From 46dd07a5322493b09714647af4e6fc18f2856196 Mon Sep 17 00:00:00 2001
From: Louis Dionne <ldionne.2@gmail.com>
Date: Mon, 6 Oct 2025 13:15:07 -0400
Subject: [PATCH] [deps] Move dependency pins to requirements.txt

That way, we have a single place where all of our dependency versions
are pinned, and setup.py only mentions which packages the tool depends
on, without requiring specific versions.

Also drop packages that are not depend upon directly from setup.py:
some of those like `pytz` are still pinned in requirements.txt for
stability, but they don't need to be in setup.py because we don't
depend on them directly. The `six` package was dropped entirely since
it wasn't used anymore.

Finally, this patch pins the versions used when running `tox` by
installing via requirements.txt, otherwise we end up using unpinned
versions from setup.py when running the tests, which creates obvious
issues.
---
 requirements.server.txt | 14 +++++++++++++-
 setup.py                | 27 ++++++++++++---------------
 tox.ini                 |  1 +
 3 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/requirements.server.txt b/requirements.server.txt
index da12deda..a5fa0271 100644
--- a/requirements.server.txt
+++ b/requirements.server.txt
@@ -1,7 +1,19 @@
 # These requirements are what you would install on a production server.
 .
-psycopg2==2.9.10
+aniso8601==1.2.0
+click==6.7
+Flask-RESTful==0.3.4
+Flask-WTF==0.12
+Flask==0.12.2
 gunicorn==19.9.0
+itsdangerous==0.24
 Jinja2==2.11.3
+MarkupSafe==1.1.1
 progressbar2
+psycopg2==2.9.10
+python-gnupg==0.3.7
+pytz==2016.10
 pyyaml==5.1.2
+SQLAlchemy==1.3.24
+Werkzeug==0.15.6
+WTForms==2.0.2
diff --git a/setup.py b/setup.py
index 443bf653..b29c6f13 100644
--- a/setup.py
+++ b/setup.py
@@ -115,24 +115,21 @@
         ],
     },
     install_requires=[
-        "six",
-        "aniso8601==1.2.0",
-        "Flask==0.12.2",
-        "Flask-RESTful==0.3.4",
+        "aniso8601",
+        "certifi",
+        "click",
+        "Flask-RESTful",
+        "Flask-WTF",
+        "Flask",
         "Jinja2",
-        "MarkupSafe==1.1.1",
-        "SQLAlchemy==1.3.24",
-        "Werkzeug==0.15.6",
-        "itsdangerous==0.24",
-        "python-gnupg==0.3.7",
-        "pytz==2016.10",
+        "MarkupSafe",
+        "python-gnupg",
         "pyyaml",
-        "WTForms==2.0.2",
-        "Flask-WTF==0.12",
-        "typing",
-        "click==6.7",
         "requests",
-        "certifi"
+        "SQLAlchemy",
+        "typing",
+        "Werkzeug",
+        "WTForms",
     ],
 
     ext_modules=[cPerf],
diff --git a/tox.ini b/tox.ini
index 6b4bad28..daac030b 100644
--- a/tox.ini
+++ b/tox.ini
@@ -49,6 +49,7 @@ commands =
 
 [testenv:py3]
 deps =
+    -r requirements.txt
     filecheck
     lit