fix: lib dependencies

[ruuushhh]

Description

fix: lib dependencies

Clickup

https://app.clickup.com/t/86cxpz7m3

Summary by CodeRabbit

• Dependency Updates

  • Upgraded multiple packages, including Django from 3.1.14 to 4.2.18
  • Updated testing packages like pytest, pytest-cov, and pytest-django
  • Upgraded Sentry SDK, gevent, and other dependencies to newer versions

• Configuration Changes

  • Removed CorsPostCsrfMiddleware from middleware settings
  • Updated application configuration namespace in Django app

[coderabbitai]

Walkthrough

This pull request involves multiple updates across the project, including configuration changes in Django apps, middleware modifications, and a comprehensive upgrade of package dependencies. The changes span configuration files, settings, and the requirements file, focusing on updating package versions, adjusting application namespaces, and removing a specific CORS middleware component.

Changes

File	Change Summary
apps/qbd/apps.py	Updated QbdConfig class name attribute from 'qbd' to 'apps.qbd'
quickbooks_desktop_api/sentry.py	Replaced request_bodies parameter with max_request_body_size in sentry_sdk.init()
quickbooks_desktop_api/settings.py	Removed corsheaders.middleware.CorsPostCsrfMiddleware from middleware stack
quickbooks_desktop_api/tests/settings.py	Removed corsheaders.middleware.CorsPostCsrfMiddleware from middleware stack
requirements.txt	Upgraded multiple package versions, including Django (3.1.14 → 4.2.18), pytest, sentry-sdk, and others

Poem

🐰 A Rabbit's Dependency Dance

Versions hop and packages leap,
From old to new, a digital sweep
Middleware trimmed, configs refined
Django's path now carefully aligned
Upgrade complete, with whiskers bright! 🚀

Finishing Touches

• 📝 Generate Docstrings (Beta)

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Tests	Skipped	Failures	Errors	Time
60	0 💤	0 ❌	0 🔥	8.958s ⏱️

[github-actions]

Tests	Skipped	Failures	Errors	Time
60	0 💤	0 ❌	0 🔥	9.425s ⏱️

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

requirements.txt (1)

Line range hint 5-47: Recommendation: Stage the dependency updates.

Given the significant number of major version updates, consider:

1. Staging these updates in smaller batches
2. Testing each batch thoroughly
3. Starting with the Django upgrade separately

This approach would:

• Reduce risk of breaking changes
• Make issues easier to isolate
• Allow for proper testing of each major change

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0d8f10f and 71e8710.

📒 Files selected for processing (5)

• apps/qbd/apps.py (1 hunks)
• quickbooks_desktop_api/sentry.py (1 hunks)
• quickbooks_desktop_api/settings.py (0 hunks)
• quickbooks_desktop_api/tests/settings.py (0 hunks)
• requirements.txt (2 hunks)

💤 Files with no reviewable changes (2)

• quickbooks_desktop_api/settings.py
• quickbooks_desktop_api/tests/settings.py

✅ Files skipped from review due to trivial changes (1)

• apps/qbd/apps.py

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: pytest
• GitHub Check: pytest

🔇 Additional comments (4)

quickbooks_desktop_api/sentry.py (1)

19-19: Verify the sentry-sdk parameter change.

The change from request_bodies to max_request_body_size aligns with the breaking changes introduced in newer versions of sentry-sdk.

Let's verify this is the correct parameter name for sentry-sdk 2.19.2:

✅ Verification successful

Parameter change to max_request_body_size is correct

The change aligns with sentry-sdk 2.19.2 and uses the valid value 'small' for controlling request body size limits.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check sentry-sdk documentation for the correct parameter name
# Note: This will help confirm if max_request_body_size is the correct parameter

curl -s https://docs.sentry.io/platforms/python/configuration/options/ | grep -A 5 "max_request_body_size"

Length of output: 77958

---

Script:

#!/bin/bash
# Search for max_request_body_size usage in the codebase
rg -A 3 "max_request_body_size" --type python

# Also check for any imports or usage of sentry_sdk to verify version
rg -A 2 "sentry_sdk" --type python

Length of output: 142

---

Script:

#!/bin/bash
# Search for max_request_body_size usage without type filtering
rg "max_request_body_size"

# Look for sentry_sdk imports and version requirements
rg "sentry_sdk"
rg "sentry-sdk" requirements.txt || rg "sentry-sdk" setup.py || find . -name "requirements*.txt" -exec grep -l "sentry-sdk" {} \;

Length of output: 373

requirements.txt (3)

Line range hint 5-47: Security: Verify no known vulnerabilities.

With multiple package updates, let's verify there are no known security issues in the specified versions.

✅ Verification successful

✅ All packages are using secure versions with no known vulnerabilities

The specified versions in requirements.txt are up-to-date with security patches, including Django 4.2.18 which contains the latest security fixes. No unpatched vulnerabilities were found in any of the dependencies.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for known vulnerabilities in the updated packages

# Check PyPI for security advisories
for pkg in Django django-cors-headers djangorestframework django-filter gevent gunicorn psycopg2-binary pytest sendgrid sentry-sdk; do
  echo "Checking $pkg..."
  gh api graphql -f query='{
    securityVulnerabilities(first: 5, ecosystem: PIP, package: "'$pkg'") {
      nodes {
        advisory {
          summary
          severity
          publishedAt
        }
        vulnerableVersionRange
        firstPatchedVersion {
          identifier
        }
      }
    }
  }'
done

Length of output: 8823

---

2-2: Review package compatibility matrix.

Multiple packages have significant version jumps. Please verify:

1. All packages are compatible with Django 4.2
2. No conflicts between package versions
3. All packages support Python version in use

Key version jumps to verify:

• croniter: 1.3.8 → 6.0.0
• django-cors-headers: 3.2.0 → 4.6.0
• django-filter: 21.1 → 24.3
• gevent: 23.9.1 → 24.11.1
• pytest and related packages

Also applies to: 6-7, 9-10, 16-16, 19-20, 31-31, 37-37, 40-43, 46-47

✅ Verification successful

All package versions are compatible, minimum Python 3.9 required

• All Django-dependent packages explicitly support Django 4.2
• No conflicts detected between package versions
• System must use Python 3.9 or higher due to requirements from gevent and django-cors-headers

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check package compatibility with Django 4.2

# Get Python version
python --version

# Check package classifiers for Django compatibility
for pkg in croniter django-cors-headers django-filter gevent pytest pytest-django; do
  echo "Checking $pkg..."
  curl -s "https://pypi.org/pypi/$pkg/json" | jq -r '.info.classifiers[] | select(contains("Django"))'
done

Length of output: 1909

---

Script:

#!/bin/bash
# Check Python version requirements and dependencies

for pkg in croniter==6.0.0 django-cors-headers==4.6.0 django-filter==24.3 gevent==24.11.1 pytest pytest-django; do
  echo "=== $pkg ==="
  curl -s "https://pypi.org/pypi/${pkg%%=*}/json" | jq -r '.info | {"requires_python", "requires_dist"}'
done

# Check if requirements.txt specifies Python version
echo -e "\nPython version in requirements:"
fd "requirements.txt" --exec cat {} \; | grep -i "python"

Length of output: 4532

---

5-5: ⚠️ Potential issue

Critical: Verify Django 4.x compatibility.

The upgrade from Django 3.1 to 4.2 is a major version jump that may require code changes. Please ensure:

1. All deprecated features from Django 3.x have been addressed
2. Database migrations are compatible
3. Third-party packages support Django 4.2

Let's check for potential compatibility issues:

✅ Verification successful

Django 4.2 upgrade appears compatible with the codebase

The codebase follows modern Django patterns and doesn't use any deprecated features from Django 3.x. Key observations:

• Using modern URL routing with path()
• Standard middleware configuration
• No deprecated utility imports
• Proper authentication setup

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for common Django 3.x patterns that might need updates for 4.x

# Check for common deprecated patterns
rg "django.utils.translation.ugettext" 
rg "django.utils.translation.ugettext_lazy"
rg "django.conf.urls.url"
rg "django.utils.encoding.force_text"

Length of output: 146

---

Script:

#!/bin/bash
# Check for Django-specific patterns that might need updates

# Check settings and database configurations
rg "DATABASES.*'ENGINE'" -A 5
rg "MIDDLEWARE.*=.*\[" -A 10

# Check URL patterns and authentication
rg "urlpatterns.*=.*\[" -A 5
rg "AUTHENTICATION_BACKENDS"

# Check template configurations
rg "TEMPLATES.*=.*\[" -A 10

# Check for specific Django imports that might need updates
ast-grep --pattern 'from django.utils import encoding'
ast-grep --pattern 'from django.utils.translation import gettext'

Length of output: 5852

---

Script:

#!/bin/bash
# Final check for Django 4.x compatibility patterns

# Check database configuration
rg "DATABASES.*=.*{" -A 10

# Check for potential model-related issues
ast-grep --pattern 'class Meta:'
ast-grep --pattern 'class $name(models.Model):'

# Check auth configuration
rg "AUTH_" 
rg "REST_FRAMEWORK.*=.*{" -A 10

Length of output: 1099