We were using an old version of the python3-saml library,
which was causing issues with newer versions of social-core.
The reason it was pinned was because our etree implementation
didn't support several fields that the saml library did, so
we are now importing those entities as well.
This commit upgrades the version of the lti-consumer-xblock library from version 9.0.4 to version 9.1.0. Version 9.1.0 adds support for sending a learner's full name in an LTI launch. The full name is sent as an LTI parameter in LTI 1.1 launches as the "lis_person_name_full" parameter. The full name is sent as an LTI parameter to LTI 1.3 launches as the "name" ID token claim.
Please see the CHANGELOG entry for these versions for a full description of the changes: https://github.com/openedx/xblock-lti-consumer/blob/master/CHANGELOG.rst#910---2023-04-28
This commit also downgrades the edx-proctoring-proctortrack dependency from version 1.2.1 to 1.0.5. This is due to a pin in the version of this requirement to 1.0.5 that was not removed when the requirement version was manually updated to version 1.2.1 in #32154. The newer version of the library does not contain any Python changes, so we are rolling back this version until further notice.
The edx-sphinx theme is being deprecated, and replaced with sphinx-book-theme.
This removes references to the deprecated theme and replaces them with the new
standard theme for the platform.
See https://github.com/openedx/edx-sphinx-theme/issues/184
This adds a Make target that should simplify the common task of
upgrading a single dependency. Sometimes people manually edit the pin
files, which we would like to avoid; hopefully this will make it
easier for them to do the right thing.
The GitHub workflow should also make it easier for people on Mac to
recompile requirements in a Linux environment, reducing the number of
times spurious dependency changes show up in the pin files (due to
OS-dependent requirements.)
Also, separate upgrade/downgrade instructions and simplify the latter.
(Min constraints are rare and we usually move beyond them quickly.)
This commit upgrades the version of the lti-consumer-xblock library from version 9.0.2 to version 9.0.3. Version 9.0.3 includes a change to add logging for error cases in the access_token_endpoint view and the key handler classes.
Please see the CHANGELOG entry for this version for a full description of the change: https://github.com/openedx/xblock-lti-consumer/blob/master/CHANGELOG.rst#903---2023-04-18.
There was a `requirements/pip.txt` with old versions, and a newer
`requirements/edx/pip.txt` managed via a `pip.in` file. The old one was
used in most places, but came out of sync with pip-tools.txt, which was
managed properly. Eventually this caused a `pip check` failure due to the
mismatch.
This should resolve at least part of https://github.com/edx/edx-arch-experiments/issues/267
This PR moves pip.in and pip-tools.in and their corresponding pin files
up to the `requirements/` dir, since they should be shared between the edx
and sandbox environments. This also has the effect of upgrading pip to
match the version in the file we've been uselessly upgrading.
Other improvements:
- Remove `-q` option from pip and pip-sync calls, as it was hiding some
debugging information that would have resolved this sooner.
- Depend on `pre-requirements` from `compile-requirements`, rather than
from `upgrade`. (The base target is the one that actually needs it.)
This also lets us remove the explicit `pip install pip-tools` line.
- Install the recompiled pip and pip-tools files right away, not after the
loop. When we upgrade pip-tools, we want to use the upgraded version,
not the previous version. This requires moving the pip-tools.txt
recompilation outside of the loop and into its own explicit line.
- Don't upgrade pip if we're not running `make upgrade` (respect the
compile options).
- Remove apparently-unneeded `--no-emit-trusted-host --no-emit-index-url`
options (we don't pass trusted-host or index-url options).
This brings in some JWT verification monitoring.
This also includes a delayed upgrade of `edx-django-utils`, which had been manually and incompletely bumped in some previous PR.
