Python Requirements Update

requirements/base.txt

@@ -4,21 +4,25 @@
 #
 #    make upgrade
 #
-asgiref==3.7.2
+asgiref==3.8.1
     # via django
-certifi==2023.7.22
+backports-zoneinfo==0.2.1
+    # via
+    #   django
+    #   djangorestframework
+certifi==2024.2.2
     # via requests
-cffi==1.15.1
+cffi==1.16.0
     # via
     #   cryptography
     #   pynacl
-charset-normalizer==3.2.0
+charset-normalizer==3.3.2
     # via requests
-click==8.1.6
+click==8.1.7
     # via edx-django-utils
-cryptography==41.0.2
+cryptography==42.0.5
     # via pyjwt
-django==3.2.20
+django==4.2.11
     # via
     #   -c requirements/common_constraints.txt
     #   -r requirements/base.in
@@ -31,40 +35,40 @@ django==3.2.20
     #   edx-drf-extensions
 django-crum==0.7.9
     # via edx-django-utils
-django-model-utils==4.3.1
+django-model-utils==4.4.0
     # via -r requirements/base.in
 django-simple-history==3.1.1
     # via
     #   -c requirements/constraints.txt
     #   -r requirements/base.in
-django-waffle==4.0.0
+django-waffle==4.1.0
     # via
     #   edx-django-utils
     #   edx-drf-extensions
-djangorestframework==3.14.0
+djangorestframework==3.15.1
     # via
     #   -r requirements/base.in
     #   drf-jwt
     #   edx-drf-extensions
 drf-jwt==1.19.2
     # via edx-drf-extensions
-edx-django-utils==5.6.0
+edx-django-utils==5.11.0
     # via edx-drf-extensions
-edx-drf-extensions==8.8.0
+edx-drf-extensions==10.2.0
     # via -r requirements/base.in
-edx-opaque-keys==2.3.0
+edx-opaque-keys==2.5.1
     # via
     #   -r requirements/base.in
     #   edx-drf-extensions
-idna==3.4
+idna==3.6
     # via requests
-newrelic==8.9.0
+newrelic==9.7.1
     # via edx-django-utils
-pbr==5.11.1
+pbr==6.0.0
     # via stevedore
-pillow==10.0.0
+pillow==10.2.0
     # via -r requirements/base.in
-psutil==5.9.5
+psutil==5.9.8
     # via edx-django-utils
 pycparser==2.21
     # via cffi
@@ -76,27 +80,19 @@ pymongo==3.13.0
     # via edx-opaque-keys
 pynacl==1.5.0
     # via edx-django-utils
-python-dateutil==2.8.2
-    # via edx-drf-extensions
-pytz==2023.3
-    # via
-    #   django
-    #   djangorestframework
 requests==2.31.0
     # via edx-drf-extensions
 semantic-version==2.10.0
     # via edx-drf-extensions
-six==1.16.0
-    # via
-    #   edx-drf-extensions
-    #   python-dateutil
 sqlparse==0.4.4
     # via django
-stevedore==5.1.0
+stevedore==5.2.0
     # via
     #   edx-django-utils
     #   edx-opaque-keys
-typing-extensions==4.7.1
-    # via asgiref
-urllib3==2.0.4
+typing-extensions==4.10.0
+    # via
+    #   asgiref
+    #   edx-opaque-keys
+urllib3==2.2.1
     # via requests

requirements/common_constraints.txt

@@ -13,7 +13,7 @@
 
 
 # using LTS django version
-Django<4.0
+Django<5.0
 
 # elasticsearch>=7.14.0 includes breaking changes in it which caused issues in discovery upgrade process.
 # elastic search changelog: https://www.elastic.co/guide/en/enterprise-search/master/release-notes-7.14.0.html
@@ -22,6 +22,11 @@ elasticsearch<7.14.0
 # django-simple-history>3.0.0 adds indexing and causes a lot of migrations to be affected
 
 
-# tox>4.0.0 isn't yet compatible with many tox plugins, causing CI failures in almost all repos.
-# Details can be found in this discussion: https://github.com/tox-dev/tox/discussions/1810
-tox<4.0.0
+# opentelemetry requires version 6.x at the moment:
+# https://github.com/open-telemetry/opentelemetry-python/issues/3570
+# Normally this could be added as a constraint in edx-django-utils, where we're
+# adding the opentelemetry dependency. However, when we compile pip-tools.txt,
+# that uses version 7.x, and then there's no undoing that when compiling base.txt.
+# So we need to pin it globally, for now.
+# Ticket for unpinning: https://github.com/openedx/edx-lint/issues/407
+importlib-metadata<7

requirements/pip-tools.txt

@@ -4,23 +4,31 @@
 #
 #    make upgrade
 #
-build==0.10.0
+build==1.1.1
     # via pip-tools
-click==8.1.6
+click==8.1.7
     # via pip-tools
-packaging==23.1
+importlib-metadata==6.11.0
+    # via
+    #   -c requirements/common_constraints.txt
+    #   build
+packaging==24.0
     # via build
-pip-tools==7.1.0
+pip-tools==7.4.1
     # via -r requirements/pip-tools.in
 pyproject-hooks==1.0.0
-    # via build
+    # via
+    #   build
+    #   pip-tools
 tomli==2.0.1
     # via
     #   build
     #   pip-tools
     #   pyproject-hooks
-wheel==0.41.0
+wheel==0.43.0
     # via pip-tools
+zipp==3.18.1
+    # via importlib-metadata
 
 # The following packages are considered to be unsafe in a requirements file:
 # pip

requirements/pip.txt

@@ -4,11 +4,11 @@
 #
 #    make upgrade
 #
-wheel==0.41.0
+wheel==0.43.0
     # via -r requirements/pip.in
 
 # The following packages are considered to be unsafe in a requirements file:
-pip==23.2.1
+pip==24.0
     # via -r requirements/pip.in
-setuptools==68.0.0
+setuptools==69.2.0
     # via -r requirements/pip.in