Page MenuHomePhabricator

Update dependencies
Closed, ResolvedPublic

Description

Most of the libraries defined in requirements.txt are very old and have been updated since. Using their latest version would improve the stability and security of the project. Note that some dependencies of used libraries have changed in the meantime.

Event Timeline

Change 428140 had a related patch set uploaded (by Framawiki; owner: Framawiki):
[analytics/quarry/web@master] Update dependencies

https://gerrit.wikimedia.org/r/428140

The packages on production are installed by puppet and apt, so the versions are not arbitrary. We would need to upgrade the distros (which needs to happen pretty soonish anyways) in order to upgrade the packages. (Or @Halfak could you explain how the packages are installed for ORES?)

requirements.txt is only used for the testing environment (vargrant) and reflects that's being used on production.

For the record

framawiki@quarry-main-01:~$ /srv/venv/bin/pip freeze
Flask==0.10.1
Jinja2==2.7.3
MarkupSafe==0.23
PyJWT==1.4.1
PyMySQL==0.6.2
PyYAML==3.11
SQLAlchemy==0.9.7
Werkzeug==0.9.6
amqp==1.4.5
anyjson==0.3.3
argparse==1.2.1
billiard==3.3.0.18
celery==3.1.13
httplib2==0.9
itsdangerous==0.24
kombu==3.0.21
mwoauth==0.2.8
oauthlib==1.1.2
pytz==2014.4
redis==2.10.1
requests==2.10.0
requests-oauthlib==0.6.2
six==1.10.0
translitcodec==0.3
unicodecsv==0.9.4
wsgiref==0.1.2

Mentioned in SAL (#wikimedia-cloud) [2018-04-24T21:36:14Z] <framawiki> removing old /srv/venv on quarry-main-01 T192731

Change 428140 merged by jenkins-bot:
[analytics/quarry/web@master] Update dependencies

https://gerrit.wikimedia.org/r/428140

zhuyifei1999 assigned this task to Framawiki.