Dependency bumps (mozilla#14433)

* Dependency bumps **Prod deps** Resolves mozilla#14420 Bump boto3 from 1.34.65 to 1.34.79 Resolves mozilla#14405 Bump pillow from 10.2.0 to 10.3.0 Resolves mozilla#14390 Bump lxml from 5.1.0 to 5.2.0 Resolves mozilla#14387 Bump sentry-sdk from 1.42.0 to 1.44.0 Resolves mozilla#14380 Bump pygithub from 2.2.0 to 2.3.0 Resolves mozilla#14379 Bump newrelic from 9.7.1 to 9.8.0 Resolves mozilla#14378 Bump jq from 1.6.0 to 1.7.0 **Dev deps** Resolves mozilla#14422 Bump pipdeptree from 2.16.1 to 2.17.0 Resolves mozilla#14389 Bump pytest-mock from 3.12.0 to 3.14.0 Resolves mozilla#14385 Bump ruff from 0.3.3 to 0.3.5 Resolves mozilla#14381 Bump pytest-cov from 4.1.0 to 5.0.0
craigcook · Apr 11, 2024 · e8dfce5 · e8dfce5
1 parent b94ae5a
commit e8dfce5
Show file tree

Hide file tree

Showing 7 changed files with 671 additions and 610 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -64,8 +64,8 @@ repos:
           - license_header/mpl2_header.txt
           - --comment-style
           - "|#|"
-  - repo: https://github.com/charliermarsh/ruff-pre-commit
-    rev: v0.3.3
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.3.5
     hooks:
       - id: ruff
       - id: ruff-format

diff --git a/bin/compile-requirements.sh b/bin/compile-requirements.sh
@@ -12,8 +12,8 @@ export CUSTOM_COMPILE_COMMAND="$ make compile-requirements"
 # We need this installed, but we don't want it to live in the main requirements
 # We will need to periodically review this pinning
 
-pip install -U pip==23.3.2
-pip install pip-tools==7.3.0
+pip install -U pip
+pip install pip-tools
 
 # Drop the compiled reqs files, to help us pick up automatic subdep updates, too
 rm -f requirements/*.txt

diff --git a/requirements/dev.in b/requirements/dev.in
@@ -5,21 +5,21 @@ braceexpand==0.1.7
 factory-boy==3.3.0
 freezegun==1.4.0
 markdown-it-py>=2.2.0
-pipdeptree==2.16.1
+pipdeptree==2.17.0
 py==1.11.0
 Pygments>=2.15.0  # to bring it up to a secure version
 PyPOM==2.2.4
 pyquery==2.0.0
 pytest==7.4.4  # Included because we use it directly, but also a subdep of pytest-selenium's subdeps
-pytest-cov==4.1.0
+pytest-cov==5.0.0
 pytest-datadir==1.5.0
 pytest-django==4.8.0
-pytest-mock==3.12.0
+pytest-mock==3.14.0
 pytest-parallel==0.1.1
 pytest-rerunfailures==14.0
 pytest-selenium==4.0.1
 responses==0.25.0
-ruff==0.3.3
+ruff==0.3.5
 selenium==4.9.1  # Pinned to 4.9.1 until https://github.com/pytest-dev/pytest-selenium/issues/315 is resolved
 translate-toolkit==3.12.2
 # Related to moz-l10n-lint, used in CI

diff --git a/requirements/dev.txt b/requirements/dev.txt
diff --git a/requirements/docs.txt b/requirements/docs.txt
@@ -135,9 +135,9 @@ fluent-syntax==0.19.0 \
     # via
     #   -r requirements/docs.in
     #   fluent-pygments
-idna==3.6 \
-    --hash=sha256:9ecdbbd083b06798ae1e86adcbfe8ab1479cf864e4ee30fe4e46a003d12491ca \
-    --hash=sha256:c05567e9c24a6b9faaa835c4821bad0590fbb9d5779e7caa6e1cc4978e7eb24f
+idna==3.7 \
+    --hash=sha256:028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc \
+    --hash=sha256:82fee1fc78add43492d3a1898bfa6d8a904cc97d8427f683ed8e798d07761aa0
     # via requests
 imagesize==1.4.1 \
     --hash=sha256:0d8d18d08f840c19d0ee7ca1fd82490fdc3729b7ac93f49870406ddde8ef8d8b \
@@ -390,9 +390,9 @@ tornado==6.4 \
     # via
     #   -r requirements/docs.in
     #   livereload
-typing-extensions==4.10.0 \
-    --hash=sha256:69b1a937c3a517342112fb4c6df7e72fc39a38e7891a5730ed4985b5214b5475 \
-    --hash=sha256:b0abd7c89e8fb96f98db18d86106ff1d90ab692004eb746cf6eda2682f91b3cb
+typing-extensions==4.11.0 \
+    --hash=sha256:83f085bd5ca59c80295fc2a82ab5dac679cbe02b9f33f7d83af68e241bea51b0 \
+    --hash=sha256:c1f94d72897edaf4ce775bb7558d5b79d8126906a14ea5ed1635921406c0387a
     # via fluent-syntax
 urllib3==2.2.1 \
     --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \

diff --git a/requirements/prod.in b/requirements/prod.in
@@ -3,7 +3,7 @@ babis==0.2.4
 basket-client==1.1.0
 beautifulsoup4==4.12.3
 bleach[css]==6.1.0
-boto3==1.34.65
+boto3==1.34.79
 certifi>=2023.7.22  # to bring it up to a secure version
 chardet==5.2.0
 commonware==0.6.0
@@ -34,21 +34,21 @@ gunicorn==21.2.0
 honcho==1.1.0
 html5lib==1.1
 jinja2==3.1.3  # Moved to top-level dep to control its upgrade, to avoid breaking changes later if glean-parser updates it
-jq==1.6.0
-lxml==5.1.0  # Needed as a top-level dep so that it's available for BeautifulSoup, which doesn't explicitly pull it in
+jq==1.7.0
+lxml==5.2.0  # Needed as a top-level dep so that it's available for BeautifulSoup, which doesn't explicitly pull it in
 Markdown==3.6
 markus[datadog]==4.2.0
 https://github.com/mozmeao/mdx_outline/archive/refs/tags/markdown-3.4-compatibility.tar.gz#egg=mdx_outline
-newrelic==9.7.1
-Pillow==10.2.0
-PyGithub==2.2.0
+newrelic==9.8.0
+Pillow==10.3.0
+PyGithub==2.3.0
 pyOpenSSL==24.1.0
 PyYAML==6.0.1
 qrcode==7.4.2
 querystringsafe-base64==1.1.1  # Pinned to maintain stub attribution signatures https://github.com/mozilla/bedrock/issues/11156
 requests==2.31.0
 rich-text-renderer==0.2.8
-sentry-sdk==1.42.0
+sentry-sdk==1.44.0
 sentry-processor==0.0.1
 sqlparse==0.4.4  # Manual pin until Django catches up
 supervisor==4.2.5