pyproject.toml

[tool.poetry]
name = "notification-api"
version = "0.1.0"
description = "Public-facing REST API for Notification built on the GOV.UK Notify platform."
authors = ["Canadian Digital Service"]
license = "MIT license"
readme = "README.md"
packages = []

[tool.pylint]
disable = ["missing-class-docstring", "missing-function-docstring"]

[build-system]
requires = ["poetry-core>=1.7.1"]
build-backend = "poetry.core.masonry.api"

[tool.poetry.dependencies]
python = "~3.12.7"
apig-wsgi = "2.18.0"
aws-embedded-metrics = "1.0.8"
aws-xray-sdk = "2.14.0"
# PaaS
awscli-cwlogs = "1.4.6"
boto = "2.49.0"

cachelib = "0.12.0"
celery = {extras = ["sqs"], version = "5.6.3"}
# Pin kombu to merge of PR #2342 (SQS fair queue / MessageGroupId support) until kombu 5.7 is released
kombu = { git = "https://github.com/celery/kombu.git", rev = "860e40a6c904c4d8551577d9f4e8c00f03b6e06c" }

# Pinned dependencies
certifi = "^2024.0.0" # pinned for security reasons: https://github.com/cds-snc/notification-api/security/dependabot/119
cffi = "2.0.0"
click-datetime = "0.2"
docopt = "0.6.2"
environs = "9.5.0"       # pyup: <9.3.3 # marshmallow v3 throws errors"
fido2 = "^2.2.0"
#git+https://github.com/mitsuhiko/flask-sqlalchemy.git@500e732dd1b975a56ab06a46bd1a20a21e682262#egg=Flask-SQLAlchemy==2.3.2.dev20190108
Flask = "2.3.3"
Flask-Bcrypt = "1.0.1"
flask-marshmallow = "0.14.0"
Flask-Migrate = "2.7.0"
Flask-SQLAlchemy = { git = "https://github.com/pallets-eco/flask-sqlalchemy.git", rev = "500e732dd1b975a56ab06a46bd1a20a21e682262" }
gevent = "23.9.1" # See if we can get rid of it now that we use gthread
greenlet = "3.1.1"

gunicorn = "23.0.0"
# Pinned dependencies
idna = "3.7" # pinned to align with test moto dependency requirements (for <=2.9)
iso8601 = "2.1.0"
urllib3 = ">=2.6.3,<3" # Pinned this transitive dependency to resolve a number of high security vulnerabilities: https://github.com/cds-snc/notification-api/pull/2806
# REVIEW: v2 is using sha512 instead of sha1 by default (in v1)
itsdangerous = "2.2.0"
jsonschema = "3.2.0"
MarkupSafe = "2.1.5"
marshmallow = "3.22.0"
marshmallow-sqlalchemy = "0.30.0"
more-itertools = "8.14.0"
nanoid = "2.0.0"
notifications-python-client = "6.4.1"
opentelemetry-instrumentation-celery = "0.55b1"
opentelemetry-instrumentation-flask = "0.55b1"
opentelemetry-instrumentation-redis = "0.55b1"
opentelemetry-instrumentation-sqlalchemy = "0.55b1"
notifications-utils = { git = "https://github.com/cds-snc/notifier-utils.git", branch = "renovate/pypi-cryptography-vulnerability"}
pre-commit = "^3.7.1"
psycopg2-binary = "2.9.11"
pwnedpasswords = "2.0.0"
pyairtable = "^3.3.0"
PyJWT = "2.12.0"
python-dotenv = "1.0.1"
python-magic = "0.4.27"
pytz = "2021.3"
PyYAML = "6.0.3"
simple-salesforce = "^1.12.3"
SQLAlchemy = "1.4.54"
tldextract = "3.5.0"
types-psycopg2 = "^2.9.21.20250516"
# rsa = "4.9  # awscli 1.22.38 depends on rsa<4.8
typing-extensions = "4.12.2"
unidecode = "1.3.8"
# Putting upgrade on hold due to new version introducing breaking changes
Werkzeug = "3.0.6"

[tool.poetry.group.test.dependencies]
coveralls = "3.3.1"
fakeredis = { version = "2.35.1", extras = ["lua"] }
freezegun = "1.5.5"
gprof2dot = "2024.6.6"
# used for creating manifest file locally
jinja2-cli = { extras = ["yaml"], version = "0.8.2" }
locust = "2.31.3"
moto = "4.2.14"
mypy = "1.5"
networkx = "2.8.8" # not directly required, pinned by Snyk to avoid a vulnerability
pytest = "7.4.4"
pytest-cov = "3.0.0"
pytest-env = "0.8.2"
pytest-mock = "3.14.0"
pytest-mock-resources = { extras = ["redis"], version = "2.12.4" }
pytest-xdist = "2.5.0"
requests-mock = "1.12.1"
rfc3987 = "1.3.8"
ruff = "^0.8.2"
snakeviz = "2.2.2"
sortedcontainers = "2.4.0"
sqlalchemy2-stubs = "0.0.2a38"                                     # not directly required, pinned by Snyk to avoid a vulnerability
# optional requirements for jsonschema
strict-rfc3339 = "0.7"
tornado = ">=6.5" #  Pinning due to: https://github.com/cds-snc/notification-api/security/dependabot/251
types-boto = "2.49.18.20241019"
types-mock = "4.0.15.2"
types-python-dateutil = "2.9.0.20251115"
types-pytz = "2022.7.1.2"
types-redis = "4.6.0.20241004"
types-requests = "2.32.4.20250913"


[tool.ruff]
target-version = "py312"
exclude = [
    "venv*",
    "__pycache__",
    "node_modules",
    "cache",
    "migrations",
    "build",
    "site-packages"
]
extend-include = ['(app|migrations|tests)/.*\.pyi?$']
src = ["app", "migrations", "tests"]
# Ruff formatter will wrap lines at a length of 130 characters.
line-length = 130
indent-width = 4

[tool.ruff.lint]
select = [
    "F", # Ruff: Enable PyFlakes rules
    "E", # Ruff: Enable pycodestyle rules
    "W", # Ruff: Enable pycodestyle rules
    "I001", # isort: Unused imports
    "I002", # isort: Missing imports
]
ignore = [
    "D101", # Missing docstring in public class
    "D102", # Missing docstring in public method
    "D103", # Missing docstring in public function
    "E203", # Whitespace before punctuation
    "E501", # Line too long (Ignored in favour of Ruff's line-length)
    "E402", # module-import-not-at-top-of-file
]

# Provide line length leeway for docstrings
[tool.ruff.lint.pycodestyle]
max-doc-length = 170
# Enforce doc string format? (google, numpy or pep257)
# convention = "google"

[tool.ruff.format]
# Match black formatting
# Double quotes for strings.
quote-style = "double"
# Indent with spaces, rather than tabs.
indent-style = "space"
# Respect magic trailing commas.
skip-magic-trailing-comma = false
# Automatically detect the appropriate line ending.
line-ending = "auto"