Most of the libraries defined in requirements.txt are very old and have been updated since. Using their latest version would improve the stability and security of the project. Note that some dependencies of used libraries have changed in the meantime.
Description
Description
Details
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
Update dependencies | analytics/quarry/web | master | +413 -37 |
Related Objects
Related Objects
Event Timeline
Comment Actions
Change 428140 had a related patch set uploaded (by Framawiki; owner: Framawiki):
[analytics/quarry/web@master] Update dependencies
Comment Actions
The packages on production are installed by puppet and apt, so the versions are not arbitrary. We would need to upgrade the distros (which needs to happen pretty soonish anyways) in order to upgrade the packages. (Or @Halfak could you explain how the packages are installed for ORES?)
requirements.txt is only used for the testing environment (vargrant) and reflects that's being used on production.
Comment Actions
For the record
framawiki@quarry-main-01:~$ /srv/venv/bin/pip freeze Flask==0.10.1 Jinja2==2.7.3 MarkupSafe==0.23 PyJWT==1.4.1 PyMySQL==0.6.2 PyYAML==3.11 SQLAlchemy==0.9.7 Werkzeug==0.9.6 amqp==1.4.5 anyjson==0.3.3 argparse==1.2.1 billiard==3.3.0.18 celery==3.1.13 httplib2==0.9 itsdangerous==0.24 kombu==3.0.21 mwoauth==0.2.8 oauthlib==1.1.2 pytz==2014.4 redis==2.10.1 requests==2.10.0 requests-oauthlib==0.6.2 six==1.10.0 translitcodec==0.3 unicodecsv==0.9.4 wsgiref==0.1.2
Comment Actions
Mentioned in SAL (#wikimedia-cloud) [2018-04-24T21:36:14Z] <framawiki> removing old /srv/venv on quarry-main-01 T192731
Comment Actions
Change 428140 merged by jenkins-bot:
[analytics/quarry/web@master] Update dependencies