chore: update dependency requirements (#3904)

* chore: cleanup requirements.txt. Unpin factory-boy, ignoring resulting mypy complaints.

* chore: remove the upper limit as many dependencies as possible

* chore: remove unintended bookmark

* chore: normalize spaces before comments

* chore: improve comment explaining pinned Tastypie

* chore: shift dependencies minimum version requirements forward

ietf/person/factories.py

@@ -50,7 +50,7 @@ class UserFactory(factory.django.DjangoModelFactory):
     first_name = factory.LazyAttribute(lambda o: o.faker.first_name())
     last_name = factory.LazyAttribute(lambda o: o.faker.last_name())
     email = factory.LazyAttributeSequence(lambda u, n: '%s.%s_%d@%s'%( slugify(unidecode(u.first_name)),
-                                                slugify(unidecode(u.last_name)), n, fake.domain_name()))
+                                                slugify(unidecode(u.last_name)), n, fake.domain_name())) # type: ignore
     username = factory.LazyAttribute(lambda u: u.email)
 
     @factory.post_generation
@@ -66,7 +66,7 @@ class PersonFactory(factory.django.DjangoModelFactory):
     ascii = factory.LazyAttribute(lambda p: force_text(unidecode_name(p.name)))
 
     class Params:
-        with_bio = factory.Trait(biography = "\n\n".join(fake.paragraphs()))
+        with_bio = factory.Trait(biography = "\n\n".join(fake.paragraphs())) # type: ignore
 
     @factory.post_generation
     def default_aliases(obj, create, extracted, **kwargs): # pylint: disable=no-self-argument

ietf/settings.py

@@ -1127,7 +1127,6 @@ SILENCED_SYSTEM_CHECKS = [
 ]
 
 CHECKS_LIBRARY_PATCHES_TO_APPLY = [
-    'patch/fix-unidecode-argument-warning.patch',
     'patch/change-oidc-provider-field-sizes-228.patch',
     'patch/fix-oidc-access-token-post.patch',
     'patch/fix-jwkest-jwt-logging.patch',

patch/fix-unidecode-argument-warning.patch

@@ -1,14 +0,0 @@
---- unidecode/__init__.py.old	2018-01-17 07:54:06.882306379 -0800
-+++ unidecode/__init__.py	2018-01-09 04:26:04.210366000 -0800
-@@ -22,9 +22,9 @@
- 
- def _warn_if_not_unicode(string):
-     if version_info[0] < 3 and not isinstance(string, unicode):
--        warnings.warn(  "Argument %r is not an unicode object. "
-+        warnings.warn(  "Argument %r (%s) is not an unicode object. "
-                         "Passing an encoded string will likely have "
--                        "unexpected results." % (type(string),),
-+                        "unexpected results." % (type(string), string[:16]),
-                         RuntimeWarning, 2)
- 
- 

requirements.txt

@@ -1,78 +1,67 @@
 # -*- conf-mode -*-
 setuptools>=51.1.0    # Require this first, to prevent later errors
 #
-argon2-cffi>=16.1.0		# For the Argon2 password hasher option
-beautifulsoup4>=4.5.0
-bibtexparser>=0.6.2,<1.0	# Version 1.0 doesn't work under python 2.7.  1.0.1 doesn't recognize month names or abbreviations.
-bleach>=2.0.0,!=3.0.0,!=3.0.1,!=3.0.2
-coverage>=4.0.1,!=4.0.2,<5.0    # Coverage 5.x moves from a json database to SQLite.  Moving to 5.x will require substantial rewrites in ietf.utils.test_runner and ietf.release.views
-#cssselect>=0.6.1               # for PyQuery
-decorator>=4.0.4
-defusedxml>=0.4.1		# for TastyPie when ussing xml; not a declared dependency
-Django>=2.2.15,<3.0
+argon2-cffi>=21.3.0    # For the Argon2 password hasher option
+beautifulsoup4>=4.11.1    # Only used in tests
+bibtexparser>=0.6.2,<1.0    # Only used in tests. Version 1.0 doesn't work under python 2.7.  1.0.1 doesn't recognize month names or abbreviations.
+bleach>=4.1.0
+coverage>=4.5.4,<5.0    # Coverage 5.x moves from a json database to SQLite.  Moving to 5.x will require substantial rewrites in ietf.utils.test_runner and ietf.release.views
+decorator>=5.1.1
+defusedxml>=0.7.1    # for TastyPie when using xml; not a declared dependency
+Django>=2.2.28,<3.0
 django-analytical>=3.1.0
-django-bootstrap5>=21.1
-django-csp>=3.5
-django-cors-headers>=2.4.0
-django-debug-toolbar>=3.2.2
-django-form-utils>=1.0.3
-#django-formtools>=1.0		# instead of django.contrib.formtools in 1.8 - apparently not needed anymore in 2022?
-django-markup>=1.5
+django-bootstrap5>=21.2
+django-csp>=3.7
+django-cors-headers>=3.10.1
+django-debug-toolbar>=3.2.4
+django-form-utils>=1.0.3    # Only one use, in the liaisons app. Last release was in 2015.
+django-markup>=1.5    # Limited use - need to reconcile against direct use of markdown
 django-oidc-provider>=0.7
 django-password-strength>=1.2.1
 django-referrer-policy>=1.0
-django-simple-history>=2.3.0
+django-simple-history>=3.0.0
 django-stubs==1.6.0    # The django-stubs version used determines the the mypy version indicated below
-django-tastypie==0.14.3         # Django 2.1 will require 0.14.2; Django 3.0 will require 0.14.3
-django-webtest>=1.9.7
-django-widget-tweaks>=1.4.2
+django-tastypie==0.14.3    # Version must be locked in sync with version of Django
+django-webtest>=1.9.10    # Only used in tests
+django-widget-tweaks>=1.4.11
 djlint>=0.7.3    # To auto-indent templates via "djlint --profile django --reformat"
-docutils>=0.12,!=0.15
-#factory-boy>=3
-#Faker>=0.8.11   # from factory-boy # Faker 0.8.9,0.8.10 sometimes return string names instead of unicode.
-factory-boy==3.2.0
-Faker==9.2.0
-github3.py>=1.2
+docutils>=0.18.1    # Used only by dbtemplates for RestructuredText
+factory-boy>=3.2.1
+github3.py>=3.2.0
 gunicorn>=20.1.0
-hashids>=1.1.0
-html2text>=2019.8.11
-html5lib>=1.0.1
-httplib2>=0.10.3
-jsonfield>=3.0		# for SubmissionCheck.  This is https://github.com/bradjasper/django-jsonfield/.
-jwcrypto>=0.4.0			# for signed notifications
-logging_tree>=1.8.1
-lxml>=3.4.0,<5
-markdown>=3.3.4,<3.3.5
-mock>=2.0.0
+hashids>=1.3.1
+html2text>=2020.1.16    # Used only to clean comment field of secr/sreq
+html5lib>=1.1    # Only used in tests
+jsonfield>=3.1.0    # for SubmissionCheck.  This is https://github.com/bradjasper/django-jsonfield/.
+jwcrypto>=1.0    # for signed notifications - this is aspirational, and is not really used.
+logging_tree>=1.9    # Used only by the showloggers management command
+lxml>=4.8.0,<5
+markdown>=3.3.4,<3.3.5    # 3.3.5 was yanked - can't move to 3.3.6 until we are off of python3.6 (interacts with django-bootstrap5)
+mock>=4.0.3    # Used only by tests, of course
 mypy>=0.782,<0.790    # Version requirements determined by django-stubs.
-mysqlclient>=1.3.13,!=2.0.2
-oic>=1.3
-pathlib>=1.0
-pathlib2>=2.3.0
-Pillow>=3.0
-#pip==9.0.1			# Earlier pip has issues, 9.0.2 and 9.0.3, 10.0.0b1 leaves dross when down- and up-grading packages
-pyang>=1.7.2
-pyflakes>=1.5.0
-pyopenssl>=17.5.0		# Used by urllib3.contrib, which is used by PyQuery but not marked as a dependency
-pyquery>=1.3.0
-python-dateutil>=2.4
-python-magic>=0.4.12,<0.4.19    # .20 is breaking, .19 is not showing on PyPi's webpage
-python-memcached>=1.56		# for django.core.cache.backends.memcached
+mysqlclient>=2.1.0
+oic>=1.3    # Used only by tests
+pathlib2>=2.3.7.post1
+Pillow>=8.4.0
+pyang>=2.5.3
+pyflakes>=2.4.0
+pyopenssl>=22.0.0    # Used by urllib3.contrib, which is used by PyQuery but not marked as a dependency
+pyquery>=1.4.3
+python-dateutil>=2.8.2
+python-magic==0.4.18    # Versions beyond the yanked .19 and .20 introduce form failures
+python-memcached>=1.59    # for django.core.cache.backends.memcached
 python-mimeparse>=1.6    # from TastyPie
-pytz>=2014.7
-#pyzmail>=1.0.3
-requests!=2.12.*
-requests-mock>=1.8
-rfc2html>=2.0.1
-scout-apm>=2.23.0
+pytz>=2022.1
+requests>=2.27.1
+requests-mock>=1.9.3
+rfc2html>=2.0.3
+scout-apm>=2.24.2
 selenium>=3.141.0,<4.0
-six>=1.10.0
-tblib>=1.3.0
+six>=1.16.0
+tblib>=1.7.0    # So that the django test runner provides tracebacks
 tlds>=2022042100  # Used to teach bleach about which TLDs currently exist
-tqdm>=3.7.0
-Unidecode>=0.4.18,<1.2.0
-#wsgiref>=0.1.2
-weasyprint>=52.5,<53
-xml2rfc>=2.35.0
-xym>=0.4.4,!=0.4.7,<1.0
-#zxcvbn-python>=4.4.14		# Not needed until we do back-end password entropy validation
+tqdm>=4.64.0
+Unidecode>=1.3.4
+weasyprint>=52.5,<53    # Datatracker tests past on 54, but xml2rfc tests do not.
+xml2rfc>=3.12.4
+xym>=0.5,<1.0