Upgrade Django, packageurl-python, and other dependencies

Signed-off-by: tdruez <tdruez@nexb.com>

Author: tdruez

scanpipe/models.py

@@ -78,6 +78,7 @@
 from packagedcode.utils import get_base_purl
 from packageurl import PackageURL
 from packageurl import normalize_qualifiers
+from packageurl.contrib.django.models import PACKAGE_URL_FIELDS
 from packageurl.contrib.django.models import PackageURLMixin
 from packageurl.contrib.django.models import PackageURLQuerySetMixin
 from rest_framework.authtoken.models import Token
@@ -105,10 +106,6 @@ class RunNotAllowedToStart(Exception):
     """Previous Runs have not completed yet."""
 
 
-# PackageURL._fields
-PURL_FIELDS = ("type", "namespace", "name", "version", "qualifiers", "subpath")
-
-
 class UUIDPKModel(models.Model):
     uuid = models.UUIDField(
         verbose_name=_("UUID"),
@@ -1616,7 +1613,7 @@ def update_from_data(self, data, override=False):
             skip_reasons = [
                 value in EMPTY_VALUES,
                 field_name not in model_fields,
-                field_name in PURL_FIELDS,
+                field_name in PACKAGE_URL_FIELDS,
             ]
             if any(skip_reasons):
                 continue
@@ -2040,7 +2037,7 @@ def prefetch_for_serializer(self):
             Prefetch(
                 "discovered_packages",
                 queryset=DiscoveredPackage.objects.only(
-                    "package_uid", "uuid", *PURL_FIELDS
+                    "package_uid", "uuid", *PACKAGE_URL_FIELDS
                 ),
             ),
         )
@@ -2924,10 +2921,6 @@ def vulnerable(self):
 class DiscoveredPackageQuerySet(
     VulnerabilityQuerySetMixin, PackageURLQuerySetMixin, ProjectRelatedQuerySet
 ):
-    def order_by_purl(self):
-        """Order by Package URL fields."""
-        return self.order_by("type", "namespace", "name", "version")
-
     def with_resources_count(self):
         count_subquery = Subquery(
             self.filter(pk=OuterRef("pk"))
@@ -2937,12 +2930,12 @@ def with_resources_count(self):
         )
         return self.annotate(resources_count=count_subquery)
 
-    def only_purl_fields(self):
+    def only_package_url_fields(self):
         """
         Only select and return the UUID and PURL fields.
         Minimum requirements to render a Package link in the UI.
         """
-        return self.only("uuid", *PURL_FIELDS)
+        return self.only("uuid", *PACKAGE_URL_FIELDS)
 
 
 class AbstractPackage(models.Model):
@@ -3814,7 +3807,7 @@ def normalize_package_url_data(purl_mapping, ignore_nulls=False):
     purl data can be executed.
     """
     normalized_purl_mapping = {}
-    for field_name in PURL_FIELDS:
+    for field_name in PACKAGE_URL_FIELDS:
         value = purl_mapping.get(field_name)
         if field_name == "qualifiers":
             value = normalize_qualifiers(value, encode=True)

scanpipe/views.py

@@ -59,6 +59,7 @@
 import saneyaml
 import xlsxwriter
 from django_filters.views import FilterView
+from packageurl.contrib.django.models import PACKAGE_URL_FIELDS
 
 from scancodeio.auth import ConditionalLoginRequired
 from scancodeio.auth import conditional_login_required
@@ -79,7 +80,6 @@
 from scanpipe.forms import ProjectCloneForm
 from scanpipe.forms import ProjectForm
 from scanpipe.forms import ProjectSettingsForm
-from scanpipe.models import PURL_FIELDS
 from scanpipe.models import CodebaseRelation
 from scanpipe.models import CodebaseResource
 from scanpipe.models import DiscoveredDependency
@@ -1375,7 +1375,7 @@ class CodebaseResourceListView(
     prefetch_related = [
         Prefetch(
             "discovered_packages",
-            queryset=DiscoveredPackage.objects.only_purl_fields(),
+            queryset=DiscoveredPackage.objects.only_package_url_fields(),
         )
     ]
     table_columns = [
@@ -1483,7 +1483,7 @@ def get_queryset(self):
             .only(
                 "uuid",
                 "package_uid",
-                *PURL_FIELDS,
+                *PACKAGE_URL_FIELDS,
                 "project",
                 "primary_language",
                 "declared_license_expression",
@@ -1492,7 +1492,7 @@ def get_queryset(self):
                 "affected_by_vulnerabilities",
             )
             .with_resources_count()
-            .order_by_purl()
+            .order_by_package_url()
         )
 
     def get_context_data(self, **kwargs):
@@ -1514,10 +1514,13 @@ class DiscoveredDependencyListView(
     template_name = "scanpipe/dependency_list.html"
     paginate_by = settings.SCANCODEIO_PAGINATE_BY.get("dependency", 100)
     prefetch_related = [
-        Prefetch("for_package", queryset=DiscoveredPackage.objects.only_purl_fields()),
+        Prefetch(
+            "for_package",
+            queryset=DiscoveredPackage.objects.only_package_url_fields(),
+        ),
         Prefetch(
             "resolved_to_package",
-            queryset=DiscoveredPackage.objects.only_purl_fields(),
+            queryset=DiscoveredPackage.objects.only_package_url_fields(),
         ),
         Prefetch(
             "datafile_resource", queryset=CodebaseResource.objects.only("path", "name")
@@ -1658,7 +1661,7 @@ class CodebaseResourceDetailsView(
             "discovered_packages",
             queryset=DiscoveredPackage.objects.only(
                 "uuid",
-                *PURL_FIELDS,
+                *PACKAGE_URL_FIELDS,
                 "package_uid",
                 "affected_by_vulnerabilities",
                 "primary_language",
@@ -1858,7 +1861,7 @@ class DiscoveredPackageDetailsView(
         ),
         Prefetch(
             "declared_dependencies__resolved_to_package",
-            queryset=DiscoveredPackage.objects.only_purl_fields(),
+            queryset=DiscoveredPackage.objects.only_package_url_fields(),
         ),
     ]
     tabset = {
@@ -2018,13 +2021,13 @@ class DiscoveredDependencyDetailsView(
         Prefetch(
             "for_package",
             queryset=DiscoveredPackage.objects.only(
-                "uuid", *PURL_FIELDS, "package_uid", "project_id"
+                "uuid", *PACKAGE_URL_FIELDS, "package_uid", "project_id"
             ),
         ),
         Prefetch(
             "resolved_to_package",
             queryset=DiscoveredPackage.objects.only(
-                "uuid", *PURL_FIELDS, "package_uid", "project_id"
+                "uuid", *PACKAGE_URL_FIELDS, "package_uid", "project_id"
             ),
         ),
         Prefetch(

setup.cfg

@@ -49,24 +49,24 @@ packages=find:
 include_package_data = true
 zip_safe = false
 install_requires =
-    importlib-metadata==7.2.1
+    importlib-metadata==8.0.0
     setuptools==70.0.0
     # Django related
-    Django==5.0.6
+    Django==5.0.7
     django-environ==0.11.2
     django-crispy-forms==2.2
     crispy-bootstrap3==2024.1
     django-filter==24.2
     djangorestframework==3.15.2
     django-taggit==5.0.1
     # Database
-    psycopg[binary]==3.1.19
+    psycopg[binary]==3.2.1
     # wait_for_database Django management command
     django-probes==1.7.0
     # Task queue
     rq==1.16.2
     django-rq==2.10.2
-    redis==5.0.6
+    redis==5.0.7
     # WSGI server
     gunicorn==22.0.0
     # Docker
@@ -75,6 +75,7 @@ install_requires =
     scancode-toolkit[packages]==32.2.1
     extractcode[full]==31.0.0
     commoncode==31.2.1
+    packageurl-python==0.15.4
     # FetchCode
     fetchcode-container==1.2.3.210512; sys_platform == "linux"
     # Inspectors
@@ -85,14 +86,14 @@ install_requires =
     aboutcode-toolkit==10.1.0
     # Utilities
     XlsxWriter==3.2.0
-    openpyxl==3.1.4
+    openpyxl==3.1.5
     requests==2.32.3
     gitpython==3.1.43
     # Profiling
     pyinstrument==4.6.2
     # CycloneDX
-    cyclonedx-python-lib==7.5.0
-    jsonschema==4.22.0
+    cyclonedx-python-lib==7.5.1
+    jsonschema==4.23.0
     # Font Awesome
     fontawesomefree==6.5.1
     # MatchCode-toolkit
@@ -116,15 +117,14 @@ dev =
     # Security analyzer
     bandit==1.7.9
     # Debug
-    django-debug-toolbar==4.4.2
+    django-debug-toolbar==4.4.6
     # Documentation
-    Sphinx==7.3.7
+    Sphinx==7.4.0
     sphinx-rtd-theme==2.0.0
     sphinx-rtd-dark-mode==1.3.0
     sphinxcontrib-django==2.5
     # Release
     bumpver==2023.1129
-    twine==5.1.0
 
 [options.entry_points]
 console_scripts =