Story: Update requirements to latest to handle dependency issues

[jlchilders11]

Summary & Context

Updates requirements.txt and requirements-dev.txt to the latest versions to resolve dependabot issues.

Changes

• Upgrade all packages per requirements-in
• Update django-health-check to 4.x: https://codingjoe.dev/django-health-check/migrate-to-v4/

‼️ Risks & Considerations ‼️

Please list any potential risks or areas that need extra attention during review/testing

• While automated tests and spot checks were performed, this touches on a number of different parts of the site.

Summary by CodeRabbit

• Chores
  • Updated development and runtime dependencies to newer pinned versions to improve security, compatibility, and tooling.
• Chores
  • Refined the health check setup by removing specific health-check sub-components and updating the /health/ endpoint to explicitly enumerate monitored checks (cache, database, mail, storage, plus select platform/3rd-party signals).

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 177f5379-8175-497e-a069-48ca94db82b6

📥 Commits

Reviewing files that changed from the base of the PR and between 5c24376 and b581246.

📒 Files selected for processing (2)

• requirements.in
• requirements.txt

🚧 Files skipped from review as they are similar to previous changes (2)

• requirements.in
• requirements.txt

---

📝 Walkthrough

Walkthrough

The PR refactors health check configuration to use explicit checks instead of auto-discovery, removes health check sub-apps from installation, and updates development and production dependency versions via lock file regeneration.

Changes

Health check configuration refactor

Layer / File(s)	Summary
Health check app installation config/settings.py	INSTALLED_APPS removes health_check.db and health_check.contrib.celery sub-apps, leaving only the base health_check app.
Health check endpoint with explicit checks config/urls.py	HealthCheckView is imported and the /health/ route is updated to use HealthCheckView.as_view() with an explicit checks list enumerating Cache, Database, Mail, Storage, psutil disk/memory, and celery ping checks, replacing the previous include("health_check.urls") auto-discovery approach.

Dependency version updates

Layer / File(s)	Summary
Development dependencies requirements-dev.txt	Django is bumped from 6.0.2 to 6.0.6 and django-debug-toolbar from 6.2.0 to 6.3.0.
Source dependency pinning requirements.in	greenlet and gevent are pinned to version ranges ~=3.3.1 and ~=25.9.1 respectively, and gunicorn is pinned to ==25.0.1.
Compiled production dependencies requirements.txt	Lock file is regenerated via uv pip compile with broad version updates across async/networking packages (aiohttp, anyio, urllib3, responses, httpx), cryptography/security libraries (cryptography, pyjwt), Django and Wagtail ecosystem (django, django-allauth, django-anymail, django-redis, django-storages, wagtail, wagtail-markdown), provider SDKs (openai, slack-sdk), developer tooling (ipython, jedi), data libraries (pydantic, marshmallow, numpy, matplotlib, lxml, pillow), and test/tooling stack (pytest, pytest-django, pytest-cov, playwright, black, pre-commit).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A rabbit hops through health checks with glee,
Removing the sub-apps that cluttered the tree,
Now views take the stage with checks explicit and clear,
While dependencies dance to their latest frontier! 🚀✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title accurately describes the main objective—updating requirements to the latest versions to handle dependency issues. It directly reflects the core change across multiple dependency files.
Description check	✅ Passed	The description covers the essential context, changes, and risks but is missing required sections like issue number, Figma link, and screenshots/self-review checklist expected per the repository template.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch jc/dependency-upgrades

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@requirements.txt`:
- Line 179: The HealthCheckView.as_view(checks=...) call must receive
fully-qualified check class path strings and any optional contrib modules must
be installed; open the HealthCheckView.as_view invocation (the checks=
parameter) and replace/verify the entries are the v4.x fully-qualified strings
like "health_check.Cache", "health_check.Database", "health_check.Mail",
"health_check.Storage", "health_check.contrib.psutil.Disk",
"health_check.contrib.psutil.Memory", "health_check.contrib.celery.Ping" (or
remove ones you don't support), and ensure required extras (psutil, celery) are
present in requirements.txt so imports succeed at runtime.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 3272196a-653d-4bf0-8a2d-d38f8f0796a6

📥 Commits

Reviewing files that changed from the base of the PR and between 00a8e72 and f23fc7b.

📒 Files selected for processing (4)

• config/settings.py
• config/urls.py
• requirements-dev.txt
• requirements.txt

💤 Files with no reviewable changes (1)

• config/settings.py

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify django-health-check 4.4.2 check names are still valid

# Check the migration guide and 4.x documentation
echo "=== Checking django-health-check version 4.4.2 availability ==="
curl -s https://pypi.org/pypi/django-health-check/json | jq -r '.releases | keys[] | select(startswith("4."))' | sort -V | tail -5

# Check if the package was released
curl -s https://pypi.org/pypi/django-health-check/4.4.2/json | jq -r '.info.version // "Version not found"'

Repository: boostorg/website-v2

Length of output: 163

---

🌐 Web query:

django-health-check 4.x check class names and paths

💡 Result:

In Django HealthCheck version 4.x, health check classes are configured explicitly within the HealthCheckView by passing a list of class paths to the checks argument [1][2]. These paths are strings that reference the Python module where the health check class is defined [1][3]. Common Built-in Check Class Paths The following are the standard paths for health checks included in the core package: health_check.Cache health_check.Database health_check.DNS health_check.Mail health_check.Storage Contribution (Optional) Check Paths Additional checks provided in the contrib sub-modules require their respective dependencies to be installed [1][2]: health_check.contrib.psutil.Disk health_check.contrib.psutil.Memory health_check.contrib.celery.Ping health_check.contrib.kafka.Kafka health_check.contrib.rabbitmq.RabbitMQ health_check.contrib.redis.Redis health_check.contrib.rss.AWS Configuration Example You configure these in your urls.py by importing HealthCheckView and specifying the list [1][2]: from django.urls import path from health_check.views import HealthCheckView urlpatterns = [ path("health/", HealthCheckView.as_view( checks=[ "health_check.Database", "health_check.Cache", "health_check.contrib.redis.Redis", ])), ] You can also pass a tuple containing the class path and a dictionary of configuration options if the check requires initialization arguments [2][3]: path("health/", HealthCheckView.as_view( checks=[ ("health_check.contrib.redis.Redis", {"client_factory": my_redis_client_factory}), ])), If you are migrating from older versions (v3.x and below), ensure you have removed the health_check.* sub-apps from your INSTALLED_APPS (keeping only health_check) and removed any HEALTH_CHECK_* settings, as these are no longer used in v4.x [1].

Citations:

• 1: https://codingjoe.dev/django-health-check/migrate-to-v4/
• 2: https://codingjoe.dev/django-health-check/install/
• 3: 🐛 Setting up the health check view with an empty plugin list uses all default plugins instead codingjoe/django-health-check#625

---

Validate django-health-check 4.4.2 check class paths are wired correctly (urls.py).

django-health-check 4.x expects HealthCheckView.as_view(checks=...) to receive fully-qualified check class path strings. The check paths you called out are the standard v4.x built-in/contrib names: health_check.Cache, health_check.Database, health_check.Mail, health_check.Storage, health_check.contrib.psutil.Disk, health_check.contrib.psutil.Memory, health_check.contrib.celery.Ping.
Main remaining risk is that config/urls.py (lines 183-196) passes these exact strings to HealthCheckView and that any required contrib dependencies (e.g., psutil, celery) are present.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@requirements.txt` at line 179, The HealthCheckView.as_view(checks=...) call
must receive fully-qualified check class path strings and any optional contrib
modules must be installed; open the HealthCheckView.as_view invocation (the
checks= parameter) and replace/verify the entries are the v4.x fully-qualified
strings like "health_check.Cache", "health_check.Database", "health_check.Mail",
"health_check.Storage", "health_check.contrib.psutil.Disk",
"health_check.contrib.psutil.Memory", "health_check.contrib.celery.Ping" (or
remove ones you don't support), and ensure required extras (psutil, celery) are
present in requirements.txt so imports succeed at runtime.

[gregjkal]

LGTM

[jlchilders11]

@kattyode For QA Validation for this ticket, the main concern is site functionality, nothing should visually or functionally change between this and develop.

[kattyode]

@jlchilders11 After the deployment, I'm getting an "Internal Server Error" message on every page of https://www.cppal-dev.boost.org/.

I tested several pages and the same error is displayed consistently. Could you please take a look? Thanks!!

[coderabbitai]

🧹 Nitpick comments (1)

requirements.in (1)

21-23: Confirm that these version pins resolved the reported staging errors and consider using exact pins for critical async infrastructure.

The gevent 25.9.1 and greenlet 3.3.2 versions are compatible (gevent 25.9.1 requires greenlet ≥3.2.2), so version compatibility is not the issue.

However, clarification needed:

1. Evidence of fix: The commit states these pins "fix an async operation issue," but have the Internal Server Errors reported by QA been confirmed as resolved? If so, which errors and how were they verified?
2. Specifier choice: For critical async runtime dependencies like gevent and greenlet that affect the entire gunicorn worker model and monkey-patching behavior (gunicorn.conf.py), consider using exact pins (==) instead of ~=. The current ~= allows patch updates (e.g., greenlet 3.3.1→3.3.2), which may introduce subtle incompatibilities in async/threading edge cases where settings.py already documents known constraints (boto3 deadlock).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@requirements.in` around lines 21 - 23, Change the version specifiers for the
critical async infrastructure dependencies greenlet and gevent from the flexible
release clause (~=) to exact version pins (==). Replace greenlet~=3.3.1 with
greenlet==3.3.1 and gevent~=25.9.1 with gevent==25.9.1 to prevent patch-level
updates that could introduce subtle incompatibilities in async and threading
behavior, especially given the known constraints documented in settings.py
regarding the boto3 deadlock issue and the monkey-patching behavior in
gunicorn.conf.py. Additionally, provide evidence or verification that these
specific versions resolved the Internal Server Errors reported by QA during
staging.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@requirements.in`:
- Around line 21-23: Change the version specifiers for the critical async
infrastructure dependencies greenlet and gevent from the flexible release clause
(~=) to exact version pins (==). Replace greenlet~=3.3.1 with greenlet==3.3.1
and gevent~=25.9.1 with gevent==25.9.1 to prevent patch-level updates that could
introduce subtle incompatibilities in async and threading behavior, especially
given the known constraints documented in settings.py regarding the boto3
deadlock issue and the monkey-patching behavior in gunicorn.conf.py.
Additionally, provide evidence or verification that these specific versions
resolved the Internal Server Errors reported by QA during staging.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: b7cccb8b-067d-458b-b4c0-d8598e8db6db

📥 Commits

Reviewing files that changed from the base of the PR and between b12ef6d and 5c24376.

📒 Files selected for processing (2)

• requirements.in
• requirements.txt

🚧 Files skipped from review as they are similar to previous changes (1)

• requirements.txt