edx-platform/requirements/constraints.txt

# Version constraints for pip-installation.
#
# This file doesn't install any packages. It specifies version constraints
# that will be applied if a package is needed.
#
# When pinning something here, please provide an explanation of why.  Ideally,
# link to other information that will help people in the future to remove the
# pin when possible.  Writing an issue against the offending project and
# linking to it here is good.


# This file contains all common constraints for edx-repos
-c common_constraints.txt

# As it is not clarified what exact breaking changes will be introduced as per
# the next major release, ensure the installed version is within boundaries.
celery>=5.2.2,<6.0.0

# required for celery>=5.2.0;<5.3.0
click>=8.0,<9.0

# django-storages version 1.9 drops support for boto storage backend.
django-storages<1.9

# The team that owns this package will manually bump this package rather than having it pulled in automatically.
# This is to allow them to better control its deployment and to do it in a process that works better
# for them.
edx-enterprise==3.60.9

# oauthlib>3.0.1 causes test failures ( also remove the django-oauth-toolkit constraint when this is fixed )
oauthlib==3.0.1

# django-auth-toolkit==1.3.3 requires oauthlib>=3.1.0 which is pinned because of test failures
django-oauth-toolkit<=1.3.2

# Will be updated once we update python-dateutil package
matplotlib<3.4.0

# constrained in opaque_keys. migration guide here: https://pymongo.readthedocs.io/en/4.0/migrate-to-pymongo4.html
# Major upgrade will be done in separate ticket.
pymongo<4.0.0

# python3-saml==1.10.0 version started breaking a11y tests
python3-saml<1.10.0

# greater version has breaking changes and requires some migration steps.
django-webpack-loader==0.7.0

# At the time of writing this comment, we do not know whether py2neo>=2022
# will support our currently-deployed Neo4j version (3.5).
# Feel free to loosen this constraint if/when it is confirmed that a later
# version of py2neo will work with Neo4j 3.5.
py2neo<2022

# scipy version 1.8 requires numpy>=1.17.3, we've pinned numpy to <1.17.0 in requirements/edx-sandbox/py38.in
scipy<1.8.0

# mistune is a dependency of m2r (which is a dependency of sphinxcontrib-openapi)
# m2r fails to specify the version of mistune that it needs leading to the error message:
# AttributeError: module 'mistune' has no attribute 'BlockGrammar'
# See Issue: https://github.com/miyakogi/m2r/issues/66
# m2r is no longer actively maintained: https://github.com/miyakogi/m2r/pull/43
# This will be fixed when sphinxcontrib-openapi depends on m2r2 instead of m2r
# See issue: https://github.com/sphinx-contrib/openapi/issues/123
mistune<2.0.0

# edx-enterprise, snowflake-connector-python require charset-normalizer==2.0.0
# Can be removed once snowflake-connector-python>2.7.9 is released with the fix.
charset-normalizer<2.1.0

# markdown>=3.4.0 has failures due to internal refactorings which causes the tests to fail
# pinning the version untill the issue gets resolved in the package itself
markdown<3.4.0

# pycodestyle==2.9.0 generates false positive error E275.
# Constraint can be removed once the issue https://github.com/PyCQA/pycodestyle/issues/1090 is fixed.
pycodestyle<2.9.0

# pyopenssl>22.0.0 requires cryptography>=38.0 && conflicts with snowflak-connector-python requires cryptography<37
# which causes the requirements upgrade job to fail due to constraint conflict
# This constraint can be removed once https://github.com/snowflakedb/snowflake-connector-python/issues/1259 is resolved
# and snowflake-connector-python>2.8.0 is released.
pyopenssl==22.0.0

# pytz>2022.2.1 causes test failures in edx-platform
pytz==2022.2.1

# docutils==0.19 has removed the docutils.core.ErrorString which is required by the sphinxcontrib-openapi
# This constraint can be removed once sphinxcontrib-openapi is updated to resolve this issue.
docutils<0.19