Draft PR for Update all Dependencys (after Drop of Python 3.6)

.circleci/config.yml

@@ -43,9 +43,9 @@ jobs:
   # Run st2 Integration tests
   integration:
     docker:
-      - image: circleci/python:3.6
+      - image: circleci/python:3.8
       - image: mongo:4.0
-      - image: rabbitmq:3
+      - image: rabbitmq:3.1
     working_directory: ~/st2
     steps:
       - checkout
@@ -79,9 +79,9 @@ jobs:
   # Run st2 Lint Checks
   lint:
     docker:
-      - image: circleci/python:3.6
+      - image: circleci/python:3.8
       - image: mongo:4.0
-      - image: rabbitmq:3
+      - image: rabbitmq:3.1
     working_directory: ~/st2
     steps:
       - checkout
@@ -113,7 +113,7 @@ jobs:
     resource_class: large
     docker:
       # The primary container is an instance of the first list image listed. Your build commands run in this container.
-      - image: circleci/python:3.6
+      - image: circleci/python:3.8
     working_directory: ~/st2
     environment:
       - DISTROS: "bionic focal el7 el8"

.github/workflows/ci.yaml

@@ -54,14 +54,6 @@ jobs:
         # NOTE: We need to use full Python version as part of Python deps cache key otherwise
         # setup virtualenv step will fail.
         include:
-          - name: 'Lint Checks (black, flake8, etc.)'
-            task: 'ci-checks'
-            python-version-short: '3.6'
-            python-version: '3.6.13'
-          - name: 'Compile (pip deps, pylint, etc.)'
-            task: 'ci-compile'
-            python-version-short: '3.6'
-            python-version: '3.6.13'
           - name: 'Lint Checks (black, flake8, etc.)'
             task: 'ci-checks'
             python-version-short: '3.8'
@@ -312,18 +304,6 @@ jobs:
         # NOTE: To speed the CI run, we split unit and integration tests into multiple jobs where
         # each job runs subset of tests.
         include:
-          - name: 'Unit Tests (chunk 1)'
-            task: 'ci-unit'
-            nosetests_node_total: 2
-            nosetests_node_index: 0
-            python-version-short: '3.6'
-            python-version: '3.6.13'
-          - name: 'Unit Tests (chunk 2)'
-            task: 'ci-unit'
-            nosetests_node_total: 2
-            nosetests_node_index: 1
-            python-version-short: '3.6'
-            python-version: '3.6.13'
           - name: 'Unit Tests (chunk 1)'
             task: 'ci-unit'
             nosetests_node_total: 2
@@ -499,24 +479,6 @@ jobs:
         include:
           # We run pack tests here since they rely on some integration tests set
           # up (aka stanley user being present, etc.)
-          - name: 'Pack Tests'
-            task: 'ci-packs-tests'
-            nosetests_node_total: 1
-            nosetests_node_index: 0
-            python-version-short: '3.6'
-            python-version: '3.6.13'
-          - name: 'Integration Tests (chunk 1)'
-            task: 'ci-integration'
-            nosetests_node_total: 2
-            nosetests_node_index: 0
-            python-version-short: '3.6'
-            python-version: '3.6.13'
-          - name: 'Integration Tests (chunk 2)'
-            task: 'ci-integration'
-            nosetests_node_total: 2
-            nosetests_node_index: 1
-            python-version-short: '3.6'
-            python-version: '3.6.13'
           - name: 'Pack Tests'
             task: 'ci-packs-tests'
             nosetests_node_total: 1

.github/workflows/microbenchmarks.yaml

@@ -34,12 +34,6 @@ jobs:
         # NOTE: We need to use full Python version as part of Python deps cache key otherwise
         # setup virtualenv step will fail.
         include:
-          - name: 'Microbenchmarks'
-            task: 'micro-benchmarks'
-            nosetests_node_total: 1
-            nosetests_node_index: 0
-            python-version-short: '3.6'
-            python-version: '3.6.13'
           - name: 'Microbenchmarks'
             task: 'micro-benchmarks'
             nosetests_node_total: 1

.github/workflows/orquesta-integration-tests.yaml

@@ -55,12 +55,6 @@ jobs:
         # NOTE: We need to use full Python version as part of Python deps cache key otherwise
         # setup virtualenv step will fail.
         include:
-          - name: 'Integration Tests (Orquesta)'
-            task: 'ci-orquesta'
-            nosetests_node_total: 1
-            nosetests_node_index: 0
-            python-version: '3.6.13'
-            python-version-short: '3.6'
           - name: 'Integration Tests (Orquesta)'
             task: 'ci-orquesta'
             nosetests_node_total: 1

.github/workflows/test.yaml

@@ -32,9 +32,6 @@ jobs:
         # NOTE: We need to use full Python version as part of Python deps cache key otherwise
         # setup virtualenv step will fail.
         include:
-          - name: 'Test (pants runs: pytest)'
-            python-version-short: '3.6'
-            python-version: '3.6.13'
           - name: 'Test (pants runs: pytest)'
             python-version-short: '3.8'
             python-version: '3.8.10'
@@ -49,7 +46,7 @@ jobs:
           - 27017:27017
 
       rabbitmq:
-        image: rabbitmq:3.8-management
+        image: rabbitmq:3.13-rc-management
         options: >-
           --name rabbitmq
         ports:

CHANGELOG.rst

@@ -82,6 +82,7 @@ Changed
 * Remove `distutils` dependencies across the project. #5992
   Contributed by @AndroxxTraxxon
 
+
 3.8.0 - November 18, 2022
 -------------------------
 

Makefile

@@ -56,7 +56,7 @@ REQUIREMENTS := test-requirements.txt requirements.txt
 
 # Pin common pip version here across all the targets
 # Note! Periodic maintenance pip upgrades are required to be up-to-date with the latest pip security fixes and updates
-PIP_VERSION ?= 20.3.3
+PIP_VERSION ?= 22.0.4
 SETUPTOOLS_VERSION ?= 51.3.3
 PIP_OPTIONS := $(ST2_PIP_OPTIONS)
 

conf/st2.conf.sample

@@ -153,8 +153,6 @@ ssl_cert_reqs = None
 ssl_certfile = None
 # Private keyfile used to identify the local connection against MongoDB.
 ssl_keyfile = None
-# If True and `ssl_cert_reqs` is not None, enables hostname verification
-ssl_match_hostname = True
 # username for db login
 username = None
 # Compression level when compressors is set to zlib. Valid values are -1 to 9. Defaults to 6.

contrib/packs/actions/pack_mgmt/unload.py

@@ -65,7 +65,6 @@ def initialize(self):
             ssl_cert_reqs=cfg.CONF.database.ssl_cert_reqs,
             ssl_ca_certs=cfg.CONF.database.ssl_ca_certs,
             authentication_mechanism=cfg.CONF.database.authentication_mechanism,
-            ssl_match_hostname=cfg.CONF.database.ssl_match_hostname,
         )
 
     def run(self, packs):

contrib/runners/orquesta_runner/in-requirements.txt

@@ -1 +1 @@
-orquesta@ git+https://github.com/StackStorm/orquesta.git@v1.6.0
+orquesta@ git+https://github.com/philipphomberger/orquesta.git@feature/3.9

contrib/runners/orquesta_runner/requirements.txt

@@ -5,4 +5,4 @@
 # If you want to update depdencies for a single component, modify the
 # in-requirements.txt for that component and then run 'make requirements' to
 # update the component requirements.txt
-orquesta@ git+https://github.com/StackStorm/orquesta.git@v1.6.0
+orquesta@ git+https://github.com/philipphomberger/orquesta.git@feature/3.9

contrib/runners/winrm_runner/requirements.txt

@@ -5,4 +5,4 @@
 # If you want to update depdencies for a single component, modify the
 # in-requirements.txt for that component and then run 'make requirements' to
 # update the component requirements.txt
-pywinrm==0.4.1
+pywinrm==0.4.3

fixed-requirements.txt

@@ -1,35 +1,35 @@
 # Packages versions fixed for the whole st2 stack
 # Note: amqp is used by kombu
 amqp==5.0.6
-apscheduler==3.7.0
-# requests 2.23 requires chardet < 3.1.0
-chardet<3.1.0
-cffi<1.15.0
+apscheduler==3.10.4
+# orquesta 1.6.0 depends on chardet<4.0.0 and >=3.0.2 need update first
+chardet==5.2.0
+cffi==1.16.0
 # NOTE: 2.0 version breaks pymongo work with hosts
 dnspython>=1.16.0,<2.0.0
-cryptography==39.0.1
+cryptography==41.0.7
 # Note: 0.20.0 removed select.poll() on which some of our code and libraries we
 # depend on rely
 eventlet==0.33.3
 flex==6.14.1
-# Note: installs gitpython==3.1.37 (security fixed) under py3.8 and gitpython==3.1.18 (latest available, vulnerable) under py3.6
-# TODO: Pin to 3.1.37 or higher after dropping python3.6 support
-gitpython<=3.1.37
+gitpython==3.1.40
 # Needed by gitpython, old versions used to bundle it
-gitdb==4.0.2
+gitdb==4.0.11
 # Note: greenlet is used by eventlet
-greenlet==1.0.0
+greenlet==3.0.1
 gunicorn==21.2.0
 jsonpath-rw==1.4.0
 jsonschema==2.6.0
-kombu==5.0.2
+# jsonschema Orecheste Update needed for newest Version.
+# jsonschema error in nwer version shema._validators' has no attribute 'properties_draft4'
+kombu==5.2.0
 lockfile==0.12.2
 # Fix MarkupSafe to < 2.1.0 as 2.1.0 removes soft_unicode
 # >=0.23 was from jinja2
 MarkupSafe<2.1.0,>=0.23
 mongoengine==0.23.0
 # required by orquesta (networkx<2.6 for py3.6, networkx<3 for py3.8)
-networkx<3
+networkx
 # networkx requires decorator>=4.3,<5 which should resolve to version 4.4.2
 # but the wheel on pypi does not say it supports python3.8, so pip gets
 # confused. For now, pin decorator to work around pip's confusion.
@@ -38,49 +38,48 @@ decorator==4.4.2
 # See https://github.com/StackStorm/st2/issues/4160#issuecomment-394386433 for details
 oslo.config>=1.12.1,<1.13
 oslo.utils<5.0,>=4.0.0
-# paramiko 2.11.0 is needed by cryptography > 37.0.0
-paramiko==2.11.0
+# newer version of oslo make problems in the unit test cases.
+paramiko==3.3.1
 passlib==1.7.4
 prompt-toolkit==1.0.15
+# Newer version not working AttributeError: module 'prompt_toolkit.token' has no attribute 'Token'
 pyinotify==0.9.6 ; platform_system=="Linux"
 pymongo==3.11.3
-pyparsing<3
-zstandard==0.15.2
-# pyOpenSSL 23.1.0 supports cryptography up to 40.0.x
-pyOpenSSL==23.1.0
+pyparsing==3.1.1
+zstandard==0.22.0
+pyOpenSSL==23.3.0
 python-editor==1.0.4
-python-keyczar==0.716
-pytz==2021.1
-pywinrm==0.4.1
-pyyaml==5.4.1
-redis==4.1.4
-requests[security]==2.25.1
-retrying==1.3.3
-routes==2.4.1
-semver==2.13.0
-six==1.13.0
-argparse==1.12.2
+pytz==2023.3.post1
+pywinrm==0.4.3
+pyyaml==6.0.1
+redis==5.0.1
+requests==2.31.0
+retrying==1.3.4
+routes==2.5.1
+semver==3.0.2
+six==1.16.0
+argparse==1.4.0
 # Note: argcomplete 1.12.3 supports importlib-metadata<5
-argcomplete==1.12.3
+argcomplete==3.1.6
 prettytable==2.1.0
 # Note: installs importlib-metadata==4.10.1 (security fixed) under py3.8 and importlib-metadata==4.8.3 (latest available, vulnerable) under py3.6
 # TODO: Pin to 4.10.1 or higher after dropping python3.6 support
-importlib-metadata>=4.8.3,<=4.10.1
+importlib-metadata==7.0.0
 # importlib-metadata requires typing-extensions but v4.2.0 requires py3.7+
-typing-extensions<4.2
+typing-extensions==4.8.0
 # NOTE: sseclient has various issues which sometimes hang the connection for a long time, etc.
 sseclient-py==1.7
-stevedore==1.30.1
+stevedore==5.1.0
 tenacity>=3.2.1,<7.0.0
-tooz==2.8.0
+tooz==4.3.0
 # Note: virtualenv embeds wheels for pip, wheel, and setuptools. So pinning virtualenv pins those as well.
 # virtualenv==20.4.0 (<21) has pip==20.3.3 wheel==0.36.2 setuptools==51.3.3
 virtualenv==20.4.0
 webob==1.8.7
 zake==0.2.2
 # test requirements below
 bcrypt==3.2.0
-jinja2==2.11.3
+Jinja2==3.1.2
 mock==4.0.3
 nose-timer==1.0.1
 nose-parallel==0.4.0

lockfiles/st2.lock

@@ -2280,7 +2280,7 @@
             "chardet<4.0.0,>=3.0.2",
             "eventlet",
             "jsonschema!=2.5.0,<3.0.0,>=2.0.0",
-            "networkx<2.6,>=2.5.1",
+            "networkxnetworkx<3,>=2.6,
             "python-dateutil",
             "six>=1.9.0",
             "stevedore>=1.3.0",

pants.toml

@@ -108,8 +108,8 @@ enable_resolves = true
 default_resolve = "st2"
 interpreter_constraints = [
   # python_distributions needs a single constraint (vs one line per python version).
-  # officially, we exclude 3.7 support, but that adds unnecessary complexity: "CPython>=3.6,!=3.7.*,<3.10",
-  "CPython>=3.6,<3.10",
+  # officially, we exclude 3.7 support, but that adds unnecessary complexity: "CPython>=3.8,!=3.7.*,<3.10",
+  "CPython>=3.8,<3.10",
   # NB: constraints for tools defined below
 ]
 
@@ -128,19 +128,19 @@ twine = "lockfiles/twine.lock"
 
 [python.resolves_to_interpreter_constraints]
 # for tools, we have to include constraints for st2 and pants-plugins
-bandit = ["CPython>=3.6,<3.10"]
-black = ["CPython>=3.6.2,<3.10"] # black doesn't support <3.6.2
-flake8 = ["CPython>=3.6,<3.10"]
+bandit = ["CPython>=3.8,<3.10"]
+black = ["CPython>=3.8.2,<3.10"] # black doesn't support <3.6.2
+flake8 = ["CPython>=3.8,<3.10"]
 pants-plugins = [
   # this should match the pants interpreter_constraints:
   # https://github.com/pantsbuild/pants/blob/2.14.x/pants.toml#L125
   # See: https://www.pantsbuild.org/docs/prerequisites
   "CPython>=3.7,<3.10",
 ]
-pylint = ["CPython>=3.6,<3.10"]
-pytest = ["CPython>=3.6,<3.10"]
-setuptools = ["CPython>=3.6,<3.10"]
-twine = ["CPython>=3.6,<3.10"]
+pylint = ["CPython>=3.8,<3.10"]
+pytest = ["CPython>=3.8,<3.10"]
+setuptools = ["CPython>=3.8,<3.10"]
+twine = ["CPython>=3.8,<3.10"]
 
 [python.resolves_to_constraints_file]
 # Our direct requirements are in requirements-pants.txt;
@@ -188,7 +188,7 @@ requirements = ["bandit", "setuptools", "GitPython"] # versions in BUILD.tools
 install_from_resolve = "black"
 requirements = ["black"] # version in BUILD.tools
 interpreter_constraints = [
-  "CPython>=3.6.2,<3.10",
+  "CPython>=3.8.2,<3.10",
 ]
 
 [flake8]