Merge pull request #470 from edx/pyjwt-upgrade

feat: Upgrading edx-drf-extensions which will bring pyjwt latest ver.

Author: schenedx

Makefile

@@ -33,8 +33,18 @@ tox.requirements:  ## install tox requirements
 develop: test.requirements  ## install test and dev requirements
 	pip3 install -q -r requirements/dev.txt
 
+
+COMMON_CONSTRAINTS_TXT=requirements/common_constraints.txt
+.PHONY: $(COMMON_CONSTRAINTS_TXT)
+$(COMMON_CONSTRAINTS_TXT):
+	wget -O "$(@)" https://raw.githubusercontent.com/edx/edx-lint/master/edx_lint/files/common_constraints.txt || touch "$(@)"
+
 upgrade: export CUSTOM_COMPILE_COMMAND=make upgrade
-upgrade:  ## update the requirements/*.txt files with the latest packages satisfying requirements/*.in
+upgrade: $(COMMON_CONSTRAINTS_TXT)   ## update the requirements/*.txt files with the latest packages satisfying requirements/*.in
+	sed 's/pyjwt\[crypto\]<2.0.0//g' requirements/common_constraints.txt > requirements/common_constraints.tmp
+	mv requirements/common_constraints.tmp requirements/common_constraints.txt
+	sed 's/edx-drf-extensions<7.0.0//g' requirements/common_constraints.txt > requirements/common_constraints.tmp
+	mv requirements/common_constraints.tmp requirements/common_constraints.txt
 	pip3 install -q -r requirements/pip_tools.txt
 	pip-compile --upgrade -o requirements/pip_tools.txt requirements/pip_tools.in
 	pip-compile --upgrade -o requirements/base.txt requirements/base.in

requirements/base.txt

@@ -6,9 +6,9 @@
 #
 boto==2.42.0
     # via -r requirements/base.in
-boto3==1.18.12
+boto3==1.18.18
     # via -r requirements/base.in
-botocore==1.21.12
+botocore==1.21.18
     # via
     #   boto3
     #   s3transfer
@@ -32,7 +32,7 @@ cryptography==3.4.7
     #   pyjwt
 django==2.2.24
     # via
-    #   -c https://raw.githubusercontent.com/edx/edx-lint/master/edx_lint/files/common_constraints.txt
+    #   -c requirements/common_constraints.txt
     #   -r requirements/base.in
     #   django-cors-headers
     #   django-crum
@@ -83,7 +83,7 @@ djangorestframework-csv==2.1.1
     # via -r requirements/base.in
 drf-jwt==1.19.0
     # via
-    #   -c https://raw.githubusercontent.com/edx/edx-lint/master/edx_lint/files/common_constraints.txt
+    #   -c requirements/common_constraints.txt
     #   edx-drf-extensions
 edx-ccx-keys==1.2.1
     # via -r requirements/base.in
@@ -95,9 +95,8 @@ edx-django-utils==4.2.0
     #   edx-drf-extensions
     #   edx-enterprise-data
     #   edx-rest-api-client
-edx-drf-extensions==6.4.0
+edx-drf-extensions==7.0.1
     # via
-    #   -c requirements/constraints.txt
     #   -r requirements/base.in
     #   edx-enterprise-data
     #   edx-rbac
@@ -115,7 +114,7 @@ edx-rest-api-client==5.4.0
     # via
     #   -r requirements/base.in
     #   edx-enterprise-data
-elasticsearch==7.13.4
+elasticsearch==7.14.0
     # via elasticsearch-dsl
 elasticsearch-dsl==7.4.0
     # via
@@ -137,7 +136,7 @@ markdown==2.6.6
     # via -r requirements/base.in
 markupsafe==2.0.1
     # via jinja2
-newrelic==6.6.0.162
+newrelic==6.8.0.163
     # via edx-django-utils
 openapi-codec==1.3.2
     # via django-rest-swagger
@@ -155,10 +154,10 @@ pycryptodomex==3.10.1
     # via pyjwkest
 pyjwkest==1.4.2
     # via edx-drf-extensions
-pyjwt[crypto]==1.7.1
+pyjwt[crypto]==2.1.0
     # via
-    #   -c https://raw.githubusercontent.com/edx/edx-lint/master/edx_lint/files/common_constraints.txt
     #   drf-jwt
+    #   edx-drf-extensions
     #   edx-rest-api-client
 pymongo==3.12.0
     # via edx-opaque-keys

requirements/common_constraints.txt

@@ -0,0 +1,39 @@
+# A central location for most common version constraints
+# (across edx repos) for pip-installation.
+#
+# Similar to other constraint files this file doesn't install any packages.
+# It specifies version constraints that will be applied if a package is needed.
+# When pinning something here, please provide an explanation of why it is a good
+# idea to pin this package across all edx repos, Ideally, link to other information
+# that will help people in the future to remove the pin when possible.
+# Writing an issue against the offending project and linking to it here is good.
+#
+# Note: Changes to this file will automatically be used by other repos, referencing
+#  this file from Github directly. It does not require packaging in edx-lint.
+
+
+# using LTS django version
+Django<2.3
+
+# latest version is causing e2e failures in edx-platform.
+# See  comment.
+drf-jwt<1.19.1
+
+# 4.0.0 requires pyjwt[crypto] 2.1.0. See  comment.
+edx-auth-backends<4.0.0
+
+# 7.0.0 requires pyjwt[crypto] 2.1.0. See  comment.
+
+
+# PyJWT[crypto] 2.0.0 has a number of breaking changes that we are
+# actively working to fix. A number of the active constraints are all related
+# to this effort. Additionally, your IDA/service may also be affected directly
+# by these changes. You should not upgrade without knowing what you are doing.
+
+
+# 5.0.0+ of social-auth-app-django requires social-auth-core>=4.1.0
+social-auth-app-django<5.0.0
+
+# latest version requires PyJWT>=2.0.0 but drf-jwt requires PyJWT[crypto]<2.0.0,>=1.5.2.
+# See  comment.
+social-auth-core<4.0.3

requirements/constraints.txt

@@ -8,8 +8,9 @@
 # pin when possible.  Writing an issue against the offending project and
 # linking to it here is good.
 
-# Common constraints for edx repos
--c https://raw.githubusercontent.com/edx/edx-lint/master/edx_lint/files/common_constraints.txt
+# copy/paste all pins from upstream link. It gives us option to override any pin.
+# otherwise pip-tools gives conflicting errors.
+-c common_constraints.txt
 
 # TODO: Many pinned dependencies should be unpinned and/or moved to this constraints file.
 
@@ -30,5 +31,3 @@ tox==3.14.6
 pylint==2.4.4
 pylint-django==2.0.11
 
-
-edx-drf-extensions==6.4.0

requirements/dev.txt

@@ -6,9 +6,9 @@
 #
 boto==2.42.0
     # via -r requirements/base.in
-boto3==1.18.12
+boto3==1.18.18
     # via -r requirements/base.in
-botocore==1.21.12
+botocore==1.21.18
     # via
     #   boto3
     #   s3transfer
@@ -32,7 +32,7 @@ cryptography==3.4.7
     #   pyjwt
 django==2.2.24
     # via
-    #   -c https://raw.githubusercontent.com/edx/edx-lint/master/edx_lint/files/common_constraints.txt
+    #   -c requirements/common_constraints.txt
     #   -r requirements/base.in
     #   django-cors-headers
     #   django-crum
@@ -83,7 +83,7 @@ djangorestframework-csv==2.1.1
     # via -r requirements/base.in
 drf-jwt==1.19.0
     # via
-    #   -c https://raw.githubusercontent.com/edx/edx-lint/master/edx_lint/files/common_constraints.txt
+    #   -c requirements/common_constraints.txt
     #   edx-drf-extensions
 edx-ccx-keys==1.2.1
     # via -r requirements/base.in
@@ -95,9 +95,8 @@ edx-django-utils==4.2.0
     #   edx-drf-extensions
     #   edx-enterprise-data
     #   edx-rest-api-client
-edx-drf-extensions==6.4.0
+edx-drf-extensions==7.0.1
     # via
-    #   -c requirements/constraints.txt
     #   -r requirements/base.in
     #   edx-enterprise-data
     #   edx-rbac
@@ -115,7 +114,7 @@ edx-rest-api-client==5.4.0
     # via
     #   -r requirements/base.in
     #   edx-enterprise-data
-elasticsearch==7.13.4
+elasticsearch==7.14.0
     # via elasticsearch-dsl
 elasticsearch-dsl==7.4.0
     # via
@@ -137,7 +136,7 @@ markdown==2.6.6
     # via -r requirements/base.in
 markupsafe==2.0.1
     # via jinja2
-newrelic==6.6.0.162
+newrelic==6.8.0.163
     # via edx-django-utils
 openapi-codec==1.3.2
     # via django-rest-swagger
@@ -155,10 +154,10 @@ pycryptodomex==3.10.1
     # via pyjwkest
 pyjwkest==1.4.2
     # via edx-drf-extensions
-pyjwt[crypto]==1.7.1
+pyjwt[crypto]==2.1.0
     # via
-    #   -c https://raw.githubusercontent.com/edx/edx-lint/master/edx_lint/files/common_constraints.txt
     #   drf-jwt
+    #   edx-drf-extensions
     #   edx-rest-api-client
 pymongo==3.12.0
     # via edx-opaque-keys

requirements/doc.txt

@@ -6,9 +6,9 @@
 #
 boto==2.42.0
     # via -r requirements/base.in
-boto3==1.18.12
+boto3==1.18.18
     # via -r requirements/base.in
-botocore==1.21.12
+botocore==1.21.18
     # via
     #   boto3
     #   s3transfer
@@ -32,7 +32,7 @@ cryptography==3.4.7
     #   pyjwt
 django==2.2.24
     # via
-    #   -c https://raw.githubusercontent.com/edx/edx-lint/master/edx_lint/files/common_constraints.txt
+    #   -c requirements/common_constraints.txt
     #   -r requirements/base.in
     #   django-cors-headers
     #   django-crum
@@ -85,7 +85,7 @@ docutils==0.17.1
     # via sphinx
 drf-jwt==1.19.0
     # via
-    #   -c https://raw.githubusercontent.com/edx/edx-lint/master/edx_lint/files/common_constraints.txt
+    #   -c requirements/common_constraints.txt
     #   edx-drf-extensions
 edx-ccx-keys==1.2.1
     # via -r requirements/base.in
@@ -97,9 +97,8 @@ edx-django-utils==4.2.0
     #   edx-drf-extensions
     #   edx-enterprise-data
     #   edx-rest-api-client
-edx-drf-extensions==6.4.0
+edx-drf-extensions==7.0.1
     # via
-    #   -c requirements/constraints.txt
     #   -r requirements/base.in
     #   edx-enterprise-data
     #   edx-rbac
@@ -117,7 +116,7 @@ edx-rest-api-client==5.4.0
     # via
     #   -r requirements/base.in
     #   edx-enterprise-data
-elasticsearch==7.13.4
+elasticsearch==7.14.0
     # via elasticsearch-dsl
 elasticsearch-dsl==7.4.0
     # via
@@ -141,7 +140,7 @@ markdown==2.6.6
     # via -r requirements/base.in
 markupsafe==2.0.1
     # via jinja2
-newrelic==6.6.0.162
+newrelic==6.8.0.163
     # via edx-django-utils
 openapi-codec==1.3.2
     # via django-rest-swagger
@@ -161,10 +160,10 @@ pygments==2.9.0
     # via sphinx
 pyjwkest==1.4.2
     # via edx-drf-extensions
-pyjwt[crypto]==1.7.1
+pyjwt[crypto]==2.1.0
     # via
-    #   -c https://raw.githubusercontent.com/edx/edx-lint/master/edx_lint/files/common_constraints.txt
     #   drf-jwt
+    #   edx-drf-extensions
     #   edx-rest-api-client
 pymongo==3.12.0
     # via edx-opaque-keys

requirements/pip_tools.txt

@@ -12,9 +12,9 @@ pip-tools==6.2.0
     # via -r requirements/pip_tools.in
 six==1.16.0
     # via -r requirements/pip_tools.in
-tomli==1.2.0
+tomli==1.2.1
     # via pep517
-wheel==0.36.2
+wheel==0.37.0
     # via pip-tools
 
 # The following packages are considered to be unsafe in a requirements file:

requirements/production.txt

@@ -6,9 +6,9 @@
 #
 boto==2.42.0
     # via -r requirements/base.in
-boto3==1.18.12
+boto3==1.18.18
     # via -r requirements/base.in
-botocore==1.21.12
+botocore==1.21.18
     # via
     #   boto3
     #   s3transfer
@@ -32,7 +32,7 @@ cryptography==3.4.7
     #   pyjwt
 django==2.2.24
     # via
-    #   -c https://raw.githubusercontent.com/edx/edx-lint/master/edx_lint/files/common_constraints.txt
+    #   -c requirements/common_constraints.txt
     #   -r requirements/base.in
     #   django-cors-headers
     #   django-crum
@@ -83,7 +83,7 @@ djangorestframework-csv==2.1.1
     # via -r requirements/base.in
 drf-jwt==1.19.0
     # via
-    #   -c https://raw.githubusercontent.com/edx/edx-lint/master/edx_lint/files/common_constraints.txt
+    #   -c requirements/common_constraints.txt
     #   edx-drf-extensions
 edx-ccx-keys==1.2.1
     # via -r requirements/base.in
@@ -95,9 +95,8 @@ edx-django-utils==4.2.0
     #   edx-drf-extensions
     #   edx-enterprise-data
     #   edx-rest-api-client
-edx-drf-extensions==6.4.0
+edx-drf-extensions==7.0.1
     # via
-    #   -c requirements/constraints.txt
     #   -r requirements/base.in
     #   edx-enterprise-data
     #   edx-rbac
@@ -115,17 +114,17 @@ edx-rest-api-client==5.4.0
     # via
     #   -r requirements/base.in
     #   edx-enterprise-data
-elasticsearch==7.13.4
+elasticsearch==7.14.0
     # via elasticsearch-dsl
 elasticsearch-dsl==7.4.0
     # via
     #   -c requirements/constraints.txt
     #   -r requirements/base.in
 future==0.18.2
     # via pyjwkest
-gevent==21.1.2
+gevent==21.8.0
     # via -r requirements/production.in
-greenlet==1.1.0
+greenlet==1.1.1
     # via gevent
 gunicorn==20.1.0
     # via -r requirements/production.in
@@ -145,7 +144,7 @@ markupsafe==2.0.1
     # via jinja2
 mysqlclient==2.0.3
     # via -r requirements/production.in
-newrelic==6.6.0.162
+newrelic==6.8.0.163
     # via
     #   -r requirements/production.in
     #   edx-django-utils
@@ -167,10 +166,10 @@ pycryptodomex==3.10.1
     # via pyjwkest
 pyjwkest==1.4.2
     # via edx-drf-extensions
-pyjwt[crypto]==1.7.1
+pyjwt[crypto]==2.1.0
     # via
-    #   -c https://raw.githubusercontent.com/edx/edx-lint/master/edx_lint/files/common_constraints.txt
     #   drf-jwt
+    #   edx-drf-extensions
     #   edx-rest-api-client
 pymongo==3.12.0
     # via edx-opaque-keys