Python Requirements Update

requirements/base.txt

@@ -4,29 +4,33 @@
 #
 #    make upgrade
 #
-asgiref==3.7.2
+asgiref==3.8.1
     # via django
 backports-zoneinfo==0.2.1 ; python_version < "3.9"
     # via
     #   -c requirements/constraints.txt
     #   django
-django==4.2.10
+    #   djangorestframework
+django==4.2.11
     # via
+    #   -c requirements/common_constraints.txt
     #   -r requirements/base.in
     #   django-model-utils
     #   djangorestframework
     #   jsonfield
 django-model-utils==4.4.0
     # via -r requirements/base.in
-djangorestframework==3.14.0
+djangorestframework==3.15.1
     # via -r requirements/base.in
 jsonfield==3.1.0
     # via -r requirements/base.in
 pytz==2024.1
-    # via
-    #   -r requirements/base.in
-    #   djangorestframework
+    # via -r requirements/base.in
 sqlparse==0.4.4
     # via django
 typing-extensions==4.10.0
     # via asgiref
+
+# The following packages are considered to be unsafe in a requirements file:
+setuptools==69.2.0
+    # via -r requirements/base.in

requirements/ci.txt

@@ -30,14 +30,14 @@ distlib==0.3.8
     #   virtualenv
 docopt==0.6.2
     # via coveralls
-filelock==3.13.1
+filelock==3.13.3
     # via
     #   -r requirements/tox.txt
     #   tox
     #   virtualenv
 idna==3.6
     # via requests
-packaging==23.2
+packaging==24.0
     # via
     #   -r requirements/tox.txt
     #   pyproject-api
@@ -62,7 +62,7 @@ tomli==2.0.1
     #   -r requirements/tox.txt
     #   pyproject-api
     #   tox
-tox==4.13.0
+tox==4.14.2
     # via -r requirements/tox.txt
 urllib3==2.2.1
     # via requests

requirements/common_constraints.txt

@@ -3,26 +3,6 @@
 # See BOM-2721 for more details.
 # Below is the copied and edited version of common_constraints
 
-# This is a temporary solution to override the real common_constraints.txt
-# In edx-lint, until the pyjwt constraint in edx-lint has been removed.
-# See BOM-2721 for more details.
-# Below is the copied and edited version of common_constraints
-
-# This is a temporary solution to override the real common_constraints.txt
-# In edx-lint, until the pyjwt constraint in edx-lint has been removed.
-# See BOM-2721 for more details.
-# Below is the copied and edited version of common_constraints
-
-# This is a temporary solution to override the real common_constraints.txt
-# In edx-lint, until the pyjwt constraint in edx-lint has been removed.
-# See BOM-2721 for more details.
-# Below is the copied and edited version of common_constraints
-
-# This is a temporary solution to override the real common_constraints.txt
-# In edx-lint, until the pyjwt constraint in edx-lint has been removed.
-# See BOM-2721 for more details.
-# Below is the copied and edited version of common_constraints
-
 # A central location for most common version constraints
 # (across edx repos) for pip-installation.
 #
@@ -38,10 +18,20 @@
 
 
 # using LTS django version
-
+Django<5.0
 
 # elasticsearch>=7.14.0 includes breaking changes in it which caused issues in discovery upgrade process.
 # elastic search changelog: https://www.elastic.co/guide/en/enterprise-search/master/release-notes-7.14.0.html
 elasticsearch<7.14.0
 
-# django-simple-history>3.0.0 adds indexing and causes a lot of migrations to be affected
+# django-simple-history>3.0.0 adds indexing and causes a lot of migrations to be affected
+django-simple-history==3.0.0
+
+# opentelemetry requires version 6.x at the moment:
+# https://github.com/open-telemetry/opentelemetry-python/issues/3570
+# Normally this could be added as a constraint in edx-django-utils, where we're
+# adding the opentelemetry dependency. However, when we compile pip-tools.txt,
+# that uses version 7.x, and then there's no undoing that when compiling base.txt.
+# So we need to pin it globally, for now.
+# Ticket for unpinning: https://github.com/openedx/edx-lint/issues/407
+importlib-metadata<7

requirements/dev.txt

@@ -14,7 +14,7 @@ alabaster==0.7.13
     #   -r requirements/docs.txt
     #   -r requirements/test.txt
     #   sphinx
-asgiref==3.7.2
+asgiref==3.8.1
     # via
     #   -r requirements/base.txt
     #   -r requirements/docs.txt
@@ -38,6 +38,7 @@ backports-zoneinfo==0.2.1 ; python_version < "3.9"
     #   -r requirements/docs.txt
     #   -r requirements/test.txt
     #   django
+    #   djangorestframework
 beautifulsoup4==4.12.3
     # via
     #   -r requirements/docs.txt
@@ -63,11 +64,11 @@ click-log==0.4.0
     # via
     #   -r requirements/test.txt
     #   edx-lint
-code-annotations==1.6.0
+code-annotations==1.7.0
     # via
     #   -r requirements/test.txt
     #   edx-lint
-coverage[toml]==7.4.3
+coverage[toml]==7.4.4
     # via
     #   -r requirements/test.txt
     #   pytest-cov
@@ -77,8 +78,9 @@ dill==0.3.8
     # via
     #   -r requirements/test.txt
     #   pylint
-django==4.2.10
+django==4.2.11
     # via
+    #   -c requirements/common_constraints.txt
     #   -r requirements/base.txt
     #   -r requirements/docs.txt
     #   -r requirements/test.txt
@@ -90,7 +92,7 @@ django-model-utils==4.4.0
     #   -r requirements/base.txt
     #   -r requirements/docs.txt
     #   -r requirements/test.txt
-djangorestframework==3.14.0
+djangorestframework==3.15.1
     # via
     #   -r requirements/base.txt
     #   -r requirements/docs.txt
@@ -109,7 +111,7 @@ exceptiongroup==1.2.0
     #   pytest
 factory-boy==3.3.0
     # via -r requirements/test.txt
-faker==23.2.1
+faker==24.4.0
     # via
     #   -r requirements/test.txt
     #   factory-boy
@@ -125,8 +127,9 @@ imagesize==1.4.1
     #   -r requirements/docs.txt
     #   -r requirements/test.txt
     #   sphinx
-importlib-metadata==7.0.1
+importlib-metadata==6.11.0
     # via
+    #   -c requirements/common_constraints.txt
     #   -r requirements/docs.txt
     #   -r requirements/test.txt
     #   sphinx
@@ -160,7 +163,7 @@ mccabe==0.7.0
     #   pylint
 mock==5.1.0
     # via -r requirements/test.txt
-packaging==23.2
+packaging==24.0
     # via
     #   -r requirements/docs.txt
     #   -r requirements/test.txt
@@ -218,16 +221,16 @@ pylint-plugin-utils==0.8.2
     #   -r requirements/test.txt
     #   pylint-celery
     #   pylint-django
-pytest==8.0.2
+pytest==8.1.1
     # via
     #   -r requirements/test.txt
     #   pytest-cov
     #   pytest-django
-pytest-cov==4.1.0
+pytest-cov==5.0.0
     # via -r requirements/test.txt
 pytest-django==4.8.0
     # via -r requirements/test.txt
-python-dateutil==2.8.2
+python-dateutil==2.9.0.post0
     # via
     #   -r requirements/test.txt
     #   faker
@@ -242,7 +245,6 @@ pytz==2024.1
     #   -r requirements/docs.txt
     #   -r requirements/test.txt
     #   babel
-    #   djangorestframework
 pyyaml==6.0.1
     # via
     #   -r requirements/test.txt
@@ -353,8 +355,15 @@ urllib3==2.2.1
     #   -r requirements/docs.txt
     #   -r requirements/test.txt
     #   requests
-zipp==3.17.0
+zipp==3.18.1
     # via
     #   -r requirements/docs.txt
     #   -r requirements/test.txt
     #   importlib-metadata
+
+# The following packages are considered to be unsafe in a requirements file:
+setuptools==69.2.0
+    # via
+    #   -r requirements/base.txt
+    #   -r requirements/docs.txt
+    #   -r requirements/test.txt

requirements/docs.txt

@@ -8,7 +8,7 @@ accessible-pygments==0.0.4
     # via pydata-sphinx-theme
 alabaster==0.7.13
     # via sphinx
-asgiref==3.7.2
+asgiref==3.8.1
     # via
     #   -r requirements/base.txt
     #   django
@@ -21,21 +21,23 @@ backports-zoneinfo==0.2.1 ; python_version < "3.9"
     #   -c requirements/constraints.txt
     #   -r requirements/base.txt
     #   django
+    #   djangorestframework
 beautifulsoup4==4.12.3
     # via pydata-sphinx-theme
 certifi==2024.2.2
     # via requests
 charset-normalizer==3.3.2
     # via requests
-django==4.2.10
+django==4.2.11
     # via
+    #   -c requirements/common_constraints.txt
     #   -r requirements/base.txt
     #   django-model-utils
     #   djangorestframework
     #   jsonfield
 django-model-utils==4.4.0
     # via -r requirements/base.txt
-djangorestframework==3.14.0
+djangorestframework==3.15.1
     # via -r requirements/base.txt
 docutils==0.19
     # via
@@ -45,15 +47,17 @@ idna==3.6
     # via requests
 imagesize==1.4.1
     # via sphinx
-importlib-metadata==7.0.1
-    # via sphinx
+importlib-metadata==6.11.0
+    # via
+    #   -c requirements/common_constraints.txt
+    #   sphinx
 jinja2==3.1.3
     # via sphinx
 jsonfield==3.1.0
     # via -r requirements/base.txt
 markupsafe==2.1.5
     # via jinja2
-packaging==23.2
+packaging==24.0
     # via
     #   pydata-sphinx-theme
     #   sphinx
@@ -70,7 +74,6 @@ pytz==2024.1
     # via
     #   -r requirements/base.txt
     #   babel
-    #   djangorestframework
 requests==2.31.0
     # via sphinx
 six==1.16.0
@@ -113,5 +116,9 @@ typing-extensions==4.10.0
     #   pydata-sphinx-theme
 urllib3==2.2.1
     # via requests
-zipp==3.17.0
+zipp==3.18.1
     # via importlib-metadata
+
+# The following packages are considered to be unsafe in a requirements file:
+setuptools==69.2.0
+    # via -r requirements/base.txt

requirements/pip-tools.txt

@@ -4,15 +4,17 @@
 #
 #    make upgrade
 #
-build==1.0.3
+build==1.2.1
     # via pip-tools
 click==8.1.7
     # via pip-tools
-importlib-metadata==7.0.1
-    # via build
-packaging==23.2
+importlib-metadata==6.11.0
+    # via
+    #   -c requirements/common_constraints.txt
+    #   build
+packaging==24.0
     # via build
-pip-tools==7.4.0
+pip-tools==7.4.1
     # via -r requirements/pip-tools.in
 pyproject-hooks==1.0.0
     # via
@@ -23,13 +25,13 @@ tomli==2.0.1
     #   build
     #   pip-tools
     #   pyproject-hooks
-wheel==0.42.0
+wheel==0.43.0
     # via pip-tools
-zipp==3.17.0
+zipp==3.18.1
     # via importlib-metadata
 
 # The following packages are considered to be unsafe in a requirements file:
 pip==24.0
     # via pip-tools
-setuptools==69.1.1
+setuptools==69.2.0
     # via pip-tools

requirements/pip.txt

@@ -4,11 +4,11 @@
 #
 #    make upgrade
 #
-wheel==0.42.0
+wheel==0.43.0
     # via -r requirements/pip.in
 
 # The following packages are considered to be unsafe in a requirements file:
 pip==24.0
     # via -r requirements/pip.in
-setuptools==69.1.1
+setuptools==69.2.0
     # via -r requirements/pip.in