chore: update python dependencies

[afuetterer]

Proposed Changes

This PR proposed the following changes:

• update the python dependencies of the project, in particular Django 4.2
• generate new django model migration files (required by Django 4.2)
• broaden the version constraints to allow compatible releases (e.g. Django ~=4.2, instead of ~=4.2.0)
• add CI job: install all optional dependency groups combined without failure
• add 'allauth.account.middleware.AccountMiddleware' to MIDDLEWARE, which is required since django-allauth 0.56
• remove SERIALIZE test setting (will be removed in Django 5.0)
• move custom deletion logic from MembershipDeleteView.delete() to MembershipDeleteView.form_valid(), fixes DeleteViewCustomDeleteWarning
• fix "passing unsaved objects to related filters" error in ProfileForm, when an unsaved user model instance was used in a related models lookup
• fix "passing unsaved objects to related filters" warning in IntegrationForm, when an unsaved integration model instance was used in a related models lookup
• add filterwarnings to pytest settings to prepare for upgrading to Django 5.0 (~12/2023)

Related issue: #442

Packages to be updated

$ pip list --outdated                                              
Package              Version Latest Type
-------------------- ------- ------ -----
coverage             6.5.0   7.3.0  wheel
Django               3.2.21  4.2.5  wheel
django-allauth       0.53.1  0.55.2 sdist
django-cleanup       6.0.0   8.0.0  wheel
django-filter        21.1    23.2   wheel
django-mptt          0.13.4  0.14.0 wheel
django-widget-tweaks 1.4.12  1.5.0  wheel
djangorestframework  3.12.4  3.14.0 wheel
Markdown             3.3.7   3.4.4  wheel
pypandoc             1.10    1.11   wheel
pytest-cov           4.0.0   4.1.0  wheel

Progress

• toml: ignore errors -> ignore warnings
• squash commits
• add comment about psycopg[binary] and python 3.12-dev
• fix problem with psycopg[binary] and python 3.12-dev
• move django-allauth to optional dependencies
• middleware
• install rdmo[allauth] in optional-dependencies ci job
• psycopg[binary]~=3.1, https://www.psycopg.org/psycopg3/docs/basic/install.html
• Django 4.2.5
• fix: RemovedInDjango50Warnings
• fix: Passing unsaved model instances to related filters will no longer be allowed
• django-allauth 0.56
• djangorestframework 3.14.0: https://www.django-rest-framework.org/community/release-notes/#314x-series
• pytest-cov 4.1.0
• django-filter 23.2
• Markdown 3.4.4
• pypandoc 1.11
• django-cleanup 8.0.0
• django-mptt 0.14.0
• django-widget-tweaks 1.5.0

Notes

pytest rdmo/core/tests/test_swagger.py --nomigrations -s -rw

Django Deprecation Timeline

• Django 5.0
• Django 4.0

[afuetterer]

It's done. 🥳
Tests are passing. All dependencies are up-to-date.

... but actually Django 5.0 is coming soon.

[afuetterer]

Thank you, glad I could help out.
I think from these dependency versions, Dependabot can start to submit PRs. We can update version constraints again for certain libraries, if they introduce breaking changes.

[afuetterer]

I adopted your requested changes. Happy if you review again.

[afuetterer]

This is the new optional dependency group you asked for.

[afuetterer]

The test config using allauth in installed apps needs this middleware to run, otherwise django will not even start.

[afuetterer]

We need to have allauth available in CI for the tests, so I added the new group here as well.

[afuetterer]

Python 3.8 - 3.11 with Django 4.2 can utilize psycopg3, i.e. psycopg[binary].

There will be a binary available, when Python 3.12 is officially released. I will adapt accordingly in October.

[jochenklar]

Ah sorry, I merged the other two PR into dev-2.0.0.

[afuetterer]

I will rebase.
Could not sign my commits on this machine. :(

[afuetterer]

Branch is rebased, the tests still passing.
Is there something else remaining to do?

[jochenklar]

Thanks. In principle I can merge now. One last question, are you sure that pinning to foo~=A.B only is a good idea? This will also allow for foo~=A.C, so a different minor version.

[afuetterer]

Thanks. In principle I can merge now. One last question, are you sure that pinning to foo~=A.B only is a good idea? This will also allow for foo~=A.C, so a different minor version.

I think it is a good idea for most libraries that use semantic versioning. django-allauth being 0.* could potentially break something anytime. But I think it might be better to be forgiving here and pin later? The CI and dependabot should catch something breaking, right?

You can decide if you prefer pinning Django==4.2.5, Django~=4.2.5 or Django~=4.2. I would suggest the last one. Maybe with pinning all dependencies that have v0?

What do you think? Otherwise of course add the patch versions to the toml file.

[jochenklar]

Ok, I will review the dependencies later. I think a good compromise is to allow for a minor version change unless the major version is 0. Thanks again.