update all dependencies

[escattone]

mozilla/sumo#1181

Summary

This PR provides an almost complete update of everything in the project with the exception of our node packages, which will be done in a separate PR:

• Python (3.10 --> 3.11)
• The foundational Python image used in Dockerfile (3.10-bullseye --> 3.11-bullseye)
• Images versions within .circleci/config.yml
• Python and other versions within .pre-commit-config.yaml that match pyproject.toml
• OS and Python versions in .readthedocs.yml
• All poetry dependencies, including dev group dependencies, to their latest versions, with the following exceptions and notes:
  • pip was updated in Dockerfile to its latest version, but removed as a poetry dependency, since it's already installed via the Dockerfile.
  • elasticsearch was updated to the latest version 7 (7.17.8 ). The upgrade to version 8 remains as a separate task that requires a matching upgrade to our ES server as well.
  • black was updated to 22.12.0, but not to its latest version 23.1.0, because version 23.1.0 introduces some formatting changes that will modify a significant number of our Python files. I thought it best to update black to version 23.1.0 as a separate PR after this PR is merged.
  • The "target version" of black was updated to the newly-supported py311.
  • Sphinx was updated to 5.3.0, not to the latest version 6.1.3, only because the sphinx-rtd-theme package does not yet support version 6 or above.
  • The latest version of django-ratelimit included a change to its import name from ratelimit to django_ratelimit.
  • The latest version of the django-timezone-field package no longer uses pytz.timezone for its TimeZoneField, but instead uses the built-in zoneinfo.ZoneInfo timezone. This meant a few minor changes, but fortunately does not require a database data migration for the Profile.timezone field, since the supported time zone strings are exactly the same.
  • pytz was completely removed. With packages like django-timezone-field and Django moving away from pytz, as well as the fact that Django version 5 will no longer support pytz time zones at all, I decided it was time to remove it altogether. After lots of reading and confusion, it was pretty easy in the end. I followed the migration guide provided by the creator of Python's built-in zoneinfo module, which boiled down to two things:
    • Replace pytz.timezone instances with zoneinfo.ZoneInfo instances
    • Replace pytz.timezone(...).localize(datetime_instance) calls with datetime_instance.replace(tzinfo=ZoneInfo(...)) calls. The new replace method on datetime.datetime instances includes a new fold keyword parameter which handles the possible "ambiguous" and "imaginary" times within time zones like US/Pacific that include daylight-savings-time (DST) changes (fold defaults to 0, so it makes that choice of how to interpret "ambiguous" and "imaginary" times for you by default).
  • The latest version of the django.utils.timezone.make_aware function no longer supports is_dst, so I removed it from the one place it was used. It's no longer needed due to the fact that "under the hood", Django uses the datetime.datetime.replace method which includes the new fold parameter mentioned above.
  • The latest bleach package includes two breaking changes:
    • Its ALLOWED_TAGS is now a frozenset instead of a list. In fact, the bleach.clean function prefers a set now instead of a list for its tags keyword argument, but you can still pass-in a list and bleach.clean will convert it to a set for you, so no worries there.
    • The bleach.clean function no longer accepts a styles keyword argument, which has been replaced by the css_sanitizer argument instead. In the end, for our purposes, it boils down to replacing styles=styles with css_sanitizer=CSSSanitizer(allowed_css_properties=styles) in the keyword arguments when calling bleach.clean.

TODO in Separate PR's

• Update black to version 23.1.0 (and reformat all of our Python files) in a separate PR.
• Update all of the node packages.

[escattone]

Both of these test changes were due to an improvement made in the latest version of bleach. Our old version of bleach also provided secure, escaped results, but the latest version provides more accurately escaped results for display purposes.

[akatsoulas]

This looks good! r+

Squash before merging and maybe add a couple of issues for the standing items?
Nice work