From 22552eb432d957635e0113ea338f4b85d57ab3ef Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Wed, 15 Oct 2025 13:42:13 -0400
Subject: [PATCH 1/2] General dependency upgrade

dev constraint

Add DRF pin

Add a new check
---
 .github/workflows/ci.yml                      |  4 ++
 pyproject.toml                                | 21 +++++++
 requirements/requirements.in                  |  2 +-
 requirements/requirements_all.txt             | 60 ++++++++++---------
 requirements/requirements_dev.txt             |  4 +-
 .../oauth2_provider/views/test_application.py |  2 +
 6 files changed, 61 insertions(+), 32 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ee5609c9a..e8fc79ed0 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -46,6 +46,10 @@ jobs:
             python-version: "3.12"
             sonar: false
             junit-xml-upload: false
+          - env: py312-in-files
+            python-version: "3.12"
+            sonar: false
+            junit-xml-upload: false
     steps:
       - uses: actions/checkout@v4
         with:
diff --git a/pyproject.toml b/pyproject.toml
index 7246936a3..ccbee09fb 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -105,6 +105,7 @@ legacy_tox_ini = """
         py310-django4
         py311-django4
         py312-django4
+        py312-in-files
     labels =
         test = py312, py310, py311, py311sqlite, py310-django4, py311-django4, py312-django4, check
         lint = flake8, black, isort
@@ -155,6 +156,26 @@ legacy_tox_ini = """
         python -m pip install --upgrade "Django>=4.2.21,<4.3.0"
     docker = db
 
+    [testenv:py312-in-files]
+    deps =
+        -r{toxinidir}/requirements/requirements.in
+        -r{toxinidir}/requirements/requirements_activitystream.in
+        -r{toxinidir}/requirements/requirements_authentication.in
+        -r{toxinidir}/requirements/requirements_api_documentation.in
+        -r{toxinidir}/requirements/requirements_rest_filters.in
+        -r{toxinidir}/requirements/requirements_rbac.in
+        -r{toxinidir}/requirements/requirements_channels.in
+        -r{toxinidir}/requirements/requirements_jwt_consumer.in
+        -r{toxinidir}/requirements/requirements_redis_client.in
+        -r{toxinidir}/requirements/requirements_oauth2_provider.in
+        -r{toxinidir}/requirements/requirements_resource_registry.in
+        -r{toxinidir}/requirements/requirements_feature_flags.in
+        -r{toxinidir}/requirements/requirements_testing.txt
+        -r{toxinidir}/requirements/requirements_dev.txt
+    docker = db
+    allowlist_externals = sh
+    commands = pytest -n auto --color=yes --cov=. --cov-report=xml:coverage.xml --cov-report=html --cov-report=json --cov-branch --junit-xml=django-ansible-base-test-results.xml {env:ANSIBLE_BASE_PYTEST_ARGS} {env:ANSIBLE_BASE_TEST_DIRS:test_app/tests} {posargs}
+
     [docker:db]
     dockerfile = {toxinidir}/tools/dev_postgres/Dockerfile
     expose =
diff --git a/requirements/requirements.in b/requirements/requirements.in
index 7aba5641a..60f23ea3c 100644
--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@@ -4,7 +4,7 @@
 #
 cryptography
 Django>=4.2.21,<6.0
-djangorestframework
+djangorestframework<3.16 # problem with OAuth2Application.organization null handling
 django-crum
 inflection
 sqlparse>=0.5.2 # https://github.com/ansible/django-ansible-base/security/dependabot/9
diff --git a/requirements/requirements_all.txt b/requirements/requirements_all.txt
index ad8006457..a383800e3 100644
--- a/requirements/requirements_all.txt
+++ b/requirements/requirements_all.txt
@@ -1,21 +1,21 @@
-asgiref==3.8.1
+asgiref==3.10.0
     # via
     #   -r requirements/requirements_resource_registry.in
     #   channels
     #   django
-attrs==24.2.0
+attrs==25.4.0
     # via
     #   jsonschema
     #   referencing
-certifi==2024.8.30
+certifi==2025.10.5
     # via requests
-cffi==1.17.1
+cffi==2.0.0
     # via cryptography
-channels==4.2.0
+channels==4.3.1
     # via -r requirements/requirements_channels.in
-charset-normalizer==3.4.0
+charset-normalizer==3.4.4
     # via requests
-cryptography==44.0.1
+cryptography==46.0.2
     # via
     #   -r requirements/requirements.in
     #   jwcrypto
@@ -36,15 +36,15 @@ django==5.2.7
     #   djangorestframework
     #   drf-spectacular
     #   social-auth-app-django
-django-auth-ldap==5.1.0
+django-auth-ldap==5.2.0
     # via -r requirements/requirements_authentication.in
 django-crum==0.7.9
     # via -r requirements/requirements.in
-django-flags==5.0.13
+django-flags==5.0.14
     # via -r requirements/requirements_feature_flags.in
 django-oauth-toolkit==2.3.0
     # via -r requirements/requirements_oauth2_provider.in
-django-redis==5.4.0
+django-redis==6.0.0
     # via -r requirements/requirements_redis_client.in
 djangorestframework==3.15.2
     # via
@@ -52,9 +52,9 @@ djangorestframework==3.15.2
     #   drf-spectacular
 drf-spectacular==0.26.5
     # via -r requirements/requirements_api_documentation.in
-dynaconf==3.2.10
+dynaconf==3.2.12
     # via -r requirements/requirements.in
-idna==3.10
+idna==3.11
     # via requests
 inflection==0.5.1
     # via
@@ -62,21 +62,21 @@ inflection==0.5.1
     #   drf-spectacular
 isodate==0.7.2
     # via python3-saml
-jsonschema==4.23.0
+jsonschema==4.25.1
     # via drf-spectacular
-jsonschema-specifications==2024.10.1
+jsonschema-specifications==2025.9.1
     # via jsonschema
 jwcrypto==1.5.6
     # via django-oauth-toolkit
 ldap-filter==1.0.1
     # via -r requirements/requirements_authentication.in
-lxml==5.3.0
+lxml==6.0.2
     # via
     #   python3-saml
     #   xmlsec
 netaddr==1.3.0
     # via pyrad
-oauthlib==3.2.2
+oauthlib==3.3.1
     # via
     #   django-oauth-toolkit
     #   requests-oauthlib
@@ -85,9 +85,9 @@ pyasn1==0.6.1
     # via
     #   pyasn1-modules
     #   python-ldap
-pyasn1-modules==0.4.1
+pyasn1-modules==0.4.2
     # via python-ldap
-pycparser==2.22
+pycparser==2.23
     # via cffi
 pyjwt==2.10.1
     # via
@@ -96,7 +96,7 @@ pyjwt==2.10.1
     #   social-auth-core
 pyrad==2.4
     # via -r requirements/requirements_authentication.in
-python-ldap==3.4.4
+python-ldap==3.4.5
     # via
     #   -r requirements/requirements_authentication.in
     #   django-auth-ldap
@@ -104,17 +104,17 @@ python3-openid==3.2.0
     # via social-auth-core
 python3-saml==1.16.0
     # via -r requirements/requirements_authentication.in
-pyyaml==6.0.2
+pyyaml==6.0.3
     # via drf-spectacular
-redis==5.2.0
+redis==6.4.0
     # via
     #   -r requirements/requirements_redis_client.in
     #   django-redis
-referencing==0.35.1
+referencing==0.37.0
     # via
     #   jsonschema
     #   jsonschema-specifications
-requests==2.32.3
+requests==2.32.5
     # via
     #   -r requirements/requirements_jwt_consumer.in
     #   -r requirements/requirements_resource_registry.in
@@ -123,7 +123,7 @@ requests==2.32.3
     #   social-auth-core
 requests-oauthlib==2.0.0
     # via social-auth-core
-rpds-py==0.22.3
+rpds-py==0.27.1
     # via
     #   jsonschema
     #   referencing
@@ -137,7 +137,7 @@ social-auth-core==4.5.4
     # via
     #   -r requirements/requirements_authentication.in
     #   social-auth-app-django
-sqlparse==0.5.2
+sqlparse==0.5.3
     # via
     #   -r requirements/requirements.in
     #   django
@@ -145,11 +145,13 @@ tabulate==0.9.0
     # via -r requirements/requirements_authentication.in
 tacacs-plus==2.6
     # via -r requirements/requirements_authentication.in
-typing-extensions==4.12.2
-    # via jwcrypto
-uritemplate==4.1.1
+typing-extensions==4.15.0
+    # via
+    #   jwcrypto
+    #   referencing
+uritemplate==4.2.0
     # via drf-spectacular
-urllib3==2.2.3
+urllib3==2.5.0
     # via
     #   -r requirements/requirements_resource_registry.in
     #   requests
diff --git a/requirements/requirements_dev.txt b/requirements/requirements_dev.txt
index 7a8463633..08cae1b3a 100644
--- a/requirements/requirements_dev.txt
+++ b/requirements/requirements_dev.txt
@@ -1,7 +1,7 @@
 ansible                 # Used in build process to generate some configs
 black==25.1.0           # Linting tool, if changed update pyproject.toml as well
 build
-django==5.2.7
+django<6
 django-debug-toolbar
 django-extensions
 djangorestframework
@@ -18,6 +18,6 @@ pytest-xdist
 pytest-cov
 pytest-django
 setuptools-scm
-sqlparse==0.5.2
+sqlparse<1
 psycopg[binary]
 sdb
diff --git a/test_app/tests/oauth2_provider/views/test_application.py b/test_app/tests/oauth2_provider/views/test_application.py
index 29b06c512..e272d5796 100644
--- a/test_app/tests/oauth2_provider/views/test_application.py
+++ b/test_app/tests/oauth2_provider/views/test_application.py
@@ -202,6 +202,8 @@ def test_oauth2_provider_application_validator(admin_api_client):
         },
     )
     assert response.status_code == 400
+    assert 'organization' in response.data
+    assert 'This field is required' in str(response.data['organization'])
 
 
 @pytest.mark.parametrize(

From 13ec8e20532b982f8601c0039664713d1e8c40a1 Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Fri, 17 Oct 2025 11:07:26 -0400
Subject: [PATCH 2/2] Simplifications

---
 pyproject.toml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index ccbee09fb..003f8b9f6 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -172,9 +172,6 @@ legacy_tox_ini = """
         -r{toxinidir}/requirements/requirements_feature_flags.in
         -r{toxinidir}/requirements/requirements_testing.txt
         -r{toxinidir}/requirements/requirements_dev.txt
-    docker = db
-    allowlist_externals = sh
-    commands = pytest -n auto --color=yes --cov=. --cov-report=xml:coverage.xml --cov-report=html --cov-report=json --cov-branch --junit-xml=django-ansible-base-test-results.xml {env:ANSIBLE_BASE_PYTEST_ARGS} {env:ANSIBLE_BASE_TEST_DIRS:test_app/tests} {posargs}
 
     [docker:db]
     dockerfile = {toxinidir}/tools/dev_postgres/Dockerfile