openedx · stvstnfrd · Jun 12, 2021 · Jun 12, 2021 · Jun 12, 2021 · mraarif
diff --git a/Makefile b/Makefile
@@ -11,8 +11,13 @@ clean: ## delete generated byte code and coverage reports
 	rm -rf assets
 	rm -rf pii_report
 
+COMMON_CONSTRAINTS_TXT=requirements/common_constraints.txt
+.PHONY: $(COMMON_CONSTRAINTS_TXT)
+$(COMMON_CONSTRAINTS_TXT):
+	wget -O "$(@)" https://raw.githubusercontent.com/edx/edx-lint/master/edx_lint/files/common_constraints.txt || touch "$(@)"
+
 upgrade: export CUSTOM_COMPILE_COMMAND=make upgrade
-upgrade: ## update the requirements/*.txt files with the latest packages satisfying requirements/*.in
+upgrade: $(COMMON_CONSTRAINTS_TXT)  ## update the requirements/*.txt files with the latest packages satisfying requirements/*.in
 	pip install -r requirements/pip.txt
 	pip install -q -r requirements/pip_tools.txt
 	pip-compile --allow-unsafe --rebuild -o requirements/pip.txt requirements/pip.in

diff --git a/requirements/base.txt b/requirements/base.txt
@@ -31,7 +31,7 @@ web-fragments==1.0.0
     #   xblock
 webob==1.8.7
     # via xblock
-xblock==1.4.1
+xblock==1.4.2
     # via -r requirements/base.in
 
 # The following packages are considered to be unsafe in a requirements file:

diff --git a/requirements/common_constraints.txt b/requirements/common_constraints.txt
@@ -0,0 +1,26 @@
+# A central location for most common version constraints
+# (across edx repos) for pip-installation.
+#
+# Similar to other constraint files this file doesn't install any packages.
+# It specifies version constraints that will be applied if a package is needed.
+# When pinning something here, please provide an explanation of why it is a good
+# idea to pin this package across all edx repos, Ideally, link to other information
+# that will help people in the future to remove the pin when possible.
+# Writing an issue against the offending project and linking to it here is good.
+#
+# Note: Changes to this file will automatically be used by other repos, referencing
+#  this file from Github directly. It does not require packaging in edx-lint.
+
+
+# using LTS django version
+Django<2.3
+
+# docutils version 0.17 is causing docs rendering to fail
+# See https://sourceforge.net/p/docutils/bugs/417/
+docutils==0.16
+
+# latest version is causing e2e failures in edx-platform.
+drf-jwt<1.19.1
+
+# Newer versions causing tests failures in multiple repos.
+pyjwt[crypto]==1.7.1
diff --git a/requirements/constraints.txt b/requirements/constraints.txt
@@ -7,3 +7,6 @@
 # link to other information that will help people in the future to remove the
 # pin when possible.  Writing an issue against the offending project and
 # linking to it here is good.
+
+# Common constraints for edx repos
+-c common_constraints.txt
diff --git a/requirements/test.txt b/requirements/test.txt
@@ -6,7 +6,7 @@
 #
 attrs==21.2.0
     # via pytest
-coverage[toml]==5.5
+coverage==5.5
     # via pytest-cov
 iniconfig==1.1.1
     # via pytest
@@ -18,11 +18,11 @@ py==1.10.0
     # via pytest
 pyparsing==2.4.7
     # via packaging
-pytest-cov==2.12.0
+pytest-cov==2.12.1
     # via -r requirements/test.in
 pytest==6.2.4
     # via pytest-cov
 toml==0.10.2
     # via
-    #   coverage
     #   pytest
+    #   pytest-cov