1054265 - Audit and update Python dependencies

Status: RESOLVED FIXED

(developer.mozilla.org Graveyard :: General, defect)

Description

[Jannis Leidel [:jezdez]]

What feature should be changed? Please provide the URL of the feature if possible.
==================================================================================
Python dependencies that are outdated need to be updated.

What problems would this solve?
===============================
Security issues and outdated APIs.

Who would use this?
===================
Developers

What would users see?
=====================
Hopefully nothing

What would users do? What would happen as a result?
===================================================
n/a

Is there anything else we should know?
======================================

Comment 1

[Jannis Leidel [:jezdez]]

https://github.com/mozilla/kuma/issues/1934 is the original ticket about this. We track dependencies at https://requires.io/github/mozilla/kuma/requirements/?branch=master

Comment 2

[Luke Crouch [:groovecoder]]

Adding all MDN devs to cc list of these security bugs.

Comment 3

[Jannis Leidel [:jezdez]]

Upping the priority since we're seeing more issues now.

Comment 4

[Luke Crouch [:groovecoder]]

Making this depend on 1057293 since that will make it so much easier to update python dependencies.

Comment 5

[Jannis Leidel [:jezdez]]

Where in the tree fits bug 1110230?

Comment 6

[James Bennett [:ubernostrum]]

I'd have it block bug 1054265, but I'm open to other ideas.

Comment 7

[Jannis Leidel [:jezdez]]

https://github.com/mozilla/kuma/pull/3294

Comment 8

[Jannis Leidel [:jezdez]]

We've deployed a bunch of updates yesterday in the Django 1.8 update pull request and got rid of the git submodules based vendoring. Closing this as fixed.

Comment 9

[Will Kahn-Greene [:willkg] ET needinfo? me]

For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.