From ea128f3a30377143cb84e6f3295ca19d3965bc23 Mon Sep 17 00:00:00 2001 From: Manuel Raynaud Date: Tue, 30 Jul 2024 15:05:01 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=93=8C(back)=20pin=20django-storages=20to?= =?UTF-8?q?=20version=201.14.3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In version 1.14.4 there are at least two modifications made that lead to a breaking change in Marsha. The most annoying one is linked to this issue: jschneier/django-storages#1430 and we have to wait a newer version with a fix to have the previous behaviour. This fix is related to a security issue in django. This security is fixed in version 4.2.14 and we already use this version, so we are safe. The second one is related to how the signature in computed when an url is generated. Previously the signature was generated no matter if we need it or not and then we choose to remove the signautre part using the private method `_strip_signing_parameters`. This private does not exists anymore, instead a new setting is used, we have to set the setting `querystring_auth` to False to not compute the signature, it's real improvement as it saves the cost of computing the signature. --- renovate.json | 10 ++++++++++ src/backend/setup.cfg | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/renovate.json b/renovate.json index e8d174b76d..fed4a08071 100644 --- a/renovate.json +++ b/renovate.json @@ -68,6 +68,16 @@ "pytest" ], "allowedVersions": "<8.0.0" + }, + { + "enable": false, + "groupName": "ignored python dependencies", + "matchManagers": [ + "setup-cfg" + ], + "matchPackageNames": [ + "django-storages" + ] } ] } diff --git a/src/backend/setup.cfg b/src/backend/setup.cfg index 34aebce2dc..7bc5715aff 100644 --- a/src/backend/setup.cfg +++ b/src/backend/setup.cfg @@ -44,7 +44,7 @@ install_requires = django-parler==2.3 django-redis==5.4.0 django-safedelete==1.4.0 - django-storages==1.14.4 + django-storages==1.14.3 django-peertube-runner-connector==0.6.0 django-waffle==4.1.0 Django<5