Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps-dev): bump django from 4.2.7 to 5.0 #1809

Merged
merged 5 commits into from
Dec 20, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 4, 2023

Bumps django from 4.2.7 to 5.0.

Commits
  • 617bcf6 [5.0.x] Bumped version for 5.0 release.
  • 94914b5 [5.0.x] Finalized release notes for Django 5.0.
  • 8e1b820 [5.0.x] Updated translations from Transifex.
  • e4d7cc3 [5.0.x] Added release date for 4.2.8.
  • cb013fc [5.0.x] Fixed #35002 -- Made UniqueConstraints with fields respect nulls_dist...
  • 6c50273 [5.0.x] Fixed #35001 -- Fixed position of related widget action icons in admi...
  • b8a476b [5.0.x] Improved wording in auth.models.User field docs.
  • 471fa92 [5.0.x] Fixed #34995 -- Improved position of related widget's add link on adm...
  • 9fe12b0 [5.0.x] Refs #34995 -- Made Selenium tests more robust for admin_views and ad...
  • 7f1dc67 [5.0.x] Fixed #35006 -- Fixed migrations crash when altering Meta.db_table_co...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from a team as a code owner December 4, 2023 21:51
@dependabot dependabot bot added the dependencies [auto] Pull requests that update 3rd party software libraries and requirements label Dec 4, 2023
Copy link

github-actions bot commented Dec 4, 2023

Coverage report

The coverage rate went from 90.87% to 90.87% ⬇️
The branch rate is 85%.

None of the new lines are part of the tested code. Therefore, there is no coverage data about them.

@machikoyasuda machikoyasuda self-assigned this Dec 11, 2023
@dependabot dependabot bot force-pushed the dependabot/pip/django-5.0 branch from 5b1af76 to adeefac Compare December 13, 2023 20:35
@machikoyasuda
Copy link
Member

This PR should also update this docs line:
image

@dependabot dependabot bot force-pushed the dependabot/pip/django-5.0 branch from adeefac to 56d7eed Compare December 14, 2023 23:26
machikoyasuda
machikoyasuda previously approved these changes Dec 14, 2023
Copy link
Member

@machikoyasuda machikoyasuda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Went through all these checks: #1417 (review)

@machikoyasuda
Copy link
Member

@angela-tran When you have a chance, do you mind testing this one locally too - just to be safe?

@angela-tran
Copy link
Member

@dependabot rebase

Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 19, 2023

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@machikoyasuda
Copy link
Member

@dependabot recreate

@machikoyasuda
Copy link
Member

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/pip/django-5.0 branch from 3a5b35c to acab922 Compare December 20, 2023 21:54
@machikoyasuda machikoyasuda force-pushed the dependabot/pip/django-5.0 branch from acab922 to 71ff047 Compare December 20, 2023 22:07
| [**Agency cards**](/benefits/enrollment-pathways/agency-cards) | [Eligibility API](https://docs.calitp.org/eligibility-api/specification/) | Live | [11/2022](https://github.com/cal-itp/benefits/releases/tag/2022.11.1) |
| [**Veterans**](/benefits/enrollment-pathways/veterans) | [Veteran Confirmation API](https://developer.va.gov/explore/api/veteran-confirmation) | Live | [09/2023](https://github.com/cal-itp/benefits/releases/tag/2023.09.1) |
| [**Veterans**](/benefits/enrollment-pathways/veterans) | [Veteran Confirmation API](https://developer.va.gov/explore/api/veteran-confirmation) | Live | [09/2023](https://github.com/cal-itp/benefits/releases/tag/2023.09.1) |
Copy link
Member

@machikoyasuda machikoyasuda Dec 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are just spacing changes from the linters.

dependabot bot and others added 3 commits December 20, 2023 14:35
Bumps [django](https://github.com/django/django) from 4.2.7 to 5.0.
- [Commits](django/django@4.2.7...5.0)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
machikoyasuda
machikoyasuda previously approved these changes Dec 20, 2023
@angela-tran
Copy link
Member

@machikoyasuda Local testing for me went fine ✅

Some things from reading over Django 5.0 release notes:

The USE_L10N setting is removed.

Removed it from our settings file in 0abbf67

Executing SQL queries before the app registry has been fully populated now raises RuntimeWarning.

Not sure if this is what they're talking about with "the app registry has been fully populated", but I'm seeing this in our logs now when starting up:

[20/Dec/2023 23:34:47] INFO benefits.oauth.client:51 Registering OAuth clients
/home/calitp/.local/lib/python3.11/site-packages/django/db/backends/utils.py:98: RuntimeWarning: Accessing the database during app initialization is discouraged. To fix this warning, avoid executing queries in AppConfig.ready() or when your app modules are imported.

Not going to block this PR since we haven't had any problems due to this. Just noting why this warning is showing up now.

@angela-tran angela-tran merged commit 24db141 into dev Dec 20, 2023
11 checks passed
@angela-tran angela-tran deleted the dependabot/pip/django-5.0 branch December 20, 2023 23:50
@thekaveman
Copy link
Member

@angela-tran @machikoyasuda:

Executing SQL queries before the app registry has been fully populated now raises RuntimeWarning.

Not sure if this is what they're talking about with "the app registry has been fully populated", but I'm seeing this in our logs now when starting up:

Should we be worried about this / look into it further? What can go wrong if "the app registry has not been fully populated" / what does that even mean?

@angela-tran
Copy link
Member

angela-tran commented Jan 3, 2024

Should we be worried about this / look into it further? What can go wrong if "the app registry has not been fully populated" / what does that even mean?

Looking into this a little further, I found some Django docs that correspond with the RuntimeWarning we're seeing. This section warns against interacting with the database in AppConfig.ready():

image

Our OAuthAppConfig interacts with the database by querying for all AuthProviders.

The "Application intialization process" documentation describes how the app registry gets populated and why "premature database queries are discouraged": https://docs.djangoproject.com/en/5.0/ref/applications/#initialization-process

But I'm not sure if there's a better place for us to register our Authlib configurations.

Maybe we should register each AuthProvider's configuration upon the first attempt to actually use it?

@thekaveman
Copy link
Member

Maybe we should register each AuthProvider's configuration upon the first attempt to actually use it?

🤔 This sounds intriguing....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies [auto] Pull requests that update 3rd party software libraries and requirements
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

3 participants