Bump Django and DRF

And also license-expression, packageurl and cwe2

Signed-off-by: Philippe Ombredanne <[email protected]>

Author: pombredanne

CHANGELOG.rst

@@ -8,6 +8,7 @@ Version (next)
 - Add logging configuration (#1533)
 - Drop support for python 3.8 (#1533)
 - Drop using docker-compose and use the built-in "docker compose" instead
+- Upgrade core dependencies including Django and Rest Framework
 
 
 Version v34.0.0

requirements.txt

@@ -1,7 +1,7 @@
 aboutcode.pipeline==0.1.0
 aiosignal==1.2.0
 alabaster==0.7.12
-asgiref==3.5.2
+asgiref==3.8.1
 asttokens==2.0.5
 async-timeout==4.0.2
 attrs==21.4.0
@@ -12,7 +12,7 @@ beautifulsoup4==4.10.0
 binaryornot==0.4.4
 black==22.3.0
 bleach==6.1.0
-boolean.py==3.8
+boolean.py==4.0
 certifi==2024.7.4
 cffi==1.15.0
 chardet==4.0.0
@@ -21,29 +21,29 @@ click==8.1.2
 coreapi==2.3.3
 coreschema==0.0.4
 cryptography==42.0.4
-cwe2==2.0.0
+cwe2==3.0.0
 dateparser==1.1.1
 decorator==5.1.1
 defusedxml==0.7.1
 distro==1.7.0
-Django==4.1.13
-django-crispy-forms==1.10.0
-django-environ==0.8.1
-django-filter==21.1
-djangorestframework==3.13.1
-django-widget-tweaks==1.4.12
+Django==4.2.15
+django-crispy-forms==2.3
+django-environ==0.11.2
+django-filter==24.3
+djangorestframework==3.15.2
+django-widget-tweaks==1.5.0
 doc8==0.11.1
 docopt==0.6.2
 docutils==0.17.1
-drf-spectacular==0.24.2
-drf-spectacular-sidecar==2022.10.1
+drf-spectacular==0.27.2
+drf-spectacular-sidecar==2024.7.1 
 executing==0.8.3
 fetchcode==0.3.0
 freezegun==1.2.1
 frozenlist==1.3.0
 gitdb==4.0.9
 GitPython==3.1.41
-gunicorn==22.0.0
+gunicorn==23.0.0
 idna==3.3
 imagesize==1.3.0
 importlib-metadata==4.11.3
@@ -54,15 +54,15 @@ itypes==1.2.0
 jedi==0.18.1
 Jinja2==3.1.4
 jsonschema==3.2.0
-license-expression==21.6.14
+license-expression==30.3.1
 lxml==4.9.1
 Markdown==3.3.4
 markdown-it-py==3.0.0
 MarkupSafe==2.1.1
 matplotlib-inline==0.1.3
 multidict==6.0.2
 mypy-extensions==0.4.3
-packageurl-python==0.10.5rc1
+packageurl-python==0.15.6
 packaging==21.3
 paramiko==3.4.0
 parso==0.8.3

setup.cfg

@@ -55,24 +55,23 @@ include_package_data = true
 zip_safe = false
 
 install_requires =
-    Django>=4.0.0
+    Django>=4.2.0,<=5.0
     psycopg2-binary>=2.8.6
-    djangorestframework>=3.12.4
+    djangorestframework>=3.15.0
     django-extensions>=3.2.3
-    django-filter>=2.4.0
-    django-widget-tweaks>=1.4.8
-    django-crispy-forms>=1.10.0
-    django-environ>=0.8.0
-    gunicorn>=20.1.0
+    django-filter>=24.0
+    django-widget-tweaks>=1.5.0
+    django-crispy-forms>=2.3
+    django-environ>=0.11.0
+    gunicorn>=23.0.0
 
     # for the API doc
-    drf-spectacular[sidecar]>=0.24.2
-    coreapi>=2.3.3
+    drf-spectacular[sidecar]>=0.27.2
 
     #essentials
-    packageurl-python>=0.10.5rc1
+    packageurl-python>=0.15
     univers>=30.12.0
-    license-expression>=21.6.14
+    license-expression>=30.0.0
 
     # file and data formats
     binaryornot>=0.4.4
@@ -85,7 +84,7 @@ install_requires =
     Markdown>=3.3.0
     dateparser>=1.1.1
     cvss>=2.4
-    cwe2>=2.0.0
+    cwe2>=3.0.0
 
     # networking
     GitPython>=3.1.17

vulnerabilities/tests/test_api.py

@@ -293,7 +293,7 @@ def test_api_with_single_vulnerability(self):
                 {
                     "cwe_id": 119,
                     "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
-                    "description": "The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.",
+                    "description": "The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.",
                 },
             ],
         }
@@ -338,7 +338,7 @@ def test_api_with_single_vulnerability_with_filters(self):
                 {
                     "cwe_id": 119,
                     "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
-                    "description": "The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.",
+                    "description": "The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.",
                 },
             ],
         }

vulnerabilities/utils.py

@@ -30,7 +30,7 @@
 import toml
 import urllib3
 from packageurl import PackageURL
-from packageurl.contrib.django.models import without_empty_values
+from packageurl.contrib.django.utils import without_empty_values
 from univers.version_range import RANGE_CLASS_BY_SCHEMES
 from univers.version_range import NginxVersionRange
 from univers.version_range import VersionRange