fix: lib dependencies

[ruuushhh]

Description

fix: lib dependencies

Clickup

https://app.clickup.com/

Summary by CodeRabbit

Release Notes

• Dependencies

  • Upgraded multiple project dependencies to their latest versions, including Django, Sentry SDK, and various testing libraries
  • Updated cryptography, database URL, and CORS headers packages

• Configuration

  • Removed CorsPostCsrfMiddleware from project settings
  • Updated Sentry SDK initialization parameter

• Minor Improvements

  • Simplified expense grouping logic in custom field handling

These updates enhance project dependencies, security, and configuration management.

[coderabbitai]

Walkthrough

This pull request encompasses updates across multiple files in the project, focusing on dependency version upgrades, middleware configuration changes, and a minor modification in expense grouping logic. The changes include updating numerous Python package versions in requirements.txt, removing a CORS middleware in Django settings, and adjusting a custom field transformation method in the expense grouping function.

Changes

File	Change Summary
apps/fyle/models.py	Modified _group_expenses function to use simplified string concatenation for custom field references
fyle_intacct_api/sentry.py	Updated Sentry SDK initialization parameter from request_bodies to max_request_body_size
fyle_intacct_api/settings.py	Removed CorsPostCsrfMiddleware from middleware configuration
fyle_intacct_api/tests/settings.py	Removed CorsPostCsrfMiddleware from test middleware configuration
requirements.txt	Updated 19 dependency versions, including major upgrades to Django (3.2.14 → 5.1.4) and various testing and utility libraries

Poem

🐰 Hop, hop, through code's green field,
Dependencies updated, their versions revealed!
Middleware trimmed, queries refined,
A rabbit's dance of changes intertwined!
Leaping forward with each commit's might! 🚀

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 16b5ccb and 36c19e1.

📒 Files selected for processing (5)

• apps/fyle/models.py (1 hunks)
• fyle_intacct_api/sentry.py (1 hunks)
• fyle_intacct_api/settings.py (0 hunks)
• fyle_intacct_api/tests/settings.py (0 hunks)
• requirements.txt (1 hunks)

💤 Files with no reviewable changes (2)

• fyle_intacct_api/settings.py
• fyle_intacct_api/tests/settings.py

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: pytest
• GitHub Check: pytest

🔇 Additional comments (5)

fyle_intacct_api/sentry.py (1)

19-19: Parameter update aligns with sentry-sdk v2.0.0

The rename from request_bodies to max_request_body_size is correct and necessary for compatibility with sentry-sdk v2.0.0+.

Run this script to verify the upgrade path and check for any breaking changes:

✅ Verification successful

Parameter rename to max_request_body_size verified

The change is correctly implemented and consistent with sentry-sdk v2.0.0. This is the only instance of sentry configuration in the codebase, and no other updates are needed.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check sentry-sdk changelog for breaking changes between v1.19.1 and v2.19.2

curl -s https://raw.githubusercontent.com/getsentry/sentry-python/master/CHANGELOG.md | grep -A 10 "2.0.0"

Length of output: 4210

---

Script:

#!/bin/bash
# Search for both parameter names and sentry initialization
echo "=== Searching for request_bodies parameter ==="
rg "request_bodies" -A 2 -B 2

echo -e "\n=== Searching for max_request_body_size parameter ==="
rg "max_request_body_size" -A 2 -B 2

echo -e "\n=== Looking for sentry initialization code ==="
rg "sentry.init" -A 5 -B 2

Length of output: 759

---

Script:

#!/bin/bash
# Search for sentry initialization using AST to be more thorough
echo "=== Searching for sentry initialization patterns ==="
ast-grep --pattern 'sentry.init($$$)'

# Also check for any other potential sentry configuration
echo -e "\n=== Checking for other sentry imports ==="
rg "import.*sentry" -A 2

Length of output: 441

apps/fyle/models.py (1)

366-366: Verify custom field access with Django 5.x

The simplified custom field access using f-string looks correct. However, since this is a critical path for expense grouping, we should verify it works correctly with Django 5.x.

Run this script to check for similar patterns in the codebase and Django's documentation:

✅ Verification successful

Custom field access pattern is compatible with Django 5.x

The simplified custom field access using f-string maintains the same custom_properties__ pattern that is well-tested throughout the codebase and officially supported in Django 5.x JSONField documentation.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for similar custom field access patterns and Django 5.x compatibility

# Check for similar patterns in codebase
rg "custom_properties__" -A 2

# Check Django's documentation for JSONField querying in 5.x
curl -s https://docs.djangoproject.com/en/5.1/topics/db/queries/ | grep -A 5 "JSONField"

Length of output: 15684

requirements.txt (3)

24-24: Verify Sentry and Requests compatibility

The updates to requests (2.32.3) and sentry-sdk (2.19.2) are significant. Ensure they work together as sentry-sdk often depends on requests.

Run this script to check integration points:

Also applies to: 26-26

✅ Verification successful

Dependencies are compatible ✅

The project uses standard Sentry configuration with Django integration and doesn't override any HTTP-related settings. Both sentry-sdk 2.19.2 and requests 2.32.3 are recent stable releases and are compatible.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check Sentry and Requests integration

# Check for requests usage in sentry integration
rg "import requests" -A 5 "**/sentry*.py"

# Check for custom Sentry configuration
rg "sentry_sdk.init" -A 10

Length of output: 854

---

1-1: Verify cryptography package compatibility

The upgrade to cryptography 44.0.0 is significant. Ensure all dependent packages are compatible with this version.

Run this script to check for compatibility:

✅ Verification successful

Cryptography upgrade is safe to proceed ✅

The codebase only uses the stable Fernet class for symmetric encryption, which has maintained API compatibility across versions. No deprecated or complex features are in use.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for packages that depend on cryptography

# Check for direct dependencies on cryptography
rg "from cryptography" -l

# Check requirements files for cryptography dependencies
rg "cryptography==" requirements*.txt

Length of output: 168

---

Script:

#!/bin/bash
# Check specific cryptography imports and usage
echo "=== workspaces/views.py ==="
rg "from cryptography" -A 3 apps/workspaces/views.py

echo -e "\n=== workspaces/permissions.py ==="
rg "from cryptography" -A 3 apps/workspaces/permissions.py

echo -e "\n=== sage_intacct/utils.py ==="
rg "from cryptography" -A 3 apps/sage_intacct/utils.py

# Check for any other cryptography-related imports
echo -e "\n=== Other cryptography imports ==="
rg "import.*crypto" --ignore-case

Length of output: 821

---

3-3: Major Django version upgrade requires careful testing

The upgrade from Django 3.2.14 to 5.1.4 is a major version jump that includes breaking changes. Ensure all Django-dependent packages are compatible.

Run this script to check for potential compatibility issues:

✅ Verification successful

Django 5.1.4 upgrade appears safe to proceed

The verification shows:

• All Django-dependent packages are using recent versions compatible with Django 5.x
• Custom middleware is minimal and focused on logging/error handling
• Project structure follows standard Django patterns

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check Django-dependent packages and settings

# Check for Django-specific imports and settings
rg "from django" -l

# Check for custom middleware
rg "MIDDLEWARE" -A 10 "**/settings*.py"

Length of output: 10197

---

Script:

#!/bin/bash
# Find settings files and Django-dependent packages
echo "=== Searching for settings files ==="
fd "settings.*\.py$"

echo -e "\n=== Checking requirements.txt for Django-dependent packages ==="
cat requirements.txt

echo -e "\n=== Searching for custom middleware classes ==="
rg "class.*Middleware" --type py

Length of output: 1752

Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Tests	Skipped	Failures	Errors	Time
286	0 💤	0 ❌	0 🔥	42.394s ⏱️

[github-actions]

Tests	Skipped	Failures	Errors	Time
286	0 💤	0 ❌	0 🔥	41.176s ⏱️

[ashwin1111]

We should do django 4.2 (lts) -> https://www.djangoproject.com/download/#supported-versions

[ashwin1111]

see if tests cover this column filter - if not let's cover it