edx-platform
does not *require* CODEOWNER review, so this is not a *hard* gate to
github.in changes.
Gate access to exam content by requiring an access token. This is a signed JWT issued by the edx-exams service that grants a user access to a sequence locator for a short lived window while an exam is in progress. This feature only applies to courses using the new exam service instead of edx-proctoring.
