From bef26205abf0aaef7df591b0344adeb7cc208d81 Mon Sep 17 00:00:00 2001
From: edX requirements bot <devops+edx-requirements-bot@edx.org>
Date: Tue, 19 Mar 2024 11:20:18 -0400
Subject: [PATCH] chore: Updating Python Requirements

---
 requirements/base.txt               |  2 +-
 requirements/common_constraints.txt |  9 +++++++++
 requirements/pip-tools.txt          | 10 ++++++----
 requirements/pip.txt                |  2 +-
 requirements/test.txt               |  4 ++--
 requirements/tox.txt                |  2 +-
 6 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/requirements/base.txt b/requirements/base.txt
index 5e4174d..8cf7beb 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -16,5 +16,5 @@ urllib3==2.2.1
     # via requests
 
 # The following packages are considered to be unsafe in a requirements file:
-setuptools==69.1.1
+setuptools==69.2.0
     # via -r requirements/base.in
diff --git a/requirements/common_constraints.txt b/requirements/common_constraints.txt
index 96cc5db..e3bf8ea 100644
--- a/requirements/common_constraints.txt
+++ b/requirements/common_constraints.txt
@@ -21,3 +21,12 @@ elasticsearch<7.14.0
 
 # django-simple-history>3.0.0 adds indexing and causes a lot of migrations to be affected
 django-simple-history==3.0.0
+
+# opentelemetry requires version 6.x at the moment:
+# https://github.com/open-telemetry/opentelemetry-python/issues/3570
+# Normally this could be added as a constraint in edx-django-utils, where we're
+# adding the opentelemetry dependency. However, when we compile pip-tools.txt,
+# that uses version 7.x, and then there's no undoing that when compiling base.txt.
+# So we need to pin it globally, for now.
+# Ticket for unpinning: https://github.com/openedx/edx-lint/issues/407
+importlib-metadata<7
diff --git a/requirements/pip-tools.txt b/requirements/pip-tools.txt
index 1145f4a..8a2348f 100644
--- a/requirements/pip-tools.txt
+++ b/requirements/pip-tools.txt
@@ -8,8 +8,10 @@ build==1.1.1
     # via pip-tools
 click==8.1.7
     # via pip-tools
-importlib-metadata==7.0.2
-    # via build
+importlib-metadata==6.11.0
+    # via
+    #   -c requirements/common_constraints.txt
+    #   build
 packaging==24.0
     # via build
 pip-tools==7.4.1
@@ -25,11 +27,11 @@ tomli==2.0.1
     #   pyproject-hooks
 wheel==0.43.0
     # via pip-tools
-zipp==3.17.0
+zipp==3.18.1
     # via importlib-metadata
 
 # The following packages are considered to be unsafe in a requirements file:
 pip==24.0
     # via pip-tools
-setuptools==69.1.1
+setuptools==69.2.0
     # via pip-tools
diff --git a/requirements/pip.txt b/requirements/pip.txt
index 0094cc6..cf44902 100644
--- a/requirements/pip.txt
+++ b/requirements/pip.txt
@@ -10,5 +10,5 @@ wheel==0.43.0
 # The following packages are considered to be unsafe in a requirements file:
 pip==24.0
     # via -r requirements/pip.in
-setuptools==69.1.1
+setuptools==69.2.0
     # via -r requirements/pip.in
diff --git a/requirements/test.txt b/requirements/test.txt
index 5ff64f8..173a9b5 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -14,7 +14,7 @@ charset-normalizer==3.3.2
     # via
     #   -r requirements/base.txt
     #   requests
-coverage[toml]==7.4.3
+coverage[toml]==7.4.4
     # via
     #   -r requirements/test.in
     #   pytest-cov
@@ -77,5 +77,5 @@ urllib3==2.2.1
     #   requests
 
 # The following packages are considered to be unsafe in a requirements file:
-setuptools==69.1.1
+setuptools==69.2.0
     # via -r requirements/base.txt
diff --git a/requirements/tox.txt b/requirements/tox.txt
index 906c560..6d01f45 100644
--- a/requirements/tox.txt
+++ b/requirements/tox.txt
@@ -10,7 +10,7 @@ chardet==5.2.0
     # via tox
 colorama==0.4.6
     # via tox
-coverage==7.4.3
+coverage==7.4.4
     # via -r requirements/tox.in
 distlib==0.3.8
     # via virtualenv