fix: pin pip<25.3

requirements/base.txt

@@ -11,13 +11,13 @@ asgiref==3.10.0
     #   django-countries
 boto==2.49.0
     # via -r requirements/base.in
-boto3==1.40.56
+boto3==1.40.72
     # via -r requirements/base.in
-botocore==1.40.56
+botocore==1.40.72
     # via
     #   boto3
     #   s3transfer
-certifi==2025.10.5
+certifi==2025.11.12
     # via requests
 cffi==2.0.0
     # via
@@ -35,7 +35,7 @@ cryptography==46.0.3
     # via
     #   django-fernet-fields-v2
     #   pyjwt
-django==4.2.25
+django==4.2.26
     # via
     #   -c requirements/constraints.txt
     #   -r requirements/base.in
@@ -57,7 +57,7 @@ django==4.2.25
     #   edx-rbac
 django-cors-headers==4.9.0
     # via -r requirements/base.in
-django-countries==7.6.1
+django-countries==8.1.0
     # via -r requirements/base.in
 django-crum==0.7.9
     # via
@@ -116,7 +116,7 @@ edx-drf-extensions==10.6.0
     #   -r requirements/base.in
     #   edx-enterprise-data
     #   edx-rbac
-edx-enterprise-data==10.21.10
+edx-enterprise-data==10.21.13
     # via -r requirements/base.in
 edx-opaque-keys==3.0.0
     # via
@@ -132,7 +132,7 @@ edx-rest-api-client==6.2.0
     #   edx-enterprise-data
 factory-boy==3.3.3
     # via edx-enterprise-data
-faker==37.11.0
+faker==38.0.0
     # via factory-boy
 html5lib==1.1
     # via -r requirements/base.in
@@ -148,7 +148,7 @@ jmespath==1.0.1
     # via
     #   boto3
     #   botocore
-markdown==3.9
+markdown==3.10
     # via -r requirements/base.in
 markupsafe==3.0.3
     # via jinja2
@@ -158,7 +158,7 @@ ordered-set==4.1.0
     # via -r requirements/base.in
 packaging==25.0
     # via drf-yasg
-psutil==7.1.1
+psutil==7.1.3
     # via edx-django-utils
 pycparser==2.23
     # via cffi
@@ -169,9 +169,9 @@ pyjwt[crypto]==2.10.1
     #   edx-rest-api-client
 pymemcache==4.0.0
     # via -r requirements/base.in
-pymongo==4.15.3
+pymongo==4.15.4
     # via edx-opaque-keys
-pynacl==1.6.0
+pynacl==1.6.1
     # via edx-django-utils
 python-dateutil==2.9.0.post0
     # via botocore

requirements/constraints.txt

@@ -40,3 +40,10 @@ pip<24.3
 
 # https://2u-internal.atlassian.net/browse/ENT-11087
 pylint==3.3.8
+
+# pip 25.3 is incompatible with pip-tools hence causing failures during the build process
+# Make upgrade command and all requirements upgrade jobs are broken due to this.
+# See issue https://github.com/openedx/public-engineering/issues/440 for details regarding the ongoing fix.
+# The constraint can be removed once a release (pip-tools > 7.5.1) is available with support for pip 25.3
+# Issue to track this dependency and unpin later on: https://github.com/openedx/edx-lint/issues/503
+pip<25.3

requirements/dev.txt

@@ -11,13 +11,13 @@ asgiref==3.10.0
     #   django-countries
 boto==2.49.0
     # via -r requirements/base.in
-boto3==1.40.56
+boto3==1.40.72
     # via -r requirements/base.in
-botocore==1.40.56
+botocore==1.40.72
     # via
     #   boto3
     #   s3transfer
-certifi==2025.10.5
+certifi==2025.11.12
     # via requests
 cffi==2.0.0
     # via
@@ -35,7 +35,7 @@ cryptography==46.0.3
     # via
     #   django-fernet-fields-v2
     #   pyjwt
-django==4.2.25
+django==4.2.26
     # via
     #   -c requirements/constraints.txt
     #   -r requirements/base.in
@@ -57,7 +57,7 @@ django==4.2.25
     #   edx-rbac
 django-cors-headers==4.9.0
     # via -r requirements/base.in
-django-countries==7.6.1
+django-countries==8.1.0
     # via -r requirements/base.in
 django-crum==0.7.9
     # via
@@ -116,7 +116,7 @@ edx-drf-extensions==10.6.0
     #   -r requirements/base.in
     #   edx-enterprise-data
     #   edx-rbac
-edx-enterprise-data==10.21.10
+edx-enterprise-data==10.21.13
     # via -r requirements/base.in
 edx-opaque-keys==3.0.0
     # via
@@ -132,7 +132,7 @@ edx-rest-api-client==6.2.0
     #   edx-enterprise-data
 factory-boy==3.3.3
     # via edx-enterprise-data
-faker==37.11.0
+faker==38.0.0
     # via factory-boy
 html5lib==1.1
     # via -r requirements/base.in
@@ -148,7 +148,7 @@ jmespath==1.0.1
     # via
     #   boto3
     #   botocore
-markdown==3.9
+markdown==3.10
     # via -r requirements/base.in
 markupsafe==3.0.3
     # via jinja2
@@ -160,7 +160,7 @@ ordered-set==4.1.0
     # via -r requirements/base.in
 packaging==25.0
     # via drf-yasg
-psutil==7.1.1
+psutil==7.1.3
     # via edx-django-utils
 pycparser==2.23
     # via cffi
@@ -171,9 +171,9 @@ pyjwt[crypto]==2.10.1
     #   edx-rest-api-client
 pymemcache==4.0.0
     # via -r requirements/base.in
-pymongo==4.15.3
+pymongo==4.15.4
     # via edx-opaque-keys
-pynacl==1.6.0
+pynacl==1.6.1
     # via edx-django-utils
 python-dateutil==2.9.0.post0
     # via botocore

requirements/django.txt

@@ -1 +1 @@
-django==4.2.25
+django==4.2.26

requirements/doc.txt

@@ -21,13 +21,13 @@ beautifulsoup4==4.14.2
     # via pydata-sphinx-theme
 boto==2.49.0
     # via -r requirements/base.in
-boto3==1.40.56
+boto3==1.40.72
     # via -r requirements/base.in
-botocore==1.40.56
+botocore==1.40.72
     # via
     #   boto3
     #   s3transfer
-certifi==2025.10.5
+certifi==2025.11.12
     # via requests
 cffi==2.0.0
     # via
@@ -45,7 +45,7 @@ cryptography==46.0.3
     # via
     #   django-fernet-fields-v2
     #   pyjwt
-django==4.2.25
+django==4.2.26
     # via
     #   -c requirements/constraints.txt
     #   -r requirements/base.in
@@ -67,7 +67,7 @@ django==4.2.25
     #   edx-rbac
 django-cors-headers==4.9.0
     # via -r requirements/base.in
-django-countries==7.6.1
+django-countries==8.1.0
     # via -r requirements/base.in
 django-crum==0.7.9
     # via
@@ -130,7 +130,7 @@ edx-drf-extensions==10.6.0
     #   -r requirements/base.in
     #   edx-enterprise-data
     #   edx-rbac
-edx-enterprise-data==10.21.10
+edx-enterprise-data==10.21.13
     # via -r requirements/base.in
 edx-opaque-keys==3.0.0
     # via
@@ -146,7 +146,7 @@ edx-rest-api-client==6.2.0
     #   edx-enterprise-data
 factory-boy==3.3.3
     # via edx-enterprise-data
-faker==37.11.0
+faker==38.0.0
     # via factory-boy
 html5lib==1.1
     # via -r requirements/base.in
@@ -166,7 +166,7 @@ jmespath==1.0.1
     # via
     #   boto3
     #   botocore
-markdown==3.9
+markdown==3.10
     # via -r requirements/base.in
 markupsafe==3.0.3
     # via jinja2
@@ -183,7 +183,7 @@ path==16.14.0
     # via
     #   -c requirements/constraints.txt
     #   -r requirements/doc.in
-psutil==7.1.1
+psutil==7.1.3
     # via edx-django-utils
 pycparser==2.23
     # via cffi
@@ -201,9 +201,9 @@ pyjwt[crypto]==2.10.1
     #   edx-rest-api-client
 pymemcache==4.0.0
     # via -r requirements/base.in
-pymongo==4.15.3
+pymongo==4.15.4
     # via edx-opaque-keys
-pynacl==1.6.0
+pynacl==1.6.1
     # via edx-django-utils
 python-dateutil==2.9.0.post0
     # via botocore

requirements/pip.txt

@@ -2,7 +2,7 @@
 # This file is autogenerated by pip-compile with Python 3.11
 # by the following command:
 #
-#    pip-compile --allow-unsafe --cert=None --client-cert=None --index-url=None --output-file=requirements/pip.txt --pip-args=None requirements/pip.in
+#    pip-compile --allow-unsafe --output-file=requirements/pip.txt requirements/pip.in
 #
 wheel==0.45.1
     # via -r requirements/pip.in

requirements/pip_tools.txt

@@ -2,15 +2,15 @@
 # This file is autogenerated by pip-compile with Python 3.11
 # by the following command:
 #
-#    pip-compile --cert=None --client-cert=None --index-url=None --output-file=requirements/pip_tools.txt --pip-args=None requirements/pip_tools.in
+#    make upgrade
 #
 build==1.3.0
     # via pip-tools
 click==8.3.0
     # via pip-tools
 packaging==25.0
     # via build
-pip-tools==7.5.1
+pip-tools==7.5.2
     # via -r requirements/pip_tools.in
 pyproject-hooks==1.2.0
     # via

requirements/production.txt

@@ -11,13 +11,13 @@ asgiref==3.10.0
     #   django-countries
 boto==2.49.0
     # via -r requirements/base.in
-boto3==1.40.56
+boto3==1.40.72
     # via -r requirements/base.in
-botocore==1.40.56
+botocore==1.40.72
     # via
     #   boto3
     #   s3transfer
-certifi==2025.10.5
+certifi==2025.11.12
     # via requests
 cffi==2.0.0
     # via
@@ -35,7 +35,7 @@ cryptography==46.0.3
     # via
     #   django-fernet-fields-v2
     #   pyjwt
-django==4.2.25
+django==4.2.26
     # via
     #   -c requirements/constraints.txt
     #   -r requirements/base.in
@@ -57,7 +57,7 @@ django==4.2.25
     #   edx-rbac
 django-cors-headers==4.9.0
     # via -r requirements/base.in
-django-countries==7.6.1
+django-countries==8.1.0
     # via -r requirements/base.in
 django-crum==0.7.9
     # via
@@ -116,7 +116,7 @@ edx-drf-extensions==10.6.0
     #   -r requirements/base.in
     #   edx-enterprise-data
     #   edx-rbac
-edx-enterprise-data==10.21.10
+edx-enterprise-data==10.21.13
     # via -r requirements/base.in
 edx-opaque-keys==3.0.0
     # via
@@ -132,7 +132,7 @@ edx-rest-api-client==6.2.0
     #   edx-enterprise-data
 factory-boy==3.3.3
     # via edx-enterprise-data
-faker==37.11.0
+faker==38.0.0
     # via factory-boy
 gevent==25.9.1
     # via -r requirements/production.in
@@ -154,15 +154,15 @@ jmespath==1.0.1
     # via
     #   boto3
     #   botocore
-markdown==3.9
+markdown==3.10
     # via -r requirements/base.in
 markupsafe==3.0.3
     # via jinja2
 mysql-connector-python==9.5.0
     # via edx-enterprise-data
 mysqlclient==2.2.7
     # via -r requirements/production.in
-newrelic==11.0.1
+newrelic==11.1.0
     # via -r requirements/production.in
 ordered-set==4.1.0
     # via -r requirements/base.in
@@ -172,7 +172,7 @@ packaging==25.0
     #   gunicorn
 path-py==8.2.1
     # via -r requirements/production.in
-psutil==7.1.1
+psutil==7.1.3
     # via edx-django-utils
 pycparser==2.23
     # via cffi
@@ -183,9 +183,9 @@ pyjwt[crypto]==2.10.1
     #   edx-rest-api-client
 pymemcache==4.0.0
     # via -r requirements/base.in
-pymongo==4.15.3
+pymongo==4.15.4
     # via edx-opaque-keys
-pynacl==1.6.0
+pynacl==1.6.1
     # via edx-django-utils
 python-dateutil==2.9.0.post0
     # via botocore
@@ -243,9 +243,9 @@ urllib3==1.26.20
     #   requests
 webencodings==0.5.1
     # via html5lib
-zope-event==6.0
+zope-event==6.1
     # via gevent
-zope-interface==8.0.1
+zope-interface==8.1
     # via gevent
 
 # The following packages are considered to be unsafe in a requirements file: