General dependency upgrade

dev constraint

Add DRF pin

Add a new check

Author: AlanCoding

.github/workflows/ci.yml

@@ -34,6 +34,10 @@ jobs:
             python-version: "3.11"
             sonar: false
             junit-xml-upload: false
+          - env: py312-in-files
+            python-version: "3.12"
+            sonar: false
+            junit-xml-upload: false
     steps:
       - uses: actions/checkout@v4
         with:

pyproject.toml

@@ -102,6 +102,7 @@ legacy_tox_ini = """
         py310
         py311
         py311sqlite
+        py312-in-files
     labels =
         test = py312, py310, py311, py311sqlite, check
         lint = flake8, black, isort
@@ -128,6 +129,26 @@ legacy_tox_ini = """
     setenv =
         DJANGO_SETTINGS_MODULE = test_app.sqlite3settings
 
+    [testenv:py312-in-files]
+    deps =
+        -r{toxinidir}/requirements/requirements.in
+        -r{toxinidir}/requirements/requirements_activitystream.in
+        -r{toxinidir}/requirements/requirements_authentication.in
+        -r{toxinidir}/requirements/requirements_api_documentation.in
+        -r{toxinidir}/requirements/requirements_rest_filters.in
+        -r{toxinidir}/requirements/requirements_rbac.in
+        -r{toxinidir}/requirements/requirements_channels.in
+        -r{toxinidir}/requirements/requirements_jwt_consumer.in
+        -r{toxinidir}/requirements/requirements_redis_client.in
+        -r{toxinidir}/requirements/requirements_oauth2_provider.in
+        -r{toxinidir}/requirements/requirements_resource_registry.in
+        -r{toxinidir}/requirements/requirements_feature_flags.in
+        -r{toxinidir}/requirements/requirements_testing.txt
+        -r{toxinidir}/requirements/requirements_dev.txt
+    docker = db
+    allowlist_externals = sh
+    commands = pytest -n auto --color=yes --cov=. --cov-report=xml:coverage.xml --cov-report=html --cov-report=json --cov-branch --junit-xml=django-ansible-base-test-results.xml {env:ANSIBLE_BASE_PYTEST_ARGS} {env:ANSIBLE_BASE_TEST_DIRS:test_app/tests} {posargs}
+
     [docker:db]
     dockerfile = {toxinidir}/tools/dev_postgres/Dockerfile
     expose =

requirements/requirements.in

@@ -4,7 +4,7 @@
 #
 cryptography
 Django>=4.2.21,<4.3.0 # CVE-2024-45230, CVE-2024-56374
-djangorestframework
+djangorestframework<3.16 # problem with OAuth2Application.organization null handling
 django-crum
 inflection
 sqlparse>=0.5.2 # https://github.com/ansible/django-ansible-base/security/dependabot/9

requirements/requirements_all.txt

@@ -1,21 +1,21 @@
-asgiref==3.8.1
+asgiref==3.10.0
     # via
     #   -r requirements/requirements_resource_registry.in
     #   channels
     #   django
-attrs==24.2.0
+attrs==25.4.0
     # via
     #   jsonschema
     #   referencing
-certifi==2024.8.30
+certifi==2025.10.5
     # via requests
-cffi==1.17.1
+cffi==2.0.0
     # via cryptography
-channels==4.2.0
+channels==4.3.1
     # via -r requirements/requirements_channels.in
-charset-normalizer==3.4.0
+charset-normalizer==3.4.4
     # via requests
-cryptography==44.0.1
+cryptography==46.0.2
     # via
     #   -r requirements/requirements.in
     #   jwcrypto
@@ -24,7 +24,7 @@ defusedxml==0.8.0rc2
     # via
     #   python3-openid
     #   social-auth-core
-django==4.2.21
+django==4.2.25
     # via
     #   -r requirements/requirements.in
     #   channels
@@ -36,47 +36,47 @@ django==4.2.21
     #   djangorestframework
     #   drf-spectacular
     #   social-auth-app-django
-django-auth-ldap==5.1.0
+django-auth-ldap==5.2.0
     # via -r requirements/requirements_authentication.in
 django-crum==0.7.9
     # via -r requirements/requirements.in
-django-flags==5.0.13
+django-flags==5.0.14
     # via -r requirements/requirements_feature_flags.in
 django-oauth-toolkit==2.3.0
     # via -r requirements/requirements_oauth2_provider.in
-django-redis==5.4.0
+django-redis==6.0.0
     # via -r requirements/requirements_redis_client.in
 djangorestframework==3.15.2
     # via
     #   -r requirements/requirements.in
     #   drf-spectacular
 drf-spectacular==0.26.5
     # via -r requirements/requirements_api_documentation.in
-dynaconf==3.2.10
+dynaconf==3.2.12
     # via -r requirements/requirements.in
-idna==3.10
+idna==3.11
     # via requests
 inflection==0.5.1
     # via
     #   -r requirements/requirements.in
     #   drf-spectacular
 isodate==0.7.2
     # via python3-saml
-jsonschema==4.23.0
+jsonschema==4.25.1
     # via drf-spectacular
-jsonschema-specifications==2024.10.1
+jsonschema-specifications==2025.9.1
     # via jsonschema
 jwcrypto==1.5.6
     # via django-oauth-toolkit
 ldap-filter==1.0.1
     # via -r requirements/requirements_authentication.in
-lxml==5.3.0
+lxml==6.0.2
     # via
     #   python3-saml
     #   xmlsec
 netaddr==1.3.0
     # via pyrad
-oauthlib==3.2.2
+oauthlib==3.3.1
     # via
     #   django-oauth-toolkit
     #   requests-oauthlib
@@ -85,9 +85,9 @@ pyasn1==0.6.1
     # via
     #   pyasn1-modules
     #   python-ldap
-pyasn1-modules==0.4.1
+pyasn1-modules==0.4.2
     # via python-ldap
-pycparser==2.22
+pycparser==2.23
     # via cffi
 pyjwt==2.10.1
     # via
@@ -96,25 +96,25 @@ pyjwt==2.10.1
     #   social-auth-core
 pyrad==2.4
     # via -r requirements/requirements_authentication.in
-python-ldap==3.4.4
+python-ldap==3.4.5
     # via
     #   -r requirements/requirements_authentication.in
     #   django-auth-ldap
 python3-openid==3.2.0
     # via social-auth-core
 python3-saml==1.16.0
     # via -r requirements/requirements_authentication.in
-pyyaml==6.0.2
+pyyaml==6.0.3
     # via drf-spectacular
-redis==5.2.0
+redis==6.4.0
     # via
     #   -r requirements/requirements_redis_client.in
     #   django-redis
-referencing==0.35.1
+referencing==0.37.0
     # via
     #   jsonschema
     #   jsonschema-specifications
-requests==2.32.3
+requests==2.32.5
     # via
     #   -r requirements/requirements_jwt_consumer.in
     #   -r requirements/requirements_resource_registry.in
@@ -123,7 +123,7 @@ requests==2.32.3
     #   social-auth-core
 requests-oauthlib==2.0.0
     # via social-auth-core
-rpds-py==0.22.3
+rpds-py==0.27.1
     # via
     #   jsonschema
     #   referencing
@@ -137,19 +137,21 @@ social-auth-core==4.5.4
     # via
     #   -r requirements/requirements_authentication.in
     #   social-auth-app-django
-sqlparse==0.5.2
+sqlparse==0.5.3
     # via
     #   -r requirements/requirements.in
     #   django
 tabulate==0.9.0
     # via -r requirements/requirements_authentication.in
 tacacs-plus==2.6
     # via -r requirements/requirements_authentication.in
-typing-extensions==4.12.2
-    # via jwcrypto
-uritemplate==4.1.1
+typing-extensions==4.15.0
+    # via
+    #   jwcrypto
+    #   referencing
+uritemplate==4.2.0
     # via drf-spectacular
-urllib3==2.2.3
+urllib3==2.5.0
     # via
     #   -r requirements/requirements_resource_registry.in
     #   requests

requirements/requirements_dev.txt

@@ -1,7 +1,7 @@
 ansible                 # Used in build process to generate some configs
 black==25.1.0           # Linting tool, if changed update pyproject.toml as well
 build
-django==4.2.21
+django<6
 django-debug-toolbar
 django-extensions
 djangorestframework
@@ -18,6 +18,6 @@ pytest-xdist
 pytest-cov
 pytest-django
 setuptools-scm
-sqlparse==0.5.2
+sqlparse<1
 psycopg[binary]
 sdb

test_app/tests/oauth2_provider/views/test_application.py

@@ -202,6 +202,8 @@ def test_oauth2_provider_application_validator(admin_api_client):
         },
     )
     assert response.status_code == 400
+    assert 'organization' in response.data
+    assert 'This field is required' in str(response.data['organization'])
 
 
 @pytest.mark.parametrize(