edx · awais786 · Mar 27, 2024 · Mar 27, 2024
diff --git a/requirements/base.txt b/requirements/base.txt
@@ -8,17 +8,20 @@ annotated-types==0.6.0
     # via pydantic
 anyascii==0.3.2
     # via wagtail
-asgiref==3.7.2
+asgiref==3.8.1
     # via
     #   django
     #   django-cors-headers
-backports-zoneinfo==0.2.1
-    # via django
+backports-zoneinfo==0.2.1 ; python_version < "3.9"
+    # via
+    #   -c requirements/constraints.txt
+    #   django
+    #   djangorestframework
 beautifulsoup4==4.12.3
     # via wagtail
-boto3==1.34.60
+boto3==1.34.71
     # via -r requirements/base.in
-botocore==1.34.60
+botocore==1.34.71
     # via
     #   boto3
     #   s3transfer
@@ -90,7 +93,7 @@ django-waffle==4.1.0
     #   -r requirements/base.in
     #   edx-django-utils
     #   edx-drf-extensions
-djangorestframework==3.14.0
+djangorestframework==3.15.1
     # via
     #   -r requirements/base.in
     #   drf-jwt
@@ -196,7 +199,6 @@ pytz==2024.1
     # via
     #   -r requirements/base.in
     #   django-modelcluster
-    #   djangorestframework
     #   drf-yasg
     #   l18n
 pyyaml==6.0.1
@@ -211,9 +213,9 @@ requests==2.31.0
     #   slumber
     #   social-auth-core
     #   wagtail
-requests-oauthlib==1.4.0
+requests-oauthlib==2.0.0
     # via social-auth-core
-s3transfer==0.10.0
+s3transfer==0.10.1
     # via boto3
 semantic-version==2.10.0
     # via edx-drf-extensions
@@ -267,5 +269,8 @@ willow[heif]==1.8.0
     # via
     #   wagtail
     #   willow
-zipp==3.17.0
+zipp==3.18.1
     # via -r requirements/base.in
+
+# The following packages are considered to be unsafe in a requirements file:
+# setuptools
diff --git a/requirements/common_constraints.txt b/requirements/common_constraints.txt
@@ -21,3 +21,12 @@ elasticsearch<7.14.0
 
 # django-simple-history>3.0.0 adds indexing and causes a lot of migrations to be affected
 django-simple-history==3.0.0
+
+# opentelemetry requires version 6.x at the moment:
+# https://github.com/open-telemetry/opentelemetry-python/issues/3570
+# Normally this could be added as a constraint in edx-django-utils, where we're
+# adding the opentelemetry dependency. However, when we compile pip-tools.txt,
+# that uses version 7.x, and then there's no undoing that when compiling base.txt.
+# So we need to pin it globally, for now.
+# Ticket for unpinning: https://github.com/openedx/edx-lint/issues/407
+importlib-metadata<7
diff --git a/requirements/dev.txt b/requirements/dev.txt
@@ -12,7 +12,7 @@ anyascii==0.3.2
     # via
     #   -r requirements/quality.txt
     #   wagtail
-asgiref==3.7.2
+asgiref==3.8.1
     # via
     #   -r requirements/quality.txt
     #   django
@@ -22,25 +22,23 @@ astroid==3.1.0
     #   -r requirements/quality.txt
     #   pylint
     #   pylint-celery
-backports-zoneinfo==0.2.1
+backports-zoneinfo==0.2.1 ; python_version < "3.9"
     # via
+    #   -c requirements/constraints.txt
     #   -r requirements/quality.txt
     #   django
+    #   djangorestframework
 beautifulsoup4==4.12.3
     # via
     #   -r requirements/quality.txt
     #   wagtail
-boto3==1.34.60
+boto3==1.34.71
     # via -r requirements/quality.txt
-botocore==1.34.60
+botocore==1.34.71
     # via
     #   -r requirements/quality.txt
     #   boto3
     #   s3transfer
-build==1.1.1
-    # via
-    #   -r requirements/pip-tools.txt
-    #   pip-tools
 cachetools==5.3.3
     # via
     #   -r requirements/quality.txt
@@ -65,26 +63,24 @@ charset-normalizer==3.3.2
     #   requests
 click==8.1.7
     # via
-    #   -r requirements/pip-tools.txt
     #   -r requirements/quality.txt
     #   click-log
     #   code-annotations
     #   edx-django-utils
     #   edx-lint
-    #   pip-tools
 click-log==0.4.0
     # via
     #   -r requirements/quality.txt
     #   edx-lint
-code-annotations==1.6.0
+code-annotations==1.7.0
     # via
     #   -r requirements/quality.txt
     #   edx-lint
 colorama==0.4.6
     # via
     #   -r requirements/quality.txt
     #   tox
-coverage[toml]==7.4.3
+coverage[toml]==7.4.4
     # via
     #   -r requirements/quality.txt
     #   pytest-cov
@@ -176,7 +172,7 @@ django-waffle==4.1.0
     #   -r requirements/quality.txt
     #   edx-django-utils
     #   edx-drf-extensions
-djangorestframework==3.14.0
+djangorestframework==3.15.1
     # via
     #   -r requirements/quality.txt
     #   drf-jwt
@@ -231,11 +227,11 @@ exceptiongroup==1.2.0
     #   pytest
 factory-boy==3.3.0
     # via -r requirements/quality.txt
-faker==24.1.0
+faker==24.4.0
     # via
     #   -r requirements/quality.txt
     #   factory-boy
-filelock==3.13.1
+filelock==3.13.3
     # via
     #   -r requirements/quality.txt
     #   tox
@@ -252,10 +248,6 @@ idna==3.6
     # via
     #   -r requirements/quality.txt
     #   requests
-importlib-metadata==7.0.2
-    # via
-    #   -r requirements/pip-tools.txt
-    #   build
 inflect==7.0.0
     # via -r requirements/quality.txt
 inflection==0.5.1
@@ -317,9 +309,7 @@ openpyxl==3.1.2
     #   wagtail
 packaging==24.0
     # via
-    #   -r requirements/pip-tools.txt
     #   -r requirements/quality.txt
-    #   build
     #   drf-yasg
     #   pyproject-api
     #   pytest
@@ -339,8 +329,6 @@ pillow-heif==0.15.0
     # via
     #   -r requirements/quality.txt
     #   willow
-pip-tools==7.4.1
-    # via -r requirements/pip-tools.txt
 platformdirs==4.2.0
     # via
     #   -r requirements/quality.txt
@@ -417,17 +405,12 @@ pyproject-api==1.6.1
     # via
     #   -r requirements/quality.txt
     #   tox
-pyproject-hooks==1.0.0
-    # via
-    #   -r requirements/pip-tools.txt
-    #   build
-    #   pip-tools
 pytest==8.1.1
     # via
     #   -r requirements/quality.txt
     #   pytest-cov
     #   pytest-django
-pytest-cov==4.1.0
+pytest-cov==5.0.0
     # via -r requirements/quality.txt
 pytest-django==4.8.0
     # via -r requirements/quality.txt
@@ -448,7 +431,6 @@ pytz==2024.1
     # via
     #   -r requirements/quality.txt
     #   django-modelcluster
-    #   djangorestframework
     #   drf-yasg
     #   l18n
 pyyaml==6.0.1
@@ -467,11 +449,11 @@ requests==2.31.0
     #   slumber
     #   social-auth-core
     #   wagtail
-requests-oauthlib==1.4.0
+requests-oauthlib==2.0.0
     # via
     #   -r requirements/quality.txt
     #   social-auth-core
-s3transfer==0.10.0
+s3transfer==0.10.1
     # via
     #   -r requirements/quality.txt
     #   boto3
@@ -530,21 +512,17 @@ text-unidecode==1.3
     #   python-slugify
 tomli==2.0.1
     # via
-    #   -r requirements/pip-tools.txt
     #   -r requirements/quality.txt
-    #   build
     #   coverage
-    #   pip-tools
     #   pylint
     #   pyproject-api
-    #   pyproject-hooks
     #   pytest
     #   tox
 tomlkit==0.12.4
     # via
     #   -r requirements/quality.txt
     #   pylint
-tox==4.14.1
+tox==4.14.2
     # via -r requirements/quality.txt
 typing-extensions==4.10.0
     # via
@@ -577,20 +555,9 @@ webencodings==0.5.1
     # via
     #   -r requirements/quality.txt
     #   html5lib
-wheel==0.43.0
-    # via
-    #   -r requirements/pip-tools.txt
-    #   pip-tools
 willow[heif]==1.8.0
     # via
     #   -r requirements/quality.txt
     #   wagtail
-zipp==3.17.0
-    # via
-    #   -r requirements/pip-tools.txt
-    #   -r requirements/quality.txt
-    #   importlib-metadata
-
-# The following packages are considered to be unsafe in a requirements file:
-# pip
-# setuptools
+zipp==3.18.1
+    # via -r requirements/quality.txt