awx/requirements/requirements.in

aiohttp
ansible-runner>=1.4.6
ansiconv==1.0.0  # UPGRADE BLOCKER: from 2013, consider replacing instead of upgrading
azure-keyvault==1.1.0  # see UPGRADE BLOCKERs
boto  # replacement candidate https://github.com/ansible/awx/issues/2115
channels
channels-redis
daphne
django==2.2.11  # see UPGRADE BLOCKERs
django-auth-ldap
django-cors-headers
django-crum
django-extensions>=2.2.9  # https://github.com/ansible/awx/pull/6441
django-jsonfield==1.2.0  # see UPGRADE BLOCKERs
django-oauth-toolkit==1.1.3  # see UPGRADE BLOCKERs
django-polymorphic
django-pglocks
django-qsstats-magic
django-radius==1.3.3  # FIX auth does not work with later versions
django-redis
django-solo
django-split-settings
django-taggit
djangorestframework
djangorestframework-yaml
GitPython>=3.1.1  # minimum to fix https://github.com/ansible/awx/issues/6119
irc
jinja2
jsonschema
Markdown  # used for formatting API help
openshift>=0.11.0  # minimum version to pull in new pyyaml for CVE-2017-18342
pexpect==4.7.0 # see library notes
prometheus_client
psycopg2
pygerduty
pyparsing
python-radius
python3-saml
python-ldap>=3.3.1 # https://github.com/python-ldap/python-ldap/issues/270
pyyaml>=5.3.1  # minimum version to pull in new pyyaml for CVE-2017-18342
schedule==0.6.0
social-auth-core==3.3.1  # see UPGRADE BLOCKERs
social-auth-app-django==3.1.0  # see UPGRADE BLOCKERs
redis
requests
slackclient==1.1.2  # see UPGRADE BLOCKERs
tacacs_plus==1.0  # UPGRADE BLOCKER: auth does not work with later versions
twilio
twisted[tls]>=20.3.0  # CVE-2020-10108, CVE-2020-10109
uWSGI
uwsgitop
pip==19.3.1  # see UPGRADE BLOCKERs
setuptools==41.6.0  # see UPGRADE BLOCKERs
POC channels 2 2019-11-08 18:36:39 +03:00			`aiohttp`
update to the latest version of ansible-runner 2020-03-26 21:49:45 +03:00			`ansible-runner>=1.4.6`
Update pip and setuptools in requirements txt Versions selected to be pre-19 pip due to unresolved issues with the build systems Upgrade everything, party on document new process rotate license files fix Swagger schema generation target Remove --ignore-installed flag 2019-11-18 23:12:45 +03:00			`ansiconv==1.0.0 # UPGRADE BLOCKER: from 2013, consider replacing instead of upgrading`
			`azure-keyvault==1.1.0 # see UPGRADE BLOCKERs`
			`boto # replacement candidate https://github.com/ansible/awx/issues/2115`
POC channels 2 2019-11-08 18:36:39 +03:00			`channels`
			`channels-redis`
			`daphne`
update Django to address CVE-2020-9402 we don't use Oracle GIS, so this isn't really applicable, but it'll make security scanners happy <shrug> see: https://docs.djangoproject.com/en/3.0/releases/2.2.11/ 2020-03-24 23:41:01 +03:00			`django==2.2.11 # see UPGRADE BLOCKERs`
Update pip and setuptools in requirements txt Versions selected to be pre-19 pip due to unresolved issues with the build systems Upgrade everything, party on document new process rotate license files fix Swagger schema generation target Remove --ignore-installed flag 2019-11-18 23:12:45 +03:00			`django-auth-ldap`
			`django-cors-headers`
			`django-crum`
bump django-extensions version to address a bug in shell_plus see: https://github.com/ansible/awx/pull/6441 see: https://github.com/django-extensions/django-extensions/commit/e8d5daa06e5b6419e54d6c925f86a0adbe58ce8b 2020-03-31 20:39:13 +03:00			`django-extensions>=2.2.9 # https://github.com/ansible/awx/pull/6441`
Update pip and setuptools in requirements txt Versions selected to be pre-19 pip due to unresolved issues with the build systems Upgrade everything, party on document new process rotate license files fix Swagger schema generation target Remove --ignore-installed flag 2019-11-18 23:12:45 +03:00			`django-jsonfield==1.2.0 # see UPGRADE BLOCKERs`
			`django-oauth-toolkit==1.1.3 # see UPGRADE BLOCKERs`
			`django-polymorphic`
			`django-pglocks`
			`django-qsstats-magic`
			`django-radius==1.3.3 # FIX auth does not work with later versions`
remove memcache from everywhere and add djagno-redis to cover it 2020-06-03 21:18:19 +03:00			`django-redis`
Update pip and setuptools in requirements txt Versions selected to be pre-19 pip due to unresolved issues with the build systems Upgrade everything, party on document new process rotate license files fix Swagger schema generation target Remove --ignore-installed flag 2019-11-18 23:12:45 +03:00			`django-solo`
			`django-split-settings`
			`django-taggit`
			`djangorestframework`
			`djangorestframework-yaml`
Upgrade gitpython to pick up bug fix 2020-08-10 16:25:43 +03:00			`GitPython>=3.1.1 # minimum to fix https://github.com/ansible/awx/issues/6119`
Update pip and setuptools in requirements txt Versions selected to be pre-19 pip due to unresolved issues with the build systems Upgrade everything, party on document new process rotate license files fix Swagger schema generation target Remove --ignore-installed flag 2019-11-18 23:12:45 +03:00			`irc`
			`jinja2`
			`jsonschema`
			`Markdown # used for formatting API help`
pin a minimum pyyaml version to address (CVE-2017-18342) see: https://github.com/ansible/awx/issues/6393 2020-03-24 22:59:31 +03:00			`openshift>=0.11.0 # minimum version to pull in new pyyaml for CVE-2017-18342`
pin pexpect to 4.7.0 2020-03-19 17:30:09 +03:00			`pexpect==4.7.0 # see library notes`
Update pip and setuptools in requirements txt Versions selected to be pre-19 pip due to unresolved issues with the build systems Upgrade everything, party on document new process rotate license files fix Swagger schema generation target Remove --ignore-installed flag 2019-11-18 23:12:45 +03:00			`prometheus_client`
			`psycopg2`
			`pygerduty`
			`pyparsing`
			`python-radius`
			`python3-saml`
update to a newer python-ldap to address a bug see: https://github.com/ansible/awx/issues/7868 2020-08-11 16:32:09 +03:00			`python-ldap>=3.3.1 # https://github.com/python-ldap/python-ldap/issues/270`
pin a minimum pyyaml version to address (CVE-2017-18342) see: https://github.com/ansible/awx/issues/6393 2020-03-24 22:59:31 +03:00			`pyyaml>=5.3.1 # minimum version to pull in new pyyaml for CVE-2017-18342`
get rid of celery/celerybeat alternative to https://github.com/ansible/awx/pull/2530 which makes use of https://pypi.org/project/schedule/ this doesn't have support for any persistence (like how celery beat uses a shelve file), because all of our periodic jobs run at most every few minutes 2020-02-06 15:08:27 +03:00			`schedule==0.6.0`
update social-auth-core to address a GitHub API deprecation 2020-03-25 19:17:36 +03:00			`social-auth-core==3.3.1 # see UPGRADE BLOCKERs`
Update pip and setuptools in requirements txt Versions selected to be pre-19 pip due to unresolved issues with the build systems Upgrade everything, party on document new process rotate license files fix Swagger schema generation target Remove --ignore-installed flag 2019-11-18 23:12:45 +03:00			`social-auth-app-django==3.1.0 # see UPGRADE BLOCKERs`
POC channels 2 2019-11-08 18:36:39 +03:00			`redis`
Update pip and setuptools in requirements txt Versions selected to be pre-19 pip due to unresolved issues with the build systems Upgrade everything, party on document new process rotate license files fix Swagger schema generation target Remove --ignore-installed flag 2019-11-18 23:12:45 +03:00			`requests`
			`slackclient==1.1.2 # see UPGRADE BLOCKERs`
			`tacacs_plus==1.0 # UPGRADE BLOCKER: auth does not work with later versions`
			`twilio`
update to the latest twisted to address two open CVEs 2020-03-31 20:47:56 +03:00			`twisted[tls]>=20.3.0 # CVE-2020-10108, CVE-2020-10109`
Update pip and setuptools in requirements txt Versions selected to be pre-19 pip due to unresolved issues with the build systems Upgrade everything, party on document new process rotate license files fix Swagger schema generation target Remove --ignore-installed flag 2019-11-18 23:12:45 +03:00			`uWSGI`
			`uwsgitop`
			`pip==19.3.1 # see UPGRADE BLOCKERs`
get rid of celery/celerybeat alternative to https://github.com/ansible/awx/pull/2530 which makes use of https://pypi.org/project/schedule/ this doesn't have support for any persistence (like how celery beat uses a shelve file), because all of our periodic jobs run at most every few minutes 2020-02-06 15:08:27 +03:00			`setuptools==41.6.0 # see UPGRADE BLOCKERs`