/ kitsune Public
update all dependencies #5382
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge.
This PR provides an almost complete update of everything in the project with the exception of our
nodepackages, which will be done in a separate PR:
devgroup dependencies, to their latest versions, with the following exceptions and notes:
pipwas updated in
Dockerfileto its latest version, but removed as a
poetrydependency, since it's already installed via the
elasticsearchwas updated to the latest version
7.17.8). The upgrade to version
8remains as a separate task that requires a matching upgrade to our ES server as well.
blackwas updated to
22.12.0, but not to its latest version
23.1.0, because version
23.1.0introduces some formatting changes that will modify a significant number of our Python files. I thought it best to update
23.1.0as a separate PR after this PR is merged.
blackwas updated to the newly-supported
Sphinxwas updated to
5.3.0, not to the latest version
6.1.3, only because the
sphinx-rtd-themepackage does not yet support version
django-ratelimitincluded a change to its import name from
django-timezone-fieldpackage no longer uses
TimeZoneField, but instead uses the built-in
zoneinfo.ZoneInfotimezone. This meant a few minor changes, but fortunately does not require a database data migration for the
Profile.timezonefield, since the supported time zone strings are exactly the same.
pytzwas completely removed. With packages like
Djangomoving away from
pytz, as well as the fact that
5will no longer support
pytztime zones at all, I decided it was time to remove it altogether. After lots of reading and confusion, it was pretty easy in the end. I followed the migration guide provided by the creator of Python's built-in
zoneinfomodule, which boiled down to two things:
datetime_instance.replace(tzinfo=ZoneInfo(...))calls. The new
datetime.datetimeinstances includes a new
foldkeyword parameter which handles the possible "ambiguous" and "imaginary" times within time zones like
US/Pacificthat include daylight-savings-time (DST) changes (
0, so it makes that choice of how to interpret "ambiguous" and "imaginary" times for you by default).
django.utils.timezone.make_awarefunction no longer supports
is_dst, so I removed it from the one place it was used. It's no longer needed due to the fact that "under the hood",
datetime.datetime.replacemethod which includes the new
foldparameter mentioned above.
bleachpackage includes two breaking changes:
ALLOWED_TAGSis now a
frozensetinstead of a
list. In fact, the
bleach.cleanfunction prefers a
setnow instead of a
tagskeyword argument, but you can still pass-in a
bleach.cleanwill convert it to a
setfor you, so no worries there.
bleach.cleanfunction no longer accepts a
styleskeyword argument, which has been replaced by the
css_sanitizerargument instead. In the end, for our purposes, it boils down to replacing
css_sanitizer=CSSSanitizer(allowed_css_properties=styles)in the keyword arguments when calling
TODO in Separate PR's
23.1.0(and reformat all of our Python files) in a separate PR.