From 737e916c0e9a35e6d1d507a82ec54a534a73351f Mon Sep 17 00:00:00 2001 From: Chad Weider Date: Tue, 22 Aug 2023 14:58:19 -0700 Subject: [PATCH] build(deps): update django-rest-framework for CSP `django-rest-framework` has recieved several patches for CSP compatibility, but unfortunately these are not included in the latest release (3.14.0) and a new release cannot be expected for a while. As such, we must replace the semantically versioned PyPI reference with a reference to the latest commit on the master branch of the package's Git Repository that contains the changes that we need (do not use `master` since it could change in unexpected and incompatible ways). Included in this change is the use of `inflection` for the OpenAPI spec's `operationIds`, an unfortunate dependency added by encode/django-rest-framework#8017 and later made less obtrusive by encode/django-rest-framework#8781. Any usage of the schema generator must be done in an environment that includes this package. Additionally, this new approach makes the generated `operationId` that was `listPersons` into `listPeople`. Thankfully, this is immaterial. Fixes: #3020 --- poetry.lock | 27 +++++++++++++++++++++------ pyproject.toml | 3 ++- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/poetry.lock b/poetry.lock index b77c688f64..f3db15bfb4 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 1.6.1 and should not be changed by hand. +# This file is automatically @generated by Poetry 1.5.1 and should not be changed by hand. [[package]] name = "amqp" @@ -1235,15 +1235,19 @@ version = "3.14.0" description = "Web APIs for Django, made easy." optional = false python-versions = ">=3.6" -files = [ - {file = "djangorestframework-3.14.0-py3-none-any.whl", hash = "sha256:eb63f58c9f218e1a7d064d17a70751f528ed4e1d35547fdade9aaf4cd103fd08"}, - {file = "djangorestframework-3.14.0.tar.gz", hash = "sha256:579a333e6256b09489cbe0a067e66abe55c6595d8926be6b99423786334350c8"}, -] +files = [] +develop = false [package.dependencies] django = ">=3.0" pytz = "*" +[package.source] +type = "git" +url = "https://github.com/encode/django-rest-framework.git" +reference = "cc3c89a11c7ee9cf7cfd732e0a329c318ace71b2" +resolved_reference = "cc3c89a11c7ee9cf7cfd732e0a329c318ace71b2" + [[package]] name = "djangorestframework-filters" version = "1.0.0.dev2" @@ -1932,6 +1936,17 @@ files = [ mypy = ["click (>=6.0)", "mypy (==0.812)", "twisted (>=16.4.0)"] scripts = ["click (>=6.0)", "twisted (>=16.4.0)"] +[[package]] +name = "inflection" +version = "0.5.1" +description = "A port of Ruby on Rails inflector to Python" +optional = false +python-versions = ">=3.5" +files = [ + {file = "inflection-0.5.1-py2.py3-none-any.whl", hash = "sha256:f38b2b640938a4f35ade69ac3d053042959b62a0f1076a5bbaa1b9526605a8a2"}, + {file = "inflection-0.5.1.tar.gz", hash = "sha256:1a29730d366e996aaacffb2f1f1cb9593dc38e2ddd30c91250c6dde09ea9b417"}, +] + [[package]] name = "iniconfig" version = "2.0.0" @@ -4768,4 +4783,4 @@ testing = ["coverage (>=5.0.3)", "zope.event", "zope.testing"] [metadata] lock-version = "2.0" python-versions = ">=3.11, <3.12" -content-hash = "101e37bf070d473787c52b6eb68edb95e98d6b1dbe80b76af790328b30d70ede" +content-hash = "8ecdb2b57ad477c89df33c35c601ec493c926d785a37a2a532b2736cdcee77c7" diff --git a/pyproject.toml b/pyproject.toml index 696d5ac8db..592acbf3a0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -45,7 +45,7 @@ django-mathfilters = "*" django-pghistory = "^2.7.0" django-ratelimit = "^4.0.0" django-storages = "^1.13.2" -djangorestframework = "^3.14.0" +djangorestframework = {git = "https://github.com/encode/django-rest-framework.git", rev = "cc3c89a11c7ee9cf7cfd732e0a329c318ace71b2"} djangorestframework-xml = "^2.0.0" drf-dynamic-fields = "*" feedparser = "^6.0.8" @@ -112,6 +112,7 @@ psycopg2 = "^2.9.6" juriscraper = "^2.5.51" httpx = {extras = ["http2"], version = "^0.24.1"} django-model-utils = "^4.3.1" +inflection = "^0.5.1" # necessary for DRF schema generation - remove after drf-spectacular [tool.poetry.group.dev.dependencies]