ERP5 py3: WIP ( all changes squashed )

software/slapos-sr-testing: add erp5-py3

---

WIP ERP5: XXX dumps() parameter for longrequest promise 🚧

Not sure why it was OK on python2 and not sure if this has to be done
or the promise code needs to cast the results of getConfig()

---

py3: do not enable NEO test yet 🚧

at this point they all fail after long timeouts, because neo does not
support py3 yet

stack/erp5: version up APacheDEX 2.0 (py3 only)
Co-authored-by: Kazuhiko SHIOZAKI <kazuhiko@nexedi.com>
Co-authored-by: Arnaud Fontaine <arnaud.fontaine@nexedi.com>
Co-authored-by: Bryton Lacquement <bryton.lacquement@nexedi.com>

component/ZODB/buildout.cfg

@@ -57,6 +57,12 @@ egg-versions =
 
 [ZODB5]
 <= _ZODB
+egg-versions =
+  ZODB = 5.8.1
+  transaction = 4.0.0
+
+[ZODB5:python2]
+<= _ZODB
 egg-versions =
   ZODB = 5.8.1
   transaction = 3.0.1
@@ -94,11 +100,17 @@ setup-eggs = ${python-cffi:egg}
 
 # eggs that are common to ZODB4 and ZODB5.
 [versions]
-BTrees = 4.11.3
-persistent = 4.9.3
-zodbpickle = 2.6.0
+BTrees = 5.1.0
+persistent = 5.1.0
+zodbpickle = 3.1.0
 
 # Provide ZODB3 for those eggs that still care about ZODB3 compatibility -
 # for example wendelin.core. ZODB3 3.11 is just a dependency egg on _latest_
 # ZODB, persistent, BTrees and ZEO.
 ZODB3 = 3.11.0
+
+
+[versions:python2]
+BTrees = 4.11.3
+persistent = 4.9.3
+zodbpickle = 2.6.0

component/egg-patch/AccessControl/147.patch

+From 3666a7afd46ea6d069606450c520b8b7e2b5fddf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
+Date: Thu, 22 Feb 2024 23:33:41 +0900
+Subject: [PATCH] Make dict views behave like their unrestricted versions
+
+unlike the restricted versions, the unrestricted versions:
+ - are not iterators, they are views
+ - have a len
+ - are false when the mapping is empty, true otherwise
+ - are instances of collections.abc.MappingView
+
+During this refactoring, also change `.items()` to validate
+ach keys and values, like `.keys()` and `.values()` do.
+---
+ CHANGES.rst                               |  7 ++++
+ src/AccessControl/ZopeGuards.py           | 50 ++++++++++++++++++-----
+ src/AccessControl/tests/actual_python.py  | 33 +++++++++++++++
+ src/AccessControl/tests/testZopeGuards.py | 34 +++++++++++----
+ 4 files changed, 104 insertions(+), 20 deletions(-)
+
+diff --git a/CHANGES.rst b/CHANGES.rst
+index f35a8d2..073b791 100644
+--- a/CHANGES.rst
++++ b/CHANGES.rst
+@@ -8,6 +8,13 @@ For changes before version 3.0, see ``HISTORY.rst``.
+ 
+ - Nothing changed yet.
+ 
++- Make dict views (`.keys()`, `.items()` and `.values()`) behave like their
++  unrestricted versions.
++  (`#147 <https://github.com/zopefoundation/AccessControl/pull/147>`_)
++
++- Make `.items()` validate each keys and values, like `.keys()` and
++  `.values()` do.
++
+ 
+ 6.3 (2023-11-20)
+ ----------------
+diff --git a/src/AccessControl/ZopeGuards.py b/src/AccessControl/ZopeGuards.py
+index 84c2e9e..bc24941 100644
+--- a/src/AccessControl/ZopeGuards.py
++++ b/src/AccessControl/ZopeGuards.py
+@@ -12,6 +12,7 @@
+ ##############################################################################
+ 
+ 
++import collections.abc
+ import math
+ import random
+ import string
+@@ -127,13 +128,18 @@ def guarded_pop(key, default=_marker):
+     return guarded_pop
+ 
+ 
+-def get_iter(c, name):
+-    iter = getattr(c, name)
++def get_mapping_view(c, name):
+ 
+-    def guarded_iter():
+-        return SafeIter(iter(), c)
++    view_class = {
++        'keys': SafeKeysView,
++        'items': SafeItemsView,
++        'values': SafeValuesView,
++    }
+ 
+-    return guarded_iter
++    def guarded_mapping_view():
++        return view_class[name](c)
++
++    return guarded_mapping_view
+ 
+ 
+ def get_list_pop(lst, name):
+@@ -153,18 +159,15 @@ def guarded_pop(index=-1):
+     'copy': 1,
+     'fromkeys': 1,
+     'get': get_dict_get,
+-    'items': 1,
++    'items': get_mapping_view,
++    'keys': get_mapping_view,
+     'pop': get_dict_pop,
+     'popitem': 1,
+     'setdefault': 1,
+     'update': 1,
++    'values': get_mapping_view,
+ }
+ 
+-_dict_white_list.update({
+-    'keys': get_iter,
+-    'values': get_iter,
+-})
+-
+ 
+ def _check_dict_access(name, value):
+     # Check whether value is a dict method
+@@ -262,6 +265,31 @@ def __next__(self):
+     next = __next__
+ 
+ 
++class _SafeMappingView:
++    __allow_access_to_unprotected_subobjects__ = 1
++
++    def __iter__(self):
++        for e in super().__iter__():
++            guard(self._mapping, e)
++            yield e
++
++
++class SafeKeysView(_SafeMappingView, collections.abc.KeysView):
++    pass
++
++
++class SafeValuesView(_SafeMappingView, collections.abc.ValuesView):
++    pass
++
++
++class SafeItemsView(_SafeMappingView, collections.abc.ItemsView):
++    def __iter__(self):
++        for k, v in super().__iter__():
++            guard(self._mapping, k)
++            guard(self._mapping, v)
++            yield k, v
++
++
+ class NullIter(SafeIter):
+     def __init__(self, ob):
+         self._iter = ob
+diff --git a/src/AccessControl/tests/actual_python.py b/src/AccessControl/tests/actual_python.py
+index 3405b8e..866a480 100644
+--- a/src/AccessControl/tests/actual_python.py
++++ b/src/AccessControl/tests/actual_python.py
+@@ -123,6 +123,39 @@ def f7():
+         access = getattr(d, meth)
+         result = sorted(access())
+         assert result == expected[kind], (meth, kind, result, expected[kind])
++        assert len(access()) == len(expected[kind]), (meth, kind, "len")
++        iter_ = access()  # iterate twice on the same view
++        assert list(iter_) == list(iter_)
++
++        assert sorted([k for k in getattr(d, meth)()]) == expected[kind]
++        assert sorted(k for k in getattr(d, meth)()) == expected[kind]
++    assert {k: v for k, v in d.items()} == d
++
++    assert 1 in d
++    assert 1 in d.keys()
++    assert 2 in d.values()
++    assert (1, 2) in d.items()
++
++    assert d
++    assert d.keys()
++    assert d.values()
++    assert d.items()
++
++    empty_d = {}
++    assert not empty_d
++    assert not empty_d.keys()
++    assert not empty_d.values()
++    assert not empty_d.items()
++
++    smaller_d = {1: 2}
++    for m, _ in methods:
++        assert getattr(d, m)() != getattr(smaller_d, m)()
++        assert not getattr(d, m)() == getattr(smaller_d, m)()
++        if m != 'values':
++            assert getattr(d, m)() > getattr(smaller_d, m)()
++            assert getattr(d, m)() >= getattr(smaller_d, m)()
++            assert getattr(smaller_d, m)() < getattr(d, m)()
++            assert getattr(smaller_d, m)() <= getattr(d, m)()
+ 
+ 
+ f7()
+diff --git a/src/AccessControl/tests/testZopeGuards.py b/src/AccessControl/tests/testZopeGuards.py
+index 533bfa2..50eeca9 100644
+--- a/src/AccessControl/tests/testZopeGuards.py
++++ b/src/AccessControl/tests/testZopeGuards.py
+@@ -258,23 +258,40 @@ def test_pop_validates(self):
+         self.assertTrue(sm.calls)
+ 
+     def test_keys_empty(self):
+-        from AccessControl.ZopeGuards import get_iter
+-        keys = get_iter({}, 'keys')
++        from AccessControl.ZopeGuards import get_mapping_view
++        keys = get_mapping_view({}, 'keys')
+         self.assertEqual(list(keys()), [])
+ 
++    def test_kvi_len(self):
++        from AccessControl.ZopeGuards import get_mapping_view
++        for attr in ("keys", "values", "items"):
++            with self.subTest(attr):
++                view = get_mapping_view({'a': 1}, attr)
++                self.assertEqual(len(view()), 1)
++
+     def test_keys_validates(self):
+         sm = SecurityManager()
+         old = self.setSecurityManager(sm)
+         keys = guarded_getattr({GuardTestCase: 1}, 'keys')
+         try:
+-            next(keys())
++            next(iter(keys()))
+         finally:
+             self.setSecurityManager(old)
+         self.assertTrue(sm.calls)
+ 
++    def test_items_validates(self):
++        sm = SecurityManager()
++        old = self.setSecurityManager(sm)
++        items = guarded_getattr({GuardTestCase: GuardTestCase}, 'items')
++        try:
++            next(iter(items()))
++        finally:
++            self.setSecurityManager(old)
++        self.assertEqual(len(sm.calls), 2)
++
+     def test_values_empty(self):
+-        from AccessControl.ZopeGuards import get_iter
+-        values = get_iter({}, 'values')
++        from AccessControl.ZopeGuards import get_mapping_view
++        values = get_mapping_view({}, 'values')
+         self.assertEqual(list(values()), [])
+ 
+     def test_values_validates(self):
+@@ -282,18 +299,17 @@ def test_values_validates(self):
+         old = self.setSecurityManager(sm)
+         values = guarded_getattr({GuardTestCase: 1}, 'values')
+         try:
+-            next(values())
++            next(iter(values()))
+         finally:
+             self.setSecurityManager(old)
+         self.assertTrue(sm.calls)
+ 
+     def test_kvi_iteration(self):
+-        from AccessControl.ZopeGuards import SafeIter
+         d = dict(a=1, b=2)
+         for attr in ("keys", "values", "items"):
+             v = getattr(d, attr)()
+-            si = SafeIter(v)
+-            self.assertEqual(next(si), next(iter(v)))
++            si = guarded_getattr(d, attr)()
++            self.assertEqual(next(iter(si)), next(iter(v)))
+ 
+ 
+ class TestListGuards(GuardTestCase):

component/egg-patch/Pillow/0001-set-metadata-in-setup.py-for-compatibility-with-old-.patch

+From 77f86b50f097dcf364e0d140e45593bf001d46bc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
+Date: Fri, 1 Mar 2024 09:49:17 +0900
+Subject: [PATCH] set metadata in setup.py for compatibility with old slapos
+ buildout
+
+---
+ setup.py | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/setup.py b/setup.py
+index 1bf0bcff5..a93fe7b22 100755
+--- a/setup.py
++++ b/setup.py
+@@ -987,6 +987,11 @@ ext_modules = [
+ 
+ try:
+     setup(
++        name='pillow',
++        version='10.2.0',
++        packages=["PIL"],
++        include_package_data=True,
++        package_dir={"": "src"},
+         cmdclass={"build_ext": pil_build_ext},
+         ext_modules=ext_modules,
+         zip_safe=not (debug_build() or PLATFORM_MINGW),
+-- 
+2.42.0
+

component/egg-patch/SOAPpy-py3/0001-backport-changes-from-0.52.29.patch

+From 21a91db138cca3ada0e4dff475b061066362410c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
+Date: Sat, 17 Feb 2024 23:25:43 +0900
+Subject: [PATCH] backport changes from 0.52.29
+
+We can not use 0.52.29 directly because it does not have a setup.py
+and our buildout / setuptools tooling is too old.
+---
+ src/SOAPpy/Client.py | 3 ++-
+ src/SOAPpy/Types.py  | 2 ++
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/SOAPpy/Client.py b/src/SOAPpy/Client.py
+index e86c5ec..d2bbefb 100644
+--- a/src/SOAPpy/Client.py
++++ b/src/SOAPpy/Client.py
+@@ -45,6 +45,7 @@
+ ident = '$Id: Client.py 1496 2010-03-04 23:46:17Z pooryorick $'
+ 
+ from .version import __version__
++from io import StringIO
+ 
+ #import xml.sax
+ import urllib.request, urllib.parse, urllib.error
+@@ -152,7 +153,7 @@ class HTTP:
+             return -1, e.line, None
+ 
+         self.headers = response.msg
+-        self.file = response.fp
++        self.file = StringIO(response.fp.read().decode('utf-8'))
+         return response.status, response.reason, response.msg
+ 
+     def close(self):
+diff --git a/src/SOAPpy/Types.py b/src/SOAPpy/Types.py
+index de9dcac..cf08d17 100644
+--- a/src/SOAPpy/Types.py
++++ b/src/SOAPpy/Types.py
+@@ -1451,6 +1451,8 @@ class arrayType(collections.UserList, compoundType):
+     def __getitem__(self, item):
+         try:
+             return self.data[int(item)]
++        except TypeError:
++            return self.data[item]
+         except ValueError:
+             return getattr(self, item)
+ 
+-- 
+2.42.0
+

component/egg-patch/Zope/1196.patch

+From c8c52a14d481403f1db252631d3cc4b8e86e1798 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <perrinjerome@gmail.com>
+Date: Sat, 17 Feb 2024 05:32:46 +0000
+Subject: [PATCH] Fix authentication error viewing ZMI with a user defined
+ outside of zope root.
+
+Fixes https://github.com/zopefoundation/Zope/issues/1195
+
+ 
+ 5.9 (2023-11-24)
+ ----------------
+diff --git a/src/App/dtml/manage_page_header.dtml b/src/App/dtml/manage_page_header.dtml
+index 2dcb047552..e8b8659e10 100644
+--- a/src/App/dtml/manage_page_header.dtml
++++ b/src/App/dtml/manage_page_header.dtml
+@@ -10,24 +10,27 @@
+ </dtml-let>
+ 
+ <title><dtml-if title_or_id><dtml-var title_or_id><dtml-else>Zope</dtml-if></title>
++<dtml-let basepath="'/'.join([''] + [p for p in (REQUEST['BASEPATH1'], REQUEST.get('AUTHENTICATION_PATH')) if p])">
++
+ <dtml-in css_urls>
+-	<link rel="stylesheet" type="text/css" href="&dtml-BASEPATH1;&dtml-sequence-item;" />
++	<link rel="stylesheet" type="text/css" href="&dtml-basepath;&dtml-sequence-item;" />
+ </dtml-in>
+ <dtml-in js_urls>
+-	<script src="&dtml-BASEPATH1;&dtml-sequence-item;"></script>
++	<script src="&dtml-basepath;&dtml-sequence-item;"></script>
+ </dtml-in>
+ 
+-<link rel="shortcut icon" type="image/x-icon" href="&dtml-BASEPATH1;/++resource++zmi/logo/favicon/favicon.ico" />
+-<link rel="apple-touch-icon" sizes="180x180" href="&dtml-BASEPATH1;/++resource++zmi/logo/favicon/apple-touch-icon.png" />
+-<link rel="icon" type="image/png" sizes="32x32" href="&dtml-BASEPATH1;/++resource++zmi/logo/favicon/favicon-32x32.png" />
+-<link rel="icon" type="image/png" sizes="16x16" href="&dtml-BASEPATH1;/++resource++zmi/logo/favicon/favicon-16x16.png" />
+-<link rel="manifest" href="&dtml-BASEPATH1;/++resource++zmi/logo/favicon/site.webmanifest" />
+-<link rel="mask-icon" href="&dtml-BASEPATH1;/++resource++zmi/logo/favicon/safari-pinned-tab.svg" color="#5bbad5" />
+-<meta name="msapplication-config" content="&dtml-BASEPATH1;/++resource++zmi/logo/favicon/browserconfig.xml"/>
++<link rel="shortcut icon" type="image/x-icon" href="&dtml-basepath;/++resource++zmi/logo/favicon/favicon.ico" />
++<link rel="apple-touch-icon" sizes="180x180" href="&dtml-basepath;/++resource++zmi/logo/favicon/apple-touch-icon.png" />
++<link rel="icon" type="image/png" sizes="32x32" href="&dtml-basepath;/++resource++zmi/logo/favicon/favicon-32x32.png" />
++<link rel="icon" type="image/png" sizes="16x16" href="&dtml-basepath;/++resource++zmi/logo/favicon/favicon-16x16.png" />
++<link rel="manifest" href="&dtml-basepath;/++resource++zmi/logo/favicon/site.webmanifest" />
++<link rel="mask-icon" href="&dtml-basepath;/++resource++zmi/logo/favicon/safari-pinned-tab.svg" color="#5bbad5" />
++<meta name="msapplication-config" content="&dtml-basepath;/++resource++zmi/logo/favicon/browserconfig.xml"/>
+ <meta name="msapplication-TileColor" content="#2d89ef" />
+ <meta name="theme-color" content="#ffffff" />
+ 
+ </head>
++</dtml-let>
+ <!-- REFACT what is a better way to get the last part of the current URL? -->
+ <body id="nodeid-<dtml-var "getId()">" class="zmi zmi-<dtml-var "this().meta_type.replace(' ', '-').replace('(', '').replace(')', '')"> zmi-<dtml-var "URL0[_.len(URL1)+1:]">">
+ </dtml-unless>
+diff --git a/src/zmi/styles/tests.py b/src/zmi/styles/tests.py
+index 256edfa74b..36c7b65bec 100644
+--- a/src/zmi/styles/tests.py
++++ b/src/zmi/styles/tests.py
+@@ -21,6 +21,8 @@ def setupZCML():
+ class SubscriberTests(Testing.ZopeTestCase.FunctionalTestCase):
+     """Testing .subscriber.*"""
+ 
++    base_path = f'/{Testing.ZopeTestCase.folder_name}'
++
+     def call_manage_main(self):
+         """Call /folder/manage_main and return the HTML text."""
+         def _call_manage_main(self):
+@@ -29,7 +31,7 @@ def _call_manage_main(self):
+             # which the WSGI publisher does not expect.
+             endInteraction()
+             response = self.publish(
+-                f'/{Testing.ZopeTestCase.folder_name}/manage_main',
++                f'{self.base_path}/manage_main',
+                 basic=basic_auth)
+             return str(response)
+         return temporaryPlacelessSetUp(
+@@ -40,11 +42,11 @@ def test_subscriber__css_paths__1(self):
+         from .subscriber import css_paths
+         body = self.call_manage_main()
+         for path in css_paths(None):
+-            self.assertIn(path, body)
++            self.assertIn(f'href="{self.base_path}{path}"', body)
+ 
+     def test_subscriber__js_paths__1(self):
+         """The paths it returns are rendered in the ZMI."""
+         from .subscriber import js_paths
+         body = self.call_manage_main()
+         for path in js_paths(None):
+-            self.assertIn(path, body)
++            self.assertIn(f'src="{self.base_path}{path}"', body)

component/egg-patch/Zope/1198.patch

+From 7f4c61c0d7fe0751be93e80683659271fa0c65a3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <perrinjerome@gmail.com>
+Date: Sat, 17 Feb 2024 13:06:28 +0000
+Subject: [PATCH] Fix Content-Disposition heeader for clients without rfc6266
+ support.
+
+Since https://github.com/zopefoundation/Zope/pull/893 the
+Content-Disposition header supports non-ascii filenames, by containing
+the filename in ascii and the filename in UTF-8, but the ascii version
+was produced by applying `str` on a `bytes` instance, so it looks like
+`b'file.txt'` instead of `file.txt`.
+---
+ CHANGES.rst                              | 3 +++
+ src/ZPublisher/HTTPResponse.py           | 3 ++-
+ src/ZPublisher/tests/testHTTPResponse.py | 4 ++--
+ 3 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/CHANGES.rst b/CHANGES.rst
+index e8dedc6a66..30061e2093 100644
+--- a/CHANGES.rst
++++ b/CHANGES.rst
+@@ -18,6 +18,9 @@ https://github.com/zopefoundation/Zope/blob/4.x/CHANGES.rst
+ - Fix redirections to URLs with host given as IP-literal with brackets.
+   Fixes `#1191 <https://github.com/zopefoundation/Zope/issues/1191>`_.
+ 
++- Fix ``Content-Disposition`` filename for clients without rfc6266 support.
++  (`#1198 <https://github.com/zopefoundation/Zope/pull/1198>`_)
++
+ 
+ 5.9 (2023-11-24)
+ ----------------
+diff --git a/src/ZPublisher/HTTPResponse.py b/src/ZPublisher/HTTPResponse.py
+index ed6bc00a89..264a488a03 100644
+--- a/src/ZPublisher/HTTPResponse.py
++++ b/src/ZPublisher/HTTPResponse.py
+@@ -142,7 +142,8 @@ def make_content_disposition(disposition, file_name):
+         #
+         # a special header has to be crafted
+         # also see https://tools.ietf.org/html/rfc6266#appendix-D
+-        encoded_file_name = file_name.encode('us-ascii', errors='ignore')
++        encoded_file_name = file_name.encode(
++            'us-ascii', errors='ignore').decode()
+         header += f'; filename="{encoded_file_name}"'
+         quoted_file_name = quote(file_name)
+         header += f'; filename*=UTF-8\'\'{quoted_file_name}'
+diff --git a/src/ZPublisher/tests/testHTTPResponse.py b/src/ZPublisher/tests/testHTTPResponse.py
+index 1613b0ea59..5d64b5b3dd 100644
+--- a/src/ZPublisher/tests/testHTTPResponse.py
++++ b/src/ZPublisher/tests/testHTTPResponse.py
+@@ -1433,7 +1433,7 @@ def test_ascii(self):
+     def test_latin_one(self):
+         self.assertEqual(
+             make_content_disposition('inline', 'Dänemark.png'),
+-            'inline; filename="b\'Dnemark.png\'"; filename*=UTF-8\'\'D%C3%A4nemark.png'  # noqa: E501
++            'inline; filename="Dnemark.png"; filename*=UTF-8\'\'D%C3%A4nemark.png'  # noqa: E501
+         )
+ 
+     def test_unicode(self):
+@@ -1445,7 +1445,7 @@ def test_unicode(self):
+         """
+         self.assertEqual(
+             make_content_disposition('inline', 'ıq.png'),
+-            'inline; filename="b\'q.png\'"; filename*=UTF-8\'\'%C4%B1q.png'
++            'inline; filename="q.png"; filename*=UTF-8\'\'%C4%B1q.png'
+         )
+ 
+ 

component/jupyter-py2/buildout.cfg

@@ -14,9 +14,8 @@ parts +=
 # Always build GCC for Fortran (see openblas).
 max_version = 0
 
-[jupyter]
+[jupyter:python2]
 extra-eggs =
-python_executable = ${buildout:bin-directory}/${:interpreter}
 
 [download-file-base]
 recipe = slapos.recipe.build:download
@@ -46,7 +45,7 @@ context =
   key develop_eggs_directory buildout:develop-eggs-directory
   key eggs_directory buildout:eggs-directory
   key openssl_output openssl-output:openssl
-  key python_executable jupyter:python_executable
+  key python_executable jupyter:python-executable
   key jupyter_config_location jupyter-notebook-config:location
   key jupyter_config_filename jupyter-notebook-config:filename
   key jupyter_set_password_location jupyter-set-password:location
@@ -59,7 +58,7 @@ context =
   key custom_js_filename custom-js:filename
   key monitor_template_rendered buildout:directory
 
-[versions]
+[versions:python2]
 Pygments = 2.2.0
 ipykernel = 4.5.2
 ipython = 5.3.0

component/jupyter/buildout.cfg

@@ -3,7 +3,7 @@ extends =
   ../numpy/openblas.cfg
   ../matplotlib/buildout.cfg
   ../ipython/buildout.cfg
-  ../python-cffi/buildout.cfg
+  ../python-argon2-cffi/buildout.cfg
   ../python-pyzmq/buildout.cfg
   ../scipy/buildout.cfg
   ../scikit-learn/buildout.cfg
@@ -15,10 +15,6 @@ parts =
   jupyter
   jupyter-notebook-scripts
 
-[argon2-cffi]
-recipe = zc.recipe.egg:custom
-egg = ${:_buildout_section_name_}
-setup-eggs = ${python-cffi:egg}
 
 [jupyter-env]
 <= numpy-env
@@ -73,6 +69,7 @@ scripts =
   jupyter-migrate
   jupyter-troubleshoot
   jupyter-run
+python-executable = ${buildout:bin-directory}/${:interpreter}
 
 [jupyter-notebook-initialized-scripts]
 recipe = zc.recipe.egg:scripts

component/matplotlib/buildout.cfg

@@ -40,6 +40,7 @@ need-matplotlibrc = ${matplotlibrc:location}
 [versions]
 matplotlib = 2.1.2
 cycler = 0.11.0
+matplotlib-inline = 0.1.6:whl
 
 [versions:sys.version_info < (3,8)]
 cycler = 0.10.0

component/pillow/buildout.cfg

@@ -34,3 +34,8 @@ rpath =
   ${libjpeg:location}/lib
   ${libtiff:location}/lib
   ${zlib:location}/lib
+Pillow-patches =  ${:_profile_base_location_}/../../component/egg-patch/Pillow/0001-set-metadata-in-setup.py-for-compatibility-with-old-.patch#0a06cc5a94d3db24688938731e4b15e2
+Pillow-patch-options = -p1
+
+[pillow-python:python2]
+Pillow-patches =

component/pylint/buildout.cfg

@@ -8,10 +8,33 @@ extends =
 [astroid]
 recipe = zc.recipe.egg:custom
 egg = astroid
+setup-eggs = ${lazy-object-proxy:egg}
+
+[astroid:python2]
 patches =
   ${:_profile_base_location_}/astroid-six_moves_import_error.patch#377beb0c50f52b9608bb6be7bf93096e
 patch-options = -p1
 patch-binary = ${patch:location}/bin/patch
+setup-eggs =
+
+
+[lazy-object-proxy]
+recipe = zc.recipe.egg:custom
+egg = lazy-object-proxy
+setup-eggs =
+  ${setuptools-scm:egg}
+  typing-extensions
+  tomli
+
+[setuptools-scm]
+recipe = zc.recipe.egg:custom
+egg = setuptools-scm
+setup-eggs = packaging
+
+[mccabe]
+recipe = zc.recipe.egg:custom
+egg = mccabe
+setup-eggs = pytest-runner
 
 [pylint]
 recipe = zc.recipe.egg:custom
@@ -21,3 +44,14 @@ patches =
   ${:_profile_base_location_}/pylint-redefining-builtins-modules.patch#043defc6e9002ac48b40e078797d4d17
 patch-options = -p1
 patch-binary = ${patch:location}/bin/patch
+
+[pylint:python3]
+recipe = zc.recipe.egg
+patches =
+
+[mccabe:python3]
+recipe = zc.recipe.egg
+setup-eggs =
+
+[astroid:python3]
+recipe = zc.recipe.egg

component/python-argon2-cffi/buildout.cfg

+[buildout]
+extends =
+  ../python-cffi/buildout.cfg
+parts = argon2-cffi
+
+[argon2-cffi]
+recipe = zc.recipe.egg:custom
+egg = ${:_buildout_section_name_}
+setup-eggs = ${python-cffi:egg}

component/python-ldap-python/buildout.cfg

 [buildout]
 parts =
-  python-ldap
+  python-ldap-python
 extends =
   ../cyrus-sasl/buildout.cfg
   ../openldap/buildout.cfg
@@ -10,19 +10,25 @@ extends =
 [python-ldap-python]
 recipe = zc.recipe.egg:custom
 egg = python-ldap
-patches =
-  ${:_profile_base_location_}/python-ldap-no_default_dirs.patch#959115f13f1de5c63654c69b8dfacd69
-patch-options = -p1
-patch-binary = ${patch:location}/bin/patch
 rpath =
   ${openldap:location}/lib
   ${cyrus-sasl:location}/lib
   ${openssl:location}/lib
 include-dirs =
   ${openldap:location}/include
-  ${cyrus-sasl:location}/include/sasl
+  ${cyrus-sasl:location}/include
   ${openssl:location}/include
 library-dirs =
   ${openldap:location}/lib
   ${cyrus-sasl:location}/lib
   ${openssl:location}/lib
+
+[python-ldap-python:python2]
+patches =
+  ${:_profile_base_location_}/python-ldap-no_default_dirs.patch#959115f13f1de5c63654c69b8dfacd69
+patch-options = -p1
+patch-binary = ${patch:location}/bin/patch
+include-dirs =
+  ${openldap:location}/include
+  ${cyrus-sasl:location}/include/sasl
+  ${openssl:location}/include

component/python-pyzmq/buildout.cfg

@@ -16,3 +16,5 @@ egg = pyzmq
 environment = python-pyzmq-env
 rpath =
   ${libzmq:location}/lib
+setup-eggs =
+  packaging

component/python-xmlsec/buildout.cfg

@@ -21,9 +21,19 @@ setup-eggs =
   pkgconfig
   pathlib2
   setuptools-scm
-  toml
+  tomli
 environment = python-xmlsec-env
 
+
+[python-xmlsec:python2]
+setup-eggs =
+  ${lxml-python:egg}
+  pkgconfig
+  pathlib2
+  setuptools-scm
+  toml
+
+
 [python-xmlsec-env]
 PKG_CONFIG=${pkgconfig:location}/bin/pkg-config
 PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${libxslt:location}/lib/pkgconfig:${xmlsec:location}/lib/pkgconfig

component/scikit-image/buildout.cfg

@@ -23,9 +23,21 @@ setup-eggs =
   ${PyWavelets:egg}
   ${pillow-python:egg}
   networkx
+  pythran
+  packaging
 rpath =
   ${openblas:location}/lib
 
+[scikit-image:python2]
+setup-eggs =
+  ${numpy:egg}
+  ${scipy:egg}
+  ${cython:egg}
+  ${PyWavelets:egg}
+  ${pillow-python:egg}
+  networkx
+
+
 [scikit-image-repository]
 recipe  = slapos.recipe.build:gitclone
 git-executable = ${git:location}/bin/git

component/scikit-learn/buildout.cfg

@@ -15,6 +15,7 @@ recipe = zc.recipe.egg:custom
 egg = scikit-learn
 environment = scikit-learn-env
 setup-eggs =
+  ${cython:egg}
   ${numpy:egg}
   ${scipy:egg}
 rpath =

software/erp5/software-py3.cfg

+[buildout]
+extends =
+  ../../stack/erp5/buildout.cfg
+
+[python]
+part = python3
+
+[erp5]
+repository = https://lab.nexedi.com/nexedi/erp5.git
+branch = zope4py3
+develop = true

software/erp5/software-py3.cfg.json

+software.cfg.json
\ No newline at end of file

software/erp5/software.cfg.json

 {
   "name": "ERP5",
-  "description": "ERP5, Open-Source ERP",
+  "description": "ERP5, Open-Source ERP, using python3",
   "serialisation": "json-in-xml",
   "software-type": {
     "default": {

software/erp5/test/test/__init__.py

@@ -46,10 +46,14 @@ from cryptography.x509.oid import NameOID
 from slapos.testing.testcase import ManagedResource, makeModuleSetUpAndTestCaseClass
 from slapos.testing.utils import findFreeTCPPort
 
+ERP5PY3 = os.environ['SLAPOS_SR_TEST_NAME'] == 'erp5-py3'
 
 _setUpModule, SlapOSInstanceTestCase = makeModuleSetUpAndTestCaseClass(
     os.path.abspath(
-        os.path.join(os.path.dirname(__file__), '..', '..', 'software.cfg')))
+        os.path.join(os.path.dirname(__file__), '..', '..', 'software%s.cfg' % (
+          '-py3' if ERP5PY3 else ''))),
+    software_id=os.environ['SLAPOS_SR_TEST_NAME'],
+)
 
 
 setup_module_executed = False
@@ -191,7 +195,10 @@ def neo(instance_parameter_dict):
 class ERP5InstanceTestCase(SlapOSInstanceTestCase, metaclass=ERP5InstanceTestMeta):
   """ERP5 base test case
   """
-  __test_matrix__ = matrix((zeo, neo))  # switch between NEO and ZEO mode
+  if ERP5PY3:
+    __test_matrix__ = matrix((zeo, ))  # TODO: NEO is not yet enabled for py3
+  else:
+    __test_matrix__ = matrix((zeo, neo))  # switch between NEO and ZEO mode
 
   @classmethod
   def isNEO(cls):

software/erp5/test/test/test_erp5.py

@@ -51,7 +51,7 @@ import urllib3
 from slapos.testing.utils import CrontabMixin
 import zc.buildout.configparser
 
-from . import CaucaseService, ERP5InstanceTestCase, default, matrix, neo, setUpModule
+from . import CaucaseService, ERP5InstanceTestCase, default, matrix, neo, setUpModule, ERP5PY3
 
 setUpModule # pyflakes
 
@@ -1260,60 +1260,80 @@ class TestNEO(ZopeSkinsMixin, CrontabMixin, ERP5InstanceTestCase):
   __partition_reference__ = 'n'
   __test_matrix__ = matrix((neo,))
 
-  def _getCrontabCommand(self, crontab_name: str) -> str:
-    """Read a crontab and return the command that is executed.
-
-    overloaded to use crontab from neo partition
-    """
-    with open(
-        os.path.join(
+  if ERP5PY3:
+    # NEO is not ready for python3 at this time, this test is here to become
+    # an unexpected success once it starts working, so that we remember to
+    # remove this and enable neo in ERP5InstanceTestCase.__test_matrix__
+    setup_failed_exception = None
+    @classmethod
+    def setUpClass(cls):
+      try:
+        super().setUpClass()
+      except BaseException as e:
+        cls.setup_failed_exception = e
+        cls.setUp = lambda self: None
+        cls.tearDownClass = classmethod(lambda cls: None)
+
+    @unittest.expectedFailure
+    def test_neo_py3(self):
+      self.assertIsNone(self.setup_failed_exception)
+
+  else:
+    def _getCrontabCommand(self, crontab_name: str) -> str:
+      """Read a crontab and return the command that is executed.
+
+      overloaded to use crontab from neo partition
+      """
+      with open(
+          os.path.join(
+              self.getComputerPartitionPath('neo-0'),
+              'etc',
+              'cron.d',
+              crontab_name,
+          )) as f:
+        crontab_spec, = f.readlines()
+      self.assertNotEqual(crontab_spec[0], '@', crontab_spec)
+      return crontab_spec.split(None, 5)[-1]
+
+    def test_log_rotation(self):
+      # first run to create state files
+      self._executeCrontabAtDate('logrotate', '2000-01-01')
+
+      def check_sqlite_log(path):
+        with self.subTest(path), contextlib.closing(sqlite3.connect(path)) as con:
+          con.execute('select * from log')
+
+      logfiles = ('neoadmin.log', 'neomaster.log', 'neostorage-0.log')
+      for f in logfiles:
+        check_sqlite_log(
+          os.path.join(
             self.getComputerPartitionPath('neo-0'),
-            'etc',
-            'cron.d',
-            crontab_name,
-        )) as f:
-      crontab_spec, = f.readlines()
-    self.assertNotEqual(crontab_spec[0], '@', crontab_spec)
-    return crontab_spec.split(None, 5)[-1]
-
-  def test_log_rotation(self):
-    # first run to create state files
-    self._executeCrontabAtDate('logrotate', '2000-01-01')
-
-    def check_sqlite_log(path):
-      with self.subTest(path), contextlib.closing(sqlite3.connect(path)) as con:
-        con.execute('select * from log')
+            'var',
+            'log',
+            f))
 
-    logfiles = ('neoadmin.log', 'neomaster.log', 'neostorage-0.log')
-    for f in logfiles:
-      check_sqlite_log(
-        os.path.join(
-          self.getComputerPartitionPath('neo-0'),
-          'var',
-          'log',
-          f))
+      self._executeCrontabAtDate('logrotate', '2050-01-01')
 
-    self._executeCrontabAtDate('logrotate', '2050-01-01')
+      for f in logfiles:
+        check_sqlite_log(
+          os.path.join(
+            self.getComputerPartitionPath('neo-0'),
+            'srv',
+            'backup',
+            'logrotate',
+            f'{f}-20500101'))
 
-    for f in logfiles:
-      check_sqlite_log(
-        os.path.join(
-          self.getComputerPartitionPath('neo-0'),
-          'srv',
-          'backup',
-          'logrotate',
-          f'{f}-20500101'))
+      self._executeCrontabAtDate('logrotate', '2050-01-02')
+      requests.get(self._getAuthenticatedZopeUrl('/'), verify=False).raise_for_status()
 
-    self._executeCrontabAtDate('logrotate', '2050-01-02')
-    requests.get(self._getAuthenticatedZopeUrl('/'), verify=False).raise_for_status()
+      for f in logfiles:
+        check_sqlite_log(
+          os.path.join(
+            self.getComputerPartitionPath('neo-0'),
+            'var',
+            'log',
+            f))
 
-    for f in logfiles:
-      check_sqlite_log(
-        os.path.join(
-          self.getComputerPartitionPath('neo-0'),
-          'var',
-          'log',
-          f))
 
 class TestPassword(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin):
   __partition_reference__ = 'p'

software/neoppod/buildout.hash.cfg

@@ -22,7 +22,7 @@ md5sum = 102a7f1c1bc46a9b3fa5bd9b9a628e1d
 
 [instance-neo-admin]
 filename = instance-neo-admin.cfg.in
-md5sum = b6e1ccb1d90160110202e5111eec2afa
+md5sum = a0ec1dce4c7a237fbeef3f8aee62e55a
 
 [instance-neo-master]
 filename = instance-neo-master.cfg.in
@@ -34,7 +34,7 @@ md5sum = fda911d5ef9efee365f1b0ff9843a50b
 
 [template-neo-my-cnf]
 filename = my.cnf.in
-md5sum = 56ea8f452d9e1526157ab9d03e631e1a
+md5sum = 3ae93702f3890a504cc8a93eb5ad52bc
 
 [template-neo]
 filename = instance.cfg.in

software/neoppod/instance-neo-admin.cfg.in

@@ -45,7 +45,7 @@ ssl = {{ dumps(bool(slapparameter_dict['ssl'])) }}
 cluster = {{ dumps(slapparameter_dict['cluster']) }}
 masters = {{ dumps(slapparameter_dict['masters']) }}
 extra-options =
-{%- for k, v in monitor_dict.iteritems() %}
+{%- for k, v in six.iteritems(monitor_dict) %}
 {%-   if k == 'backup' %}
 {%-     set k = 'monitor-backup' %}
 {%-   endif %}

software/neoppod/my.cnf.in

@@ -45,7 +45,7 @@ innodb_locks_unsafe_for_binlog = 1
 {{x}}sync_frm = 0
 
 # Extra parameters.
-{%- for k, v in extra_dict.iteritems() %}
+{%- for k, v in six.iteritems(extra_dict) %}
 {%- do assert('-' not in k) %}
 {{ k }} = {{ v }}
 {%- endfor %}

software/neoppod/software-common.cfg

@@ -130,8 +130,11 @@ inline =
 [versions]
 coverage = 5.5
 ecdsa = 0.13
-mysqlclient = 1.3.12
+mysqlclient = 2.0.1
 PyMySQL = 0.10.1
 pycrypto = 2.6.1
 cython-zstd = 0.2
 funcsigs = 1.0.2
+
+[versions:python2]
+mysqlclient = 1.3.12

software/slapos-sr-testing/buildout.hash.cfg

@@ -15,4 +15,4 @@
 
 [template]
 filename = instance.cfg
-md5sum = f10fbca22d1d30dd7a4f36e1cd521b97
+md5sum = 59a5b559b22ad0590e691226cea45055

software/slapos-sr-testing/instance.cfg

@@ -67,6 +67,7 @@ inline =
     command,
     cwd={{ repr(folder) }},
     summaryf=UnitTest.summary,
+    envadj={ 'SLAPOS_SR_TEST_NAME': {{ repr(name) }} },
   )
   {%-   endif %}
   {%- endfor %}

software/slapos-sr-testing/software.cfg

@@ -440,6 +440,7 @@ tests =
   dream ${slapos.test.dream-setup:setup}
   dufs ${slapos.test.dufs-setup:setup}
   erp5 ${slapos.test.erp5-setup:setup}
+  erp5-py3 ${slapos.test.erp5-setup:setup}
   erp5testnode ${slapos.test.erp5testnode-setup:setup}
   fluentd ${slapos.test.fluentd-setup:setup}
   galene ${slapos.test.galene-setup:setup}
@@ -487,7 +488,7 @@ recurls =
 slapos.core =
 
 # Various needed versions
-Pillow = 9.2.0
+Pillow = 10.2.0+SlapOSPatched001
 forcediphttpsadapter = 1.0.1
 image = 1.5.25
 plantuml = 0.3.0:whl
@@ -495,7 +496,6 @@ pysftp = 0.2.9
 requests-toolbelt = 0.8.0
 testfixtures = 6.11.0
 mysqlclient = 2.1.1
-pexpect = 4.8.0
 ptyprocess = 0.6.0
 paho-mqtt = 1.5.0
 pcpp = 1.30

stack/erp5/buildout-py3.cfg

+[buildout]
+extends =
+  buildout.cfg
+
+
+parts -=
+# XXX: The following parts have no support for Python 3. Ignore for now.
+  rdiff-backup
+  ocropy
+  hookbox
+  scipy
+  scikit-learn
+  scikit-image
+  PyWavelets
+  jupyter-notebook-initialized-scripts
+  jupyter
+  matplotlibrc
+  h5py
+
+[slapos.cookbook-repository]
+develop = true
+branch = zope4py3
+
+[h5py]
+recipe =
+[matplotlibrc]
+recipe =
+[matplotlib]
+recipe =
+[jupyter]
+recipe =
+[rdiff-backup]
+recipe =
+[rdiff-backup-build]
+recipe =
+[ocropy]
+recipe =
+
+[hookbox]
+recipe =
+[scipy]
+recipe =
+[scikit-learn]
+recipe =
+[PyWavelets]
+recipe =
+[scikit-image]
+recipe =
+[statsmodels]
+recipe =
+[seaborn]
+recipe =
+
+
+
+[eggs]
+
+eggs -=
+  ${ocropy:egg}
+#  fpconst
+  ${scipy:egg}
+  ${scikit-learn:egg}
+  ${scikit-image:egg}
+  ${matplotlib:egg}
+  h5py
+  ${h5py:egg}
+  ${statsmodels:egg}
+  astor
+  jupyter
+  jupyter_client
+  jupyter_console
+  jupyter_core
+  nbconvert
+  nbformat
+  notebook
+# additional eggs
+  astor
+  ${seaborn:egg}
+  ${statsmodels:egg}
+# additional eggs for jupyterlab
+  jupyterlab
+  jupyterlab-launcher
+  pytesseract
+
+
+
+[versions]
+pyasn1-modules = 0.2.8
+pyasn1 = 0.4.8
+
+google-api-core = 2.7.1
+google-auth-httplib2 = 0.1.0
+google-auth = 2.6.0
+protobuf = 3.19.4
+googleapis-common-protos = 1.55.0
+scipy = 1.8.1
+statsmodels = 0.10.2
+pyzmq = 19.0.2
+python-ldap = 3.1.0
+
+matplotlib-inline = 0.1.3
+backcall = 0.2.0
+# 2to3 fixers to port code to python3
+zope.fixers = 1.1.2
+defusedxml = 0.7.1
+suds-py3 = 1.4.5.0
+soupsieve = 2.3.2.post1:whl
+

stack/erp5/buildout.hash.cfg

@@ -74,7 +74,7 @@ md5sum = ca0cb83950dd9079cc289891cce08e76
 
 [template-erp5]
 filename = instance-erp5.cfg.in
-md5sum = 6f57c834eb3f774d265c3fd6661429d8
+md5sum = 9f6e95f54c8bef0bbdfead015887a4e2
 
 [template-zeo]
 filename = instance-zeo.cfg.in
@@ -86,11 +86,11 @@ md5sum = 0ac4b74436f554cd677f19275d18d880
 
 [template-zope]
 filename = instance-zope.cfg.in
-md5sum = f280ba7153ae96aa14fc2b799a87943c
+md5sum = 21db8c83b3da64f50872f0ec5166cbb7
 
 [template-balancer]
 filename = instance-balancer.cfg.in
-md5sum = 0fad9497da12ed0186dca5236c23f3a7
+md5sum = 3bdf08bf6ef735647fa54ce2ef273201
 
 [template-haproxy-cfg]
 filename = haproxy.cfg.in

stack/erp5/instance-balancer.cfg.in

@@ -471,10 +471,9 @@ command = generate-apachedex-report
 recipe = slapos.recipe.template
 output = ${directory:etc}/${:_buildout_section_name_}
 inline =
-  {% for line in slapparameter_dict['apachedex-configuration'] %}
+  {% for line in slapparameter_dict['apachedex-configuration'] -%}
     {# apachedex config files use shlex.split, so we need to quote the arguments. #}
-    {# BBB: in python 3 we can use shlex.quote instead. #}
-    {{ repr(line.encode('utf-8')) }}
+    {{ six.moves.shlex_quote(line) }}
   {% endfor %}
 
 [apachedex-parameters]

stack/erp5/instance-erp5.cfg.in

@@ -200,7 +200,7 @@ config-zodb-dict = {{ dumps(zodb_dict) }}
 {% for server_type, server_dict in six.iteritems(storage_dict) -%}
 {%   if server_type == 'neo' -%}
 config-neo-cluster = ${publish-early:neo-cluster}
-config-neo-name = {{ server_dict.keys()[0] }}
+config-neo-name = {{ list(server_dict.keys())[0] }}
 config-neo-masters = ${publish-early:neo-masters}
 {%   else -%}
 config-zodb-zeo = ${request-zodb:connection-storage-dict}

stack/erp5/instance-zope.cfg.in

@@ -80,6 +80,8 @@ environment +=
   TZ={{ slapparameter_dict['timezone'] }}
   MATPLOTLIBRC={{ parameter_dict['matplotlibrc'] }}
   PYTHONUNBUFFERED=1
+  OFS_IMAGE_USE_DENYLIST=1
+  DISALLOWED_INLINE_MIMETYPES=
   INSTANCE_HOME=${:instance-home}
   FONTCONFIG_FILE=${fontconfig-conf:output}
   JUPYTER_PATH=${directory:jupyter-dir}
@@ -401,8 +403,8 @@ config-port = {{ '${' ~ zope_tunnel_section_name ~ ':ipv6-port}' }}
 promise = check_error_on_zope_longrequest_log
 name = {{'check-' ~ name ~ '-longrequest-error-log.py'}}
 config-log-file = {{ '${' ~ conf_parameter_name ~ ':longrequest-logger-file}' }}
-config-error-threshold = {{ slapparameter_dict["zope-longrequest-logger-error-threshold"] }}
-config-maximum-delay = {{ slapparameter_dict["zope-longrequest-logger-maximum-delay"] }}
+config-error-threshold = {{ dumps(slapparameter_dict["zope-longrequest-logger-error-threshold"]) }}
+config-maximum-delay = {{ dumps(slapparameter_dict["zope-longrequest-logger-maximum-delay"]) }}
 {% endif -%}
 
 [{{ section('logrotate-entry-' ~ name) }}]

stack/erp5/zope-versions.cfg

@@ -2,150 +2,94 @@
 # Version pins for required and commonly used dependencies.
 
 [versions]
-Zope = 4.8.9
+Zope = 5.9
 Zope2 = 4.0
-# AccessControl 5+ no longer supports Zope 4.
-AccessControl = 4.4
-Acquisition = 4.13
-AuthEncoding = 4.3
-BTrees = 4.11.3
-Chameleon = 3.10.2
-DateTime = 4.9
-DocumentTemplate = 4.1
-ExtensionClass = 4.9
-Missing = 4.2
-MultiMapping = 4.1
-Paste = 3.5.2
-PasteDeploy = 3.0.1
-Persistence = 3.6
-Products.BTreeFolder2 = 4.4
-# ZCatalog 6+ no longer supports Zope 4.
-Products.ZCatalog = 5.4
-Record = 3.6
-# RestrictedPython >= 6 no longer supports Zope 4
-RestrictedPython = 5.4
+AccessControl = 6.3
+Acquisition = 5.1
+AuthEncoding = 5.0
+BTrees = 5.1
+Chameleon = 4.2.0
+DateTime = 5.3
+DocumentTemplate = 4.6
+ExtensionClass = 5.1
+MultiMapping = 5.0
+Paste = 3.7.1
+PasteDeploy = 3.1.0
+Persistence = 4.1
+RestrictedPython = 7.0
+WebTest = 3.0.0
 WSGIProxy2 = 0.5.1
 WebOb = 1.8.7
-WebTest = 3.0.0
-ZConfig = 3.6.1
-ZEO = 5.3.0
-ZODB = 5.8.0
-five.globalrequest = 99.1
-five.localsitemanager = 3.4
-funcsigs = 1.0.2
-future = 0.18.2
-ipaddress = 1.0.23
-mock = 4.0.3
+ZConfig = 4.0
+ZODB = 5.8.1
+beautifulsoup4 = 4.12.2
+cffi = 1.16.0
 multipart = 0.2.4
-pbr = 5.11.0
-persistent = 4.9.3
-pytz = 2022.7
-roman = 3.3
-shutilwhich = 1.1.0
+persistent = 5.1
+pycparser = 2.21
+python-gettext = 5.0
+pytz = 2023.3.post1
 six = 1.16.0
-transaction = 3.0.1
+roman = 4.1
+soupsieve = 2.5
+transaction = 4.0
 waitress = 2.1.2
-z3c.pt = 3.3.1
-zExceptions = 4.3
-zc.lockfile = 2.0
-zdaemon = 4.4
-zodbpickle = 2.6
-zope.annotation = 4.8
-zope.browser = 2.4
-zope.browsermenu = 4.4
-zope.browserpage = 4.4.0
-zope.browserresource = 4.4
-zope.cachedescriptors = 4.4
-zope.component = 5.0.1
-zope.componentvocabulary = 2.3.0
-zope.configuration = 4.4.1
-zope.container = 5.1
-zope.contentprovider = 4.2.1
-zope.contenttype = 4.6
-zope.datetime = 4.3.0
-zope.deferredimport = 4.4
-zope.deprecation = 4.4.0
-zope.dottedname = 5.0
-zope.event = 4.6
-zope.exceptions = 4.6
-zope.filerepresentation = 5.0.0
-zope.formlib = 5.0.1
-zope.globalrequest = 1.6
-zope.hookable = 5.4
-zope.i18n = 4.9.0
-zope.i18nmessageid = 5.1.1
-zope.interface = 5.5.2
-zope.lifecycleevent = 4.4
-zope.location = 4.3
-zope.pagetemplate = 4.6.0
-zope.processlifetime = 2.4
-zope.proxy = 4.6.1
-zope.ptresource = 4.3.0
-zope.publisher = 6.1.0
-zope.ramcache = 2.4
-zope.schema = 6.2.1
-zope.security = 5.8
-zope.sendmail = 5.3
-zope.sequencesort = 4.2
-zope.site = 4.6.1
-zope.size = 4.4
-zope.structuredtext = 4.4
-zope.tal = 4.5
-zope.tales = 5.2
-zope.testbrowser = 5.6.1
-zope.testing = 4.10
-zope.testrunner = 5.6
-zope.traversing = 4.4.1
-zope.viewlet = 4.3
-
-[versions:python27]
-# Chameleon 3.10 doesn't work on Python 2.7
-Chameleon = 3.9.1
-# DocumentTemplate 4+ requires Python 3.5 or higher
-DocumentTemplate = 3.4
-# PasteDeploy >3 requires Python 3.7
-PasteDeploy = 2.1.1
-# WSGIProxy 0.5 and up requires Python 3.7 and up
-WSGIProxy2 = 0.4.6
-# WebTest 3.0 and up requires Python 3.6 and up
-WebTest = 2.0.35
-# ZServer is only available for Python 2
-ZServer = 4.0.2
-# mock 4.0 and up requires Python 3.6 or higher
-mock = 3.0.5
-# multipart 0.2 and up requires Python 3
-multipart = 0.1.1
-# waitress 2 requires Python 3.6 or higher
-waitress = 1.4.4
-# zope.dottedname >= 5 requires Python 3.6 or higher
-zope.dottedname = 4.3
-# zope.container 5.x requires Python 3.7 or higher
-zope.container = 4.10
+z3c.pt = 4.0
+zExceptions = 5.0
+zc.lockfile = 3.0.post1
+zc.recipe.egg = 2.0.7
+zodbpickle = 3.1
+zope.annotation = 5.0
+zope.browser = 3.0
+zope.browsermenu = 5.0
+zope.browserpage = 5.0
+zope.browserresource = 5.1
+zope.cachedescriptors = 5.0
+zope.component = 6.0
+zope.configuration = 5.0
+zope.container = 5.2
+zope.contentprovider = 5.0
+zope.contenttype = 5.1
+zope.datetime = 5.0.0
+zope.deferredimport = 5.0
+zope.deprecation = 5.0
+zope.dottedname = 6.0
+zope.event = 5.0
+zope.exceptions = 5.0.1
+zope.filerepresentation = 6.0
+zope.globalrequest = 2.0
+zope.hookable = 6.0
+zope.i18n = 5.1
+zope.i18nmessageid = 6.1.0
+zope.interface = 6.1
+zope.lifecycleevent = 5.0
+zope.location = 5.0
+zope.pagetemplate = 5.0
+zope.processlifetime = 3.0
+zope.proxy = 5.1
+zope.ptresource = 5.0
+zope.publisher = 7.0
+zope.schema = 7.0.1
+zope.security = 6.2
+zope.sequencesort = 5.0
+zope.site = 5.0
+zope.size = 5.0
+zope.structuredtext = 5.0
+zope.tal = 5.0.1
+zope.tales = 6.0
+zope.testbrowser = 6.0
+zope.testing = 5.0.1
+zope.traversing = 5.0
+zope.viewlet = 5.0
 
-[versions:python35]
-# DocumentTemplate 4+ cannot be installed on Zope 4 for Python 3.5
-DocumentTemplate = 3.4
-# PasteDeploy >3 requires Python 3.7
-PasteDeploy = 2.1.1
-# WSGIProxy 0.5 and up requires Python 3.7 and up
-WSGIProxy2 = 0.4.6
-# WebTest 3.0 and up requires Python 3.6 and up
-WebTest = 2.0.35
-# mock 4.0 and up requires Python 3.6 or higher
-mock = 3.0.5
-# waitress 2 requires Python 3.6 or higher
-waitress = 1.4.4
-# zope.dottedname >= 5 requires Python 3.6 or higher
-zope.dottedname = 4.3
-# zope.container 5.x requires Python 3.7 or higher
-zope.container = 4.10
 
-[versions:python36]
-# PasteDeploy >3 requires Python 3.7
-PasteDeploy = 2.1.1
-# WSGIProxy 0.5 and up requires Python 3.7 and up
-WSGIProxy2 = 0.4.6
-# waitress 2.1 requires Python 3.7 or higher
-waitress = 2.0.0
-# zope.container 5.x requires Python 3.7 or higher
-zope.container = 4.10
+# XXX this is commented out because slapos.buildout is based on a too old buildout
+# which does not understands :python37 yet. We target a more recent python version
+# so we don't use these versions.
+# [versions:python37]
+# # PasteDeploy 3.x works on Python 3.7 but pulls tons of dependencies
+# PasteDeploy = 2.1.1
+# # SoupSieve 2.5 and up requires Python 3.8
+# soupsieve = 2.4.1
+# # cffi 1.16.0 requires Python 3.8
+# cffi = 1.15.1

stack/slapos.cfg

@@ -141,17 +141,27 @@ zc.buildout = 2.7.1+slapos020
 # Use SlapOS patched zc.recipe.egg (zc.recipe.egg 2.x is for Buildout 2)
 zc.recipe.egg = 2.0.3+slapos003
 
+# XXX rpds-py has binaries, but needs a rust toolchain to be built
+# it is a dependency of jsonschema
+rpds-py = 0.18.0:whl
+
+
 aiohttp = 3.8.5:whl
 aiosignal = 1.3.1:whl
+annotated-types = 0.6.0:whl
+anyio = 4.3.0:whl
 apache-libcloud = 2.4.0
 argon2-cffi = 20.1.0
 asn1crypto = 1.3.0
 astor = 0.5
+asttokens = 2.4.1:whl
 async-generator = 1.10
+async-lru = 2.0.4:whl
 async-timeout = 4.0.3
 atomicwrites = 1.4.0
 atomize = 0.2.0
 attrs = 23.1.0:whl
+Babel = 2.14.0
 backcall = 0.2.0
 backports-abc = 0.5
 backports.functools-lru-cache = 1.6.1:whl
@@ -173,12 +183,14 @@ cliff = 2.8.3:whl
 cmd2 = 0.7.0
 collective.recipe.shelloutput = 0.1
 collective.recipe.template = 2.0
+comm = 0.2.1:whl
 configparser = 4.0.2:whl
 contextlib2 = 0.6.0.post1
 croniter = 0.3.25
 cryptography = 3.3.2
 dataclasses = 0.8
 dateparser = 0.7.6
+debugpy = 1.8.1
 decorator = 4.3.0
 defusedxml = 0.7.1
 distro = 1.7.0
@@ -188,6 +200,7 @@ enum34 = 1.1.10
 erp5.util = 0.4.75
 et-xmlfile = 1.0.1
 exceptiongroup = 1.1.3:whl
+executing = 2.0.1:whl
 fastjsonschema = 2.18.1
 feedparser = 6.0.10
 Flask = 3.0.0:whl
@@ -202,7 +215,9 @@ GitPython = 3.1.30
 greenlet = 3.0.1
 h11 = 0.14.0
 h5py = 2.7.1
+httpcore = 1.0.4:whl
 httplib2 = 0.22.0
+httpx = 0.27.0:whl
 idna = 3.4:whl
 igmp = 1.0.4
 Importing = 1.10
@@ -210,22 +225,31 @@ importlib-metadata = 6.8.0:whl
 importlib-resources = 5.10.2:whl
 inotify-simple = 1.1.1
 ipaddress = 1.0.23
-ipykernel = 5.3.4:whl
-ipython = 7.16.3
-ipython-genutils = 0.1.0
-ipywidgets = 6.0.0
+ipykernel = 6.29.3:whl
+ipython = 8.18.1:whl
+ipython-genutils = 0.2.0
+ipywidgets = 8.1.2:whl
 itsdangerous = 2.1.2
 jdcal = 1.4
 jedi = 0.17.2
 Jinja2 = 3.1.2:whl
-jsonschema = 4.17.3:whl
+joblib = 1.3.2:whl
+json5 = 0.9.20:whl
+jsonschema = 4.21.1:whl
+jsonschema-specifications = 2023.12.1:whl
 jupyter = 1.0.0
-jupyter-client = 7.3.1
-jupyter-console = 6.4.4
-jupyter-core = 4.9.2
-jupyterlab = 0.26.3
-jupyterlab-launcher = 0.3.1
-jupyterlab-pygments = 0.1.2
+jupyter-client = 8.6.0:whl
+jupyter-console = 6.6.3:whl
+jupyter-core = 5.7.1:whl
+jupyter-events = 0.9.0:whl
+jupyter-lsp = 2.2.3:whl
+jupyter-server = 2.13.0:whl
+jupyter-server-terminals = 0.5.2:whl
+jupyterlab = 4.1.3:whl
+jupyterlab-launcher = 0.13.1
+jupyterlab-pygments = 0.3.0:whl
+jupyterlab-server = 2.25.3:whl
+jupyterlab-widgets = 3.0.10:whl
 lock-file = 2.0
 lockfile = 0.12.2:whl
 lsprotocol = 2023.0.0b1:whl
@@ -237,7 +261,7 @@ meld3 = 1.0.2
 mistune = 0.8.4
 mock = 3.0.5
 more-itertools = 5.0.0
-mpmath = 1.0.0
+mpmath = 1.3.0
 msgpack = 1.0.5
 multidict = 6.0.4
 nbclient = 0.5.1
@@ -246,9 +270,11 @@ nbformat = 5.9.2:whl
 nest-asyncio = 1.5.6
 netaddr = 0.7.19
 netifaces = 0.10.7
-notebook = 6.1.5
+notebook = 7.1.1:whl
+notebook-shim = 0.2.4:whl
 openpyxl = 2.5.2
 outcome = 1.2.0
+overrides = 7.7.0
 packaging = 23.2:whl
 pandocfilters = 1.4.3
 paramiko = 2.11.0
@@ -267,16 +293,18 @@ pluggy = 0.13.1:whl
 ply = 3.11
 prettytable = 0.7.2
 prometheus-client = 0.9.0
-prompt-toolkit = 3.0.19
+prompt-toolkit = 3.0.43
 psutil = 5.8.0
 psycopg2 = 2.9.9
 ptyprocess = 0.5.1
+pure-eval = 0.2.2:whl
 py = 1.11.0:whl
 py-mld = 1.0.3
-pyasn1 = 0.4.5
+pyasn1 = 0.5.1
 pycparser = 2.20
 pycurl = 7.45.0
-pydantic = 1.9.1
+pydantic = 2.6.3:whl
+pydantic-core = 2.16.3:whl
 pygls = 1.1.0:whl
 Pygments = 2.9.0
 PyNaCl = 1.3.0
@@ -288,19 +316,22 @@ PyRSS2Gen = 1.1
 PySocks = 1.7.1
 pytest-runner = 5.2:whl
 python-dateutil = 2.8.2:whl
+python-json-logger = 2.0.7
 pytz = 2022.2.1
 PyYAML = 5.4.1
-pyzmq = 22.3.0
+pyzmq = 24.0.1
 qtconsole = 4.3.0
 random2 = 1.0.1
+referencing = 0.33.0:whl
 regex = 2020.9.27
 requests = 2.31.0
+rfc3986-validator = 0.1.1:whl
 rpdb = 0.1.5
 rubygemsrecipe  = 0.4.4
 scandir = 1.10.0
-scikit-learn = 0.20.4
+scikit-learn = 0.24.2
 seaborn = 0.7.1
-Send2Trash = 1.5.0
+Send2Trash = 1.8.2:whl
 setproctitle = 1.1.10
 setuptools-dso = 2.9
 sgmllib3k = 1.0.0
@@ -320,6 +351,7 @@ smmap = 5.0.0
 sniffio = 1.3.0
 sortedcontainers = 2.4.0
 soupsieve = 1.9.5
+stack-data = 0.6.3:whl
 statsmodels = 0.13.5+SlapOSPatched001
 stevedore = 1.21.0:whl
 subprocess32 = 3.5.4
@@ -327,9 +359,10 @@ supervisor = 4.1.0
 sympy = 1.1.1
 terminado = 0.9.1
 testpath = 0.4.4
+threadpoolctl = 3.3.0:whl
 tinycss2 = 1.2.1:whl
-tornado = 6.1
-traitlets = 5.11.2:whl
+tornado = 6.4
+traitlets = 5.14.1:whl
 trio = 0.22.0
 trio-websocket = 0.9.2
 typeguard = 3.0.2:whl
@@ -344,7 +377,7 @@ websocket-client = 1.5.1
 websockets = 10.4
 Werkzeug = 3.0.0:whl
 wheel = 0.41.2:whl
-widgetsnbextension = 2.0.0
+widgetsnbextension = 4.0.10:whl
 wsproto = 1.2.0
 xlrd = 1.1.0
 xml-marshaller = 1.0.2
@@ -357,9 +390,9 @@ zipp = 3.12.0:whl
 zodburi = 2.5.0
 zope.event = 4.6.0
 zope.exceptions = 4.6
-zope.interface = 5.4.0
-zope.testing = 4.7
-zope.testrunner = 5.2
+zope.interface = 5.5.2
+zope.testing = 4.10
+zope.testrunner = 5.6
 
 [versions:sys.version_info < (3,10)]
 # keep old statsmodels by default until slapos.toolbox is updated
@@ -389,26 +422,41 @@ GitPython = 2.1.11
 greenlet = 0.4.17
 idna = 2.9
 importlib-metadata = 1.7.0:whl
-itsdangerous = 0.24
-Jinja2 = 2.11.3
+ipykernel = 5.3.4:whl
+ipython = 7.16.3
+ipython-genutils = 0.1.0
+ipywidgets = 6.0.0
 jsonschema = 3.0.2:whl
+jupyter-client = 7.3.1
+jupyter-console = 6.4.4
+jupyter-core = 4.9.2
+jupyterlab = 0.26.3
+jupyterlab-launcher = 0.3.1
+jupyterlab-pygments = 0.1.2
 MarkupSafe = 1.0
+mpmath = 1.0.0
 msgpack = 0.6.2
+notebook = 6.1.5
 packaging = 16.8
+prompt-toolkit = 3.0.19
 psycopg2 = 2.8.6
 pycurl = 7.43.0
 pyparsing = 2.4.7
 pyrsistent = 0.16.1
+pyzmq = 22.3.0
 requests = 2.27.1
+scikit-learn = 0.20.4
 selectors34 = 1.2
+Send2Trash = 1.5.0
 slapos.toolbox = 0.128.1
 smmap = 0.9.0
 smmap2 = 2.0.5
-statsmodels = 0.11.1
+tornado = 6.1
 traitlets = 4.3.3
 uritemplate = 3.0.0
 Werkzeug = 1.0.1
 wheel = 0.35.1:whl
+widgetsnbextension = 2.0.0
 zipp = 1.2.0:whl