Audit and update Python dependencies

[lmorchard]

We have some mighty old Python dependencies.

Maybe we need something like Gemnasium to help keep us in line?

[jezdez]

There is http://requires.io

[darkwing]

Whoa, that looks awesome!

[lmorchard]

Looks like I managed to activate this for mozilla/kuma:

https://requires.io/github/mozilla/kuma/requirements/?branch=master

It's not quite accurate, yet, because I don't think our requirements files match the current state of kuma-lib. But, it's a start.

[lmorchard]

Slowly working through deriving a best effort up to date requirements.txt based on what I'm finding in kuma-lib. The results so far are going into a branch in my repo:

https://requires.io/github/lmorchard/kuma/requirements/?branch=death-to-kuma-lib

Looking cruddy so far, but will be good to get an accurate picture

[groovecoder]

That's so cool! Is there any way for requires.io to tell us how old our out-dated libraries are? I think @ubernostrum had a script for that.

[lmorchard]

I got what I think is a complete first cut of updating the requirements files from the current state of kuma-lib. And, as a side effect, I think I've almost got Travis-CI tests working:

lmorchard/kuma@c04707f...f2952c3

One unfortunate thing I'm seeing is that quite a lot of our dependencies are pointed at specific git commits, rather than pypi releases. So, requires.io won't pick those up until they're pinned to versions. Might as well try upgrading those along the way

[lmorchard]

Not quite there, yet, but lots of wiki tests passing already:

https://travis-ci.org/lmorchard/kuma/builds/17953176

[groovecoder]

Note: #1945 (comment)

[jezdez]

Closed in favor of https://bugzilla.mozilla.org/show_bug.cgi?id=1054265