chore: update deps for py3.12

README.md

@@ -142,7 +142,7 @@ Pages will gradually be updated to Vue 3 components. These components are locate
 
 Each Vue 3 app has its own sub-directory. For example, the agenda app is located under `/client/agenda`.
 
-The datatracker makes use of the Django-Vite plugin to point to either the Vite.js server or the precompiled production files. The `DJANGO_VITE_DEV_MODE` flag, found in the `ietf/settings_local.py` file determines whether the Vite.js server is used or not.
+The datatracker makes use of the Django-Vite plugin to point to either the Vite.js server or the precompiled production files. The `DJANGO_VITE["default"]["dev_mode"]` flag, found in the `ietf/settings_local.py` file determines whether the Vite.js server is used or not.
 
 In development mode, you must start the Vite.js development server, in addition to the usual Datatracker server:
 

docker/configs/settings_local.py

@@ -89,6 +89,8 @@
             secret_key="minio_pass",
             security_token=None,
             client_config=botocore.config.Config(
+                request_checksum_calculation="when_required",
+                response_checksum_validation="when_required",
                 signature_version="s3v4",
                 connect_timeout=BLOBSTORAGE_CONNECT_TIMEOUT,
                 read_timeout=BLOBSTORAGE_READ_TIMEOUT,

docker/configs/settings_local_vite.py

@@ -2,5 +2,9 @@
 # -*- coding: utf-8 -*-
 
 from ietf.settings_local import *                  # pyflakes:ignore
+from ietf.settings_local import DJANGO_VITE
 
-DJANGO_VITE_DEV_MODE = True
+DJANGO_VITE["default"] |= {
+    "dev_mode": True,
+    "dev_server_port": 3000,
+}

docker/scripts/app-configure-blobstore.py

@@ -17,7 +17,11 @@ def init_blobstore():
         aws_access_key_id=os.environ.get("BLOB_STORE_ACCESS_KEY", "minio_root"),
         aws_secret_access_key=os.environ.get("BLOB_STORE_SECRET_KEY", "minio_pass"),
         aws_session_token=None,
-        config=botocore.config.Config(signature_version="s3v4"),
+        config=botocore.config.Config(
+            request_checksum_calculation="when_required",
+            response_checksum_validation="when_required",
+            signature_version="s3v4",
+        ),
     )
     for bucketname in ARTIFACT_STORAGE_NAMES:
         try:

ietf/settings.py

@@ -450,23 +450,24 @@ def skip_unreadable_post(record):
     "ietf.middleware.SMTPExceptionMiddleware",
     "ietf.middleware.Utf8ExceptionMiddleware",
     "ietf.middleware.redirect_trailing_period_middleware",
-    "django_referrer_policy.middleware.ReferrerPolicyMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
     "django.middleware.security.SecurityMiddleware",
-    #"csp.middleware.CSPMiddleware",
     "ietf.middleware.unicode_nfkc_normalization_middleware",
     "ietf.middleware.is_authenticated_header_middleware",
 ]
 
 ROOT_URLCONF = 'ietf.urls'
 
-DJANGO_VITE_ASSETS_PATH = os.path.join(BASE_DIR, 'static/dist-neue')
+# Configure django_vite
+DJANGO_VITE: dict = {"default": {}}
 if DEBUG:
-    DJANGO_VITE_MANIFEST_PATH = os.path.join(BASE_DIR, 'static/dist-neue/manifest.json')
+    DJANGO_VITE["default"]["manifest_path"] = os.path.join(
+        BASE_DIR, 'static/dist-neue/manifest.json'
+    )
 
 # Additional locations of static files (in addition to each app's static/ dir)
 STATICFILES_DIRS = (
-    DJANGO_VITE_ASSETS_PATH,
+    os.path.join(BASE_DIR, "static/dist-neue"),  # for django_vite
     os.path.join(BASE_DIR, 'static/dist'),
     os.path.join(BASE_DIR, 'secr/static/dist'),
 )
@@ -570,8 +571,6 @@ def skip_unreadable_post(record):
 CORS_ALLOW_METHODS = ( 'GET', 'OPTIONS', )
 CORS_URLS_REGEX = r'^(/api/.*|.*\.json|.*/json/?)$'
 
-# Setting for django_referrer_policy.middleware.ReferrerPolicyMiddleware
-REFERRER_POLICY = 'strict-origin-when-cross-origin'
 
 # django.middleware.security.SecurityMiddleware 
 SECURE_BROWSER_XSS_FILTER       = True
@@ -584,6 +583,7 @@ def skip_unreadable_post(record):
 #SECURE_SSL_REDIRECT             = True
 # Relax the COOP policy to allow Meetecho authentication pop-up
 SECURE_CROSS_ORIGIN_OPENER_POLICY = "unsafe-none"
+SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin"
 
 # Override this in your settings_local with the IP addresses relevant for you:
 INTERNAL_IPS = (
@@ -668,11 +668,6 @@ def skip_unreadable_post(record):
 IDNITS_BASE_URL = "https://author-tools.ietf.org/api/idnits"
 IDNITS_SERVICE_URL = "https://author-tools.ietf.org/idnits"
 
-# Content security policy configuration (django-csp)
-# (In current production, the Content-Security-Policy header is completely set by nginx configuration, but
-#  we try to keep this in sync to avoid confusion)
-CSP_DEFAULT_SRC = ("'self'", "'unsafe-inline'", f"data: {IDTRACKER_BASE_URL} http://ietf.org/ https://www.ietf.org/ https://analytics.ietf.org/ https://static.ietf.org")
-
 # The name of the method to use to invoke the test suite
 TEST_RUNNER = 'ietf.utils.test_runner.IetfTestRunner'
 

ietf/utils/test_runner.py

@@ -1197,7 +1197,11 @@ class TestBlobstoreManager():
         aws_access_key_id="minio_root",
         aws_secret_access_key="minio_pass",
         aws_session_token=None,
-        config = botocore.config.Config(signature_version="s3v4"),
+        config = botocore.config.Config(
+            request_checksum_calculation="when_required",
+            response_checksum_validation="when_required",
+            signature_version="s3v4",
+        ),
         #config=botocore.config.Config(signature_version=botocore.UNSIGNED),
         verify=False
     )

k8s/settings_local.py

@@ -280,7 +280,9 @@ def _multiline_to_list(s):
 PHOTOS_DIR = MEDIA_ROOT + PHOTOS_DIRNAME
 
 # Normally only set for debug, but needed until we have a real FS
-DJANGO_VITE_MANIFEST_PATH = os.path.join(BASE_DIR, "static/dist-neue/manifest.json")
+DJANGO_VITE["default"]["manifest_path"] = os.path.join(
+    BASE_DIR, "static/dist-neue/manifest.json"
+)
 
 # Binaries that are different in the docker image
 DE_GFM_BINARY = "/usr/local/bin/de-gfm"
@@ -379,6 +381,8 @@ def _multiline_to_list(s):
             secret_key=_blob_store_secret_key,
             security_token=None,
             client_config=botocore.config.Config(
+                request_checksum_calculation="when_required",
+                response_checksum_validation="when_required",
                 signature_version="s3v4",
                 connect_timeout=_blob_store_connect_timeout,
                 read_timeout=_blob_store_read_timeout,

patch/tastypie-django22-fielderror-response.patch

@@ -1,5 +1,5 @@
---- tastypie/resources.py.orig	2020-08-24 13:14:25.463166100 +0200
-+++ tastypie/resources.py	2020-08-24 13:15:55.133759224 +0200
+--- tastypie/resources.py.orig	2025-07-29 19:00:01.526948002 +0000
++++ tastypie/resources.py	2025-07-29 19:07:15.324127008 +0000
 @@ -12,7 +12,7 @@
      ObjectDoesNotExist, MultipleObjectsReturned, ValidationError, FieldDoesNotExist
  )
@@ -9,13 +9,13 @@
  from django.db.models.fields.related import ForeignKey
  from django.urls.conf import re_path
  from tastypie.utils.timezone import make_naive_utc
-@@ -2198,6 +2198,8 @@
+@@ -2216,6 +2216,8 @@
              return self.authorized_read_list(objects, bundle)
          except ValueError:
              raise BadRequest("Invalid resource lookup data provided (mismatched type).")
 +        except FieldError as e:
 +            raise BadRequest("Invalid resource lookup: %s." % e)
- 
+
      def obj_get(self, bundle, **kwargs):
          """
 --- tastypie/paginator.py.orig	2020-08-25 15:24:46.391588425 +0200

requirements.txt

@@ -1,88 +1,85 @@
 # -*- conf-mode -*-
-setuptools>=51.1.0    # Require this first, to prevent later errors
+setuptools>=80.9.0  # Require this first, to prevent later errors
 #
 aiosmtpd>=1.4.6
-argon2-cffi>=21.3.0    # For the Argon2 password hasher option
-beautifulsoup4>=4.11.1    # Only used in tests
-bibtexparser>=1.2.0    # Only used in tests
-bleach>=6
-types-bleach>=6
-boto3>=1.35,<1.36
-boto3-stubs[s3]>=1.35,<1.36
-botocore>=1.35,<1.36
-celery>=5.2.6
+argon2-cffi>=25.1.0  # For the Argon2 password hasher option
+beautifulsoup4>=4.13.4  # Only used in tests
+bibtexparser>=1.4.3  # Only used in tests
+bleach>=6.2.0  # project is deprecated but supported
+types-bleach>=6.2.0
+boto3>=1.39.15
+boto3-stubs[s3]>=1.39.15
+botocore>=1.39.15
+celery>=5.5.3
 coverage>=7.9.2
 defusedxml>=0.7.1    # for TastyPie when using xml; not a declared dependency
 Django>4.2,<5
-django-admin-rangefilter>=0.13.2
-django-analytical>=3.1.0
-django-bootstrap5>=21.3
-django-celery-beat>=2.3.0,<2.8.0  # pin until https://github.com/celery/django-celery-beat/issues/875 is resolved, then revisit
-django-celery-results>=2.5.1
-django-csp>=3.7
-django-cors-headers>=3.11.0
-django-debug-toolbar>=3.2.4
-django-markup>=1.5    # Limited use - need to reconcile against direct use of markdown
+django-admin-rangefilter>=0.13.3
+django-analytical>=3.2.0
+django-bootstrap5>=25.1
+django-celery-beat>=2.7.0,<2.8.0  # pin until https://github.com/celery/django-celery-beat/issues/875 is resolved, then revisit
+django-celery-results>=2.6.0
+django-cors-headers>=4.7.0
+django-debug-toolbar>=6.0.0
+django-markup>=1.10    # Limited use - need to reconcile against direct use of markdown
 django-oidc-provider==0.8.2    # 0.8.3 changes logout flow and claim return
-django-referrer-policy>=1.0
-django-simple-history>=3.0.0
-django-storages>=1.14.4
+django-simple-history>=3.10.1
+django-storages>=1.14.6
 django-stubs>=4.2.7,<5    # The django-stubs version used determines the the mypy version indicated below
-django-tastypie>=0.14.7,<0.15.0    # Version must be locked in sync with version of Django
-django-vite>=2.0.2,<3
+django-tastypie>=0.15.1  # Version must be kept in sync with Django
+django-vite>=3.1.0
 django-widget-tweaks>=1.4.12
-djangorestframework>=3.15,<4
-djlint>=1.0.0    # To auto-indent templates via "djlint --profile django --reformat"
-docutils>=0.18.1    # Used only by dbtemplates for RestructuredText
+djangorestframework>=3.16.0
+docutils>=0.22.0  # Used only by dbtemplates for RestructuredText
+types-docutils>=0.21.0  # should match docutils (0.22.0 not out yet)
 drf-spectacular>=0.27
-drf-standardized-errors[openapi] >= 0.14
-types-docutils>=0.18.1
-factory-boy>=3.3
-github3.py>=3.2.0
-gunicorn>=20.1.0
+drf-standardized-errors[openapi] >= 0.15.0
+factory-boy>=3.3.3
+github3.py>=4.0.1
+gunicorn>=23.0.0
 hashids>=1.3.1
-html2text>=2020.1.16    # Used only to clean comment field of secr/sreq
+html2text>=2025.4.15  # Used only to clean comment field of secr/sreq
 html5lib>=1.1    # Only used in tests
-inflect>= 6.0.2
-jsonfield>=3.1.0    # for SubmissionCheck.  This is https://github.com/bradjasper/django-jsonfield/.
-jsonschema[format]>=4.2.1
-jwcrypto>=1.2    # for signed notifications - this is aspirational, and is not really used.
-logging_tree>=1.9    # Used only by the showloggers management command
-lxml>=5.3.0
-markdown>=3.3.6
-types-markdown>=3.3.6
-mock>=4.0.3    # Used only by tests, of course
-types-mock>=4.0.3
-mypy~=1.7.0    # Version requirements determined by django-stubs.
-oic>=1.3    # Used only by tests
-Pillow>=9.1.0
-psycopg2>=2.9.6
-pyang>=2.5.3
-pydyf>0.8.0
-pyflakes>=2.4.0
-pyopenssl>=22.0.0    # Used by urllib3.contrib, which is used by PyQuery but not marked as a dependency
-pyquery>=1.4.3
-python-dateutil>=2.8.2
-types-python-dateutil>=2.8.2
-python-json-logger>=3.1.0
+inflect>= 7.5.0
+jsonfield>=3.2.0  # deprecated - need to replace with Django's JSONField
+jsonschema[format]>=4.25.0
+jwcrypto>=1.5.6  # for signed notifications - this is aspirational, and is not really used.
+logging_tree>=1.10  # Used only by the showloggers management command
+lxml>=6.0.0
+markdown>=3.8.0
+types-markdown>=3.8.0
+mock>=5.2.0  # should replace with unittest.mock and remove dependency
+types-mock>=5.2.0
+mypy~=1.7.0  # Version requirements determined by django-stubs.
+oic>=1.7.0  # Used only by tests
+pillow>=11.3.0
+psycopg2>=2.9.10
+pyang>=2.6.1
+pydyf>=0.11.0
+pyflakes>=3.4.0
+pyopenssl>=25.1.0  # Used by urllib3.contrib, which is used by PyQuery but not marked as a dependency
+pyquery>=2.0.1
+python-dateutil>=2.9.0
+types-python-dateutil>=2.9.0
+python-json-logger>=3.3.0
 python-magic==0.4.18    # Versions beyond the yanked .19 and .20 introduce form failures
 pymemcache>=4.0.0  # for django.core.cache.backends.memcached.PyMemcacheCache
-python-mimeparse>=1.6    # from TastyPie
-pytz==2022.2.1   # Pinned as changes need to be vetted for their effect on Meeting fields
-types-pytz==2022.2.1   # match pytz version
-requests>=2.31.0
-types-requests>=2.27.1
-requests-mock>=1.9.3
+python-mimeparse>=2.0.0  # from TastyPie
+pytz==2025.2  # Pinned as changes need to be vetted for their effect on Meeting fields
+types-pytz==2025.2.0.20250516  # match pytz version
+requests>=2.32.4
+types-requests>=2.32.4
+requests-mock>=1.12.1
 rfc2html>=2.0.3
-scout-apm>=2.24.2
-selenium>=4.0
-tblib>=1.7.0    # So that the django test runner provides tracebacks
-tlds>=2022042700    # Used to teach bleach about which TLDs currently exist
-tqdm>=4.64.0
-types-zxcvbn~=4.5.0.20250223  # match zxcvbn version
-Unidecode>=1.3.4
-urllib3>=1.26,<2
-weasyprint>=64.1
-xml2rfc>=3.23.0
+scout-apm>=3.4.0
+selenium>=4.34.2
+tblib>=3.1.0  # So that the django test runner provides tracebacks
+tlds>=2022042700  # Used to teach bleach about which TLDs currently exist
+tqdm>=4.67.1
+unidecode>=1.4.0
+urllib3>=2.5.0
+weasyprint>=66.0
+xml2rfc>=3.30.0
 xym>=0.6,<1.0
 zxcvbn>=4.5.0
+types-zxcvbn~=4.5.0.20250223  # match zxcvbn version