Backend dependency updates (#14038)

* Update compile-requirements script to drop compiled deps, meaning we get updates to subdeps more often * Dependency bumps Prod: Resolves #14031 Bump django-cors-headers from 4.3.0 to 4.3.1 in /requirements Resolves #14029 Bump bleach from 6.0.0 to 6.1.0 in /requirements Resolves #13991 Bump newrelic from 9.2.0 to 9.3.0 in /requirements Dev: Resolves #14033 Bump black from 23.11.0 to 23.12.1 in /requirements Resolves #14032 Bump ruff from 0.1.6 to 0.1.9 in /requirements Resolves #14023 Bump pytest-django from 4.6.0 to 4.7.0 in /requirements Resolves #14030 Bump pipdeptree from 2.13.0 to 2.13.1 in /requirements Docs: Resolves #13958 Bump tornado from 6.3.3 to 6.4 in /requirements + various subdeps for prod, dev, docs
mozilla · Jan 3, 2024 · a42807c · a42807c
1 parent 3f83865
commit a42807c
Show file tree

Hide file tree

Showing 8 changed files with 752 additions and 612 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -65,11 +65,11 @@ repos:
           - --comment-style
           - "|#|"
   - repo: https://github.com/charliermarsh/ruff-pre-commit
-    rev: v0.1.6
+    rev: v0.1.9
     hooks:
       - id: ruff
   - repo: https://github.com/psf/black-pre-commit-mirror
-    rev: 23.9.1
+    rev: 23.12.1
     hooks:
       - id: black
         language_version: python3

diff --git a/bin/compile-requirements.sh b/bin/compile-requirements.sh
@@ -12,8 +12,11 @@ export CUSTOM_COMPILE_COMMAND="$ make compile-requirements"
 # We need this installed, but we don't want it to live in the main requirements
 # We will need to periodically review this pinning
 
-pip install -U pip==23.1.2
-pip install pip-tools==6.13.0
+pip install -U pip==23.3.2
+pip install pip-tools==7.3.0
+
+# Drop the compiled reqs files, to help us pick up automatic subdep updates, too
+rm -f requirements/*.txt
 
 pip-compile --generate-hashes -r requirements/prod.in --resolver=backtracking --rebuild
 pip-compile --generate-hashes -r requirements/dev.in --resolver=backtracking --rebuild

diff --git a/requirements/dev.in b/requirements/dev.in
@@ -1,25 +1,25 @@
 -r prod.txt
 
-black==23.11.0
+black==23.12.1
 bpython==0.24
 braceexpand==0.1.7
 factory-boy==3.3.0
 freezegun==1.2.2
-pipdeptree==2.13.0
+pipdeptree==2.13.1
 py==1.11.0
 Pygments>=2.15.0  # to bring it up to a secure version
 PyPOM==2.2.4
 pyquery==2.0.0
 pytest==7.4.2  # Included because we use it directly, but also a subdep of pytest-selenium's subdeps
 pytest-cov==4.1.0
 pytest-datadir==1.5.0
-pytest-django==4.6.0
+pytest-django==4.7.0
 pytest-mock==3.11.1
 pytest-parallel==0.1.1
 pytest-rerunfailures==12.0
 pytest-selenium==4.0.1
 responses==0.23.3
-ruff==0.1.6
+ruff==0.1.9
 selenium==4.9.1 # Pinned to 4.9.1 until https://github.com/pytest-dev/pytest-selenium/issues/315 is resolved
 translate-toolkit==3.10.1
 # Related to moz-l10n-lint, used in CI

diff --git a/requirements/dev.txt b/requirements/dev.txt
diff --git a/requirements/docs.in b/requirements/docs.in
@@ -12,4 +12,4 @@ sphinx-copybutton==0.5.2
 sphinx-rtd-theme==1.3.0
 sphinxcontrib-jquery>=4,<5
 sphinxcontrib-websupport==1.2.4
-tornado>=6.3.3  # to bring it up to a secure version
+tornado==6.4
diff --git a/requirements/docs.txt b/requirements/docs.txt
diff --git a/requirements/prod.in b/requirements/prod.in
@@ -2,7 +2,7 @@ APScheduler==3.10.4
 babis==0.2.4
 basket-client==1.1.0
 beautifulsoup4==4.12.2
-bleach[css]==6.0.0
+bleach[css]==6.1.0
 boto3==1.28.63
 certifi>=2023.7.22  # to bring it up to a secure version
 chardet==5.2.0
@@ -12,7 +12,7 @@ contextlib2==21.6.0
 cryptography==41.0.7
 dirsync==2.2.5
 django-allow-cidr==0.7.1
-django-cors-headers==4.3.0
+django-cors-headers==4.3.1
 django-crum==0.7.9
 django-csp==3.7
 django-extensions==3.2.3
@@ -40,7 +40,7 @@ Markdown==3.5.1
 markus[datadog]==4.2.0
 https://github.com/mozmeao/mdx_outline/archive/refs/tags/markdown-3.4-compatibility.tar.gz#egg=mdx_outline
 meinheld==1.0.2
-newrelic==9.2.0
+newrelic==9.3.0
 Pillow==10.1.0
 PyGithub==2.1.1
 pyOpenSSL==23.3.0

diff --git a/requirements/prod.txt b/requirements/prod.txt