jimmyfagan
commented
2 months ago Jim, can you fill the validation section of the PR? Doesn't have to be anything elaborate, just a small description of how you validated this and/or how a reviewer can validate this.
JFU-NAVA-PBC
JIRA Ticket: BB2-3260
What Does This PR Do?
Identify dependencies that are no longer actively maintained/released: for now use 3 years as a criteria, or its repo is archived.
See if the package has alternative that is recently release, or if the package is not actually used by the current code base (some code is still around in BB2 repo but it is no longer used or replaced by newer component e.g. apps/openapi
The 'Old' dependencies identification steps are documented in ticket: BB2-3260
Here are a few packages removed/replaced: django-bootstrap-form (2018) replaced by django-bootstrap-v5 (2022) django-dotenv (2017) replaced by python-dotenv (2024) <=== this is reverted for this round since the wide ENV vars behavior impact djangorestframework-yaml (2020) removed - used by obsolete module apps/openapi which is removed in this PR
..........
Note: django-bootstrap-v5 is a major update since it is used by all the django templates.
What Should Reviewers Watch For?
If you're reviewing this PR, please check for these things in particular:
Validation
What Security Implications Does This PR Have?
Please indicate if this PR does any of the following:
Adds any new software dependencies
Modifies any security controls
Adds new transmission or storage of data
Any other changes that could possibly affect security?
[ ] Yes, one or more of the above security implications apply. This PR must not be merged without the ISSO or team security engineer's approval.
No above mentioned concerns in this PR
Things to check:
Any Migrations?