447fd0b6cb
This brings an important security improvement -- codejail won't default to running in unsafe mode, which can happen if certain configuration errors are present. Properly configured installations shouldn't be affected. We just need to adjust some unit tests to opt into unsafe mode. Changes: - Update `edx-codejail` dependency to [version 4.0.0](https://github.com/openedx/codejail/blob/master/CHANGELOG.rst#400---2025-06-13) - Define a `use_unsafe_codejail` decorator that allows running a unit test (or entire TestCase class) in unsafe mode - Use that decorator as needed, based on which tests started failing
168 lines
9.8 KiB
Plaintext
168 lines
9.8 KiB
Plaintext
# Core dependencies for running edx-platform (LMS or Studio)
|
|
|
|
-c ../constraints.txt
|
|
|
|
-r github.in # Forks and other dependencies not yet on PyPI
|
|
|
|
# DON'T JUST ADD NEW DEPENDENCIES!!!
|
|
# Please follow these guidelines whenever you change this file:
|
|
#
|
|
# 1. When adding a new dependency:
|
|
# * add a comment to the end of the line explaining why it is needed.
|
|
# * verify that the dependency has a license compatible with AGPLv3
|
|
# * confirm that it has no system requirements beyond what we already install
|
|
# * run "make upgrade" to update the detailed requirements files
|
|
# 2. Do not pin exact versions unless absolutely necessary. When upgrading
|
|
# an already-pinned package to its latest release, remove the version pin.
|
|
# 3. Do not add indirect dependencies unless a version constraint is needed to
|
|
# avoid versions which have known problems.
|
|
# 4. If the package is not strictly necessary for the platform to run, add it to
|
|
# another file such as bundled.in, development.in, or testing.in instead.
|
|
|
|
acid-xblock # This XBlock is used for unit tests as well as manual tests
|
|
analytics-python # Used for Segment analytics
|
|
attrs # Reduces boilerplate code involving class attributes
|
|
Babel # Internationalization utilities, used for date formatting in a few places
|
|
boto # Deprecated version of the AWS SDK; we should stop using this
|
|
boto3 # Amazon Web Services SDK for Python
|
|
botocore # via boto3, s3transfer
|
|
bridgekeeper # Used for determining permissions for courseware. Use of django-rules is preferred.
|
|
celery # Asynchronous task execution library
|
|
chem # A helper library for chemistry calculations
|
|
codejail-includes # CodeJail manages execution of untrusted code in secure sandboxes.
|
|
cryptography # Implementations of assorted cryptography algorithms
|
|
defusedxml
|
|
Django # Web application framework
|
|
django-autocomplete-light # Enhances Django admin with single-select autocomplete dropdowns for a better user experience.
|
|
django-celery-results # Only used for the CacheBackend for celery results
|
|
django-config-models # Configuration models for Django allowing config management with auditing
|
|
django-cors-headers # Used to allow to configure CORS headers for cross-domain requests
|
|
django-countries # Country data for Django forms and model fields
|
|
django-crum # Middleware that stores the current request and user in thread local storage
|
|
django-filter # Allows users to filter Django querysets dynamically
|
|
django-ipware # Get the client's real IP address
|
|
django-method-override # Allow use of HTTP methods normally not supported by browsers via the X-HTTP-Method-Override header
|
|
django-model-utils
|
|
django-mptt
|
|
django-mysql
|
|
django-oauth-toolkit # Provides oAuth2 capabilities for Django
|
|
django-pipeline
|
|
django-ratelimit
|
|
django-sekizai
|
|
django-simple-history
|
|
django-statici18n
|
|
django-storages
|
|
django-user-tasks
|
|
django-waffle
|
|
django-webpack-loader # Used to wire webpack bundles into the django asset pipeline
|
|
djangorestframework
|
|
drf-spectacular
|
|
edx-ace
|
|
edx-api-doc-tools
|
|
edx-auth-backends # Allow Studio to use LMS SSO
|
|
edx-bulk-grades # LMS REST API for managing bulk grading operations
|
|
edx-ccx-keys
|
|
edx-celeryutils
|
|
edx-completion
|
|
edx-django-release-util # Release utils for the edx release pipeline
|
|
edx-django-sites-extensions
|
|
# Codejail 4 brings important safety improvements (no unsafe mode by default)
|
|
edx-codejail>=4.0.0
|
|
# edx-django-utils 5.14.1 adds FrontendMonitoringMiddleware
|
|
edx-django-utils>=5.14.1 # Utilities for cache, monitoring, and plugins
|
|
edx-drf-extensions
|
|
edx-enterprise
|
|
# edx-event-bus-kafka 5.6.0 adds support for putting client ids on event producers/consumers
|
|
edx-event-bus-kafka>=5.6.0 # Kafka implementation of event bus
|
|
edx-event-bus-redis
|
|
edx-milestones
|
|
edx-name-affirmation
|
|
edx-opaque-keys>=2.12.0
|
|
edx-organizations
|
|
edx-proctoring>=2.0.1
|
|
# using hash to support django42
|
|
# edx-proctoring-proctortrack==1.2.1 # Intentionally and permanently pinned to ensure code changes are reviewed
|
|
edx-rest-api-client
|
|
edx-search
|
|
edx-submissions
|
|
edx-toggles # Feature toggles management
|
|
edx-when
|
|
edxval
|
|
event-tracking
|
|
enmerkar-underscore # Implements a underscore extractor for django-babel.
|
|
fs
|
|
fs-s3fs==0.1.8
|
|
geoip2 # Python API for the GeoIP web services and databases
|
|
glob2 # Enhanced glob module, used in openedx.core.lib.rooted_paths
|
|
gunicorn
|
|
help-tokens
|
|
html5lib # HTML parser, used for capa problems
|
|
icalendar # .ics generator, used by calendar_sync
|
|
ipaddress # Ip network support for Embargo feature
|
|
importlib_metadata # Used to access entry_points in i18n_api plugin
|
|
jsonfield # Django model field for validated JSON; used in several apps
|
|
laboratory # Library for testing that code refactors/infrastructure changes produce identical results
|
|
importlib_metadata # Used to access entry_points in i18n_api plugin
|
|
lxml[html_clean] # XML parser
|
|
lti-consumer-xblock>=7.3.0
|
|
mako # Primary template language used for server-side page rendering
|
|
Markdown # Convert text markup to HTML; used in capa problems, forums, and course wikis
|
|
meilisearch # Library to access Meilisearch search engine (will replace ElasticSearch)
|
|
mongoengine # Object-document mapper for MongoDB, used in the LMS dashboard
|
|
mysqlclient # Driver for the default production relational database
|
|
nh3 # Python bindings to the ammonia (whitelist-based HTML sanitizing library); used for capa and LTI
|
|
nodeenv # Utility for managing Node.js environments; we use this for deployments and testing
|
|
oauthlib # OAuth specification support for authenticating via LTI or other Open edX services
|
|
olxcleaner
|
|
openedx-atlas # CLI tool to manage translations
|
|
openedx-calc # Library supporting mathematical calculations for Open edX
|
|
openedx-django-require
|
|
openedx-events # Open edX Events from Hooks Extension Framework (OEP-50)
|
|
openedx-filters # Open edX Filters from Hooks Extension Framework (OEP-50)
|
|
openedx-forum # Open edX forum v2 application
|
|
openedx-learning # Open edX Learning core (experimental)
|
|
openedx-mongodbproxy
|
|
openedx-django-wiki
|
|
path
|
|
piexif # Exif image metadata manipulation, used in the profile_images app
|
|
Pillow # Image manipulation library; used for course assets, profile images, invoice PDFs, etc.
|
|
psutil # Library for retrieving information on running processes and system utilization
|
|
pycountry
|
|
pycryptodomex
|
|
pyjwkest
|
|
# TODO Replace PyJWT usage with pyjwkest
|
|
# PyJWT 1.6.3 contains PyJWTError, which is required by Apple auth in social-auth-core
|
|
PyJWT>=1.6.3
|
|
pylti1p3 # Required by content_libraries core library to support LTI 1.3 launches
|
|
pymemcache # Python interface to the memcached memory cache daemon
|
|
pymongo # MongoDB driver
|
|
pynliner # Inlines CSS styles into HTML for email notifications
|
|
python-dateutil
|
|
python3-openid ; python_version>='3'
|
|
python3-saml
|
|
pyuca # For more accurate sorting of translated country names in django-countries
|
|
pysrt # Support for SubRip subtitle files, used in the video XModule
|
|
pytz # Time zone information database
|
|
PyYAML # Used to parse XModule resource templates
|
|
redis # celery task broker
|
|
requests-oauthlib # Simplifies use of OAuth via the requests library, used for CCX and LTI
|
|
random2
|
|
rules # Django extension for rules-based authorization checks
|
|
social-auth-core
|
|
simplejson
|
|
Shapely # Geometry library, used for image click regions in capa
|
|
six # Utilities for supporting Python 2 & 3 in the same codebase
|
|
slumber # The following dependency is unsupported and used by the DeprecatedRestApiClient
|
|
social-auth-app-django
|
|
sorl-thumbnail
|
|
sortedcontainers # Provides SortedKeyList, used for lists of XBlock assets
|
|
stevedore # Support for runtime plugins, used for XBlocks and edx-platform Django app plugins
|
|
unicodecsv # Easier support for CSV files with unicode text
|
|
user-util # Functionality for retiring users (GDPR compliance)
|
|
webob
|
|
web-fragments # Provides the ability to render fragments of web pages
|
|
wrapt # Better functools.wrapped. TODO: functools has since improved, maybe we can switch?
|
|
XBlock[django] # Courseware component architecture
|
|
xss-utils # https://github.com/openedx/edx-platform/pull/20633 Fix XSS via Translations
|
|
unicodeit # Converts mathjax equation to plain text by using unicode symbols
|