Django 3.0 upgrade: Dependencies
Context
The Inkscape website has a few dependencies that are quite old. These should be kept updated as a general best practice and since it's also better security-wise.
Below is a table of current dependencies of inkscape-web
containing information about the used versions, the date when that version was released [on https://pypi.org/], and some remarks about how to go about upgrading those to newer versions.
Core Dependency Versions
Django: 3.0.x
Python [based on version of Django]: 3.9.x
(Django 3.0 Installation FAQ)
Reasoning
This is the line of reasoning I followed while selecting the versions of dependencies, hopefully it's useful for future upgrades as well:
- Choose Django version to move to.
- Python version to move to should be the max version that chosen version of Django supports.
- If it's a regular Python dependency, not dependent on Django, check for breakages, and select the latest version that is compatible with chosen Python version.
- If current dependency supports chosen Django versions, that's good, no need to change for now
- If a newer version is required, select one which supports chosen Django as the minimum version.
This is just the homework part, this combination still needs to be tested:
dependency | date_of_version_currently_used | remarks |
---|---|---|
unidecode |
No version specified, no change required | |
python-dateutil==2.7.3 |
May 10, 2018 | Latest is 2.8.2 (Jul 14, 2021). Changelog indicates no breakage. We're using some internal attributes but other than that, no issues. Should be safe to upgrade to latest. |
whoosh==2.7.4 |
Apr 4, 2016 | No latest version |
pygments==2.2.0 |
Jan 23, 2017 | Latest is 2.16.1 (Aug 23, 2023). Changelog indicates no breakage. Used mostly in resources app for highlighting code, should be safe to upgrade to latest. |
django==2.2 |
||
django-ajax-selects==1.7.0 |
Jan 3, 2018 | Latest is 2.2.0 (Apr 2, 2022). Changelog is incomplete. This library is unused, can be removed. |
django-haystack==2.8.1 |
Mar 30, 2018 | Latest is 3.2.1 (May 3, 2022). Changelog is incomplete. Library supports 2.2==>4.0, should be safe to upgrade to latest. |
django-contrib-comments==1.9.2 |
Dec 03, 2019 | Latest is 2.2.0 (Jan 31, 2022). We can stay on 1.9.2 for now. It supports Django 3.0. |
django-markdown-deux==1.0.5 |
Sep 18, 2014 | Latest is 1.0.6 (May 5, 2023). Safe to upgrade. |
django-boxed-alerts==1.3.7 |
Self-maintained | |
django-ical==1.7.0 |
Oct 09, 2019 | |
django-recurrence==1.10.3 |
May 11, 2020 | Latest is 1.11.1 (Jan 5, 2022) |
django-simple-captcha==0.5.12 |
Jul 28, 2019 | Latest is 0.5.18 (Jul 3 , 2023). Library supports 2.2==>4.0, should be safe to upgrade to 0.5.17 (Mar 7, 2022) |
django-cms==3.7.3 |
May 27, 2020 | Latest is 3.11.4 (Sep 8, 2023) We can stay on 3.7.3. It supports Django 3.0 |
djangocms-file==2.4.0 |
Jan 29, 2020 | Latest is 3.0.1 (Jul 4, 2023). Changelog indicates no breakage, should be safe to move to latest. |
cmsplugin-search==0.8.0 |
Self-maintained | |
cmsplugin-alerts==1.2.3 |
Self-maintained | |
cmsplugin-diff==1.2.4 |
Self-maintained | |
djangocms-text-ckeditor==3.9.1 |
May 22, 2020 | Latest is 5.1.4 (Oct 3, 2023). We can move to 3.10.0 as README indicates compatibilty with Django 3.0 and CMS 3.7 |
beautifulsoup4==4.6.0 |
May 7, 2017 | Latest is 4.12.2 (Apr 7, 2023). Changelog indicates no breakage, should be safe to upgrade to the latest version. |
django-registration==3.0 |
Sep 4, 2018 | Latest is 3.4 (Jul 4, 2023). Can upgrade to 3.1.2 (Apr 1, 2021), higher versions don't support Django 3.0 |
social-auth-app-django==2.1.0 |
Dec 22, 2017 | Latest is 5.4.0 (Oct 17, 2023). Can upgrade to 5.1.0 (Mar 15, 2023), higher versions don't support Django 3.0 |
python3-vote-core==20170329.0 |
Mar 30, 2017 | No latest version |
stopforumspam==1.8 |
May 9, 2017 | Latest is 1.11 (Mar 21, 2022). We might not use this. The docs mention using a middleware, but we don't use the middleware. Safe to upgrade to latest. |
GitPython==3.1.18 |
Jun 18, 2021 | Latest is 3.1.40 (Oct 18, 2023). Should be safe to upgrade to latest version. |
python-gnupg==0.4.4 |
Jan 14, 2019 | Latest is 0.5.1 (Jul 22, 2023). Should be safe to upgrade to latest version. |
polib==1.1.0 |
Nov 27, 2017 | Latest is 1.2.0 (Feb 23, 2023). Should be safe to upgrade to latest version. |
django-extratest>=1.6 |
Self-maintained | |
pylint==1.9.2 |
Jun 6, 2018 | Latest is 3.0.2 (Oct 22, 2023). Should be safe to upgrade to latest version. |
pylint-django==0.11.1 |
May 25, 2018 | Latest is 2.5.4 (Oct 22, 2023). Should be safe to upgrade to latest version. |
psycopg2-binary==2.8.6 |
Sep 7, 2020 | Latest is 2.9.9 (Oct 3, 2020). We should use psycopg not the binary one on production. |
uwsgi==2.0.17 |
Feb 27, 2018 | Latest is 2.0.22 (Jul 27, 2023). We could upgrade to the latest version. |
xapian-haystack==2.1.1 |
Mar 22, 2017 | Latest is 3.1.0 (Mar 19, 2023). Can upgrade to 3.0.0 (depends on the Xapian version, need to ask @doctormo). Higher versions don't support Django 3.0 |
user-agents==2.2.0 |
Aug 23, 2020 | Already the latest version |