memcached: Switch from pylibmc to python-binary-memcached.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2025-10-27 18:13:58 +00:00 · 2020-07-31 17:34:48 -07:00
107 changed files with 1760 additions and 2466 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -3,13 +3,12 @@ root = true
 [*]
 end_of_line = lf
 charset = utf-8
-indent_size = 4
-indent_style = space
 trim_trailing_whitespace = true
 insert_final_newline = true

-binary_next_line = true  # for shfmt
-switch_case_indent = true  # for shfmt
+[*.{sh,py,pyi,js,ts,json,xml,css,scss,hbs,html}]
+indent_style = space
+indent_size = 4

 [*.py]
 max_line_length = 110
@@ -18,4 +17,5 @@ max_line_length = 110
 max_line_length = 100

 [*.{svg,rb,pp}]
+indent_style = space
 indent_size = 2
--- a/docs/_templates/layout.html
+++ b/docs/_templates/layout.html
@@ -5,7 +5,7 @@
    # version e.g. to say that something is likely to have changed.
    # For more info see: https://www.sphinx-doc.org/en/master/templating.html
    #}
-    {% if pagename in ["production/video-calls"] and release.endswith('+git') %}
+    {% if pagename in ["production/management-commands", "production/email-gateway", "production/upgrade-or-modify", "production/zoom-configuration"] and release.endswith('+git') %}
    {#
    # This page doesn't exist in the stable documentation yet.
    # This temporary workaround prevents CircleCI failure and should be removed after the next release.
--- a/docs/overview/changelog.md
+++ b/docs/overview/changelog.md
@@ -7,46 +7,6 @@ All notable changes to the Zulip server are documented in this file.
 This section lists notable unreleased changes; it is generally updated
 in bursts.

-### 3.3 -- December 1, 2020
-
- Guest users should not be allowed to post to streams marked “Only
-  organization full members can post.”  This flaw has existed since
-  the feature was added in Zulip Server 3.0.
- Permit outgoing mail from postfix; this resolves a bug introduced in
-  Zulip Server 3.2 which prevented Zulip from sending outgoing mail if
-  the local mail server (used mostly for incoming mail) was also used
-  for outgoing email (`MAIL_HOST=``'``localhost``'`).
- Ensure that the `upgrade-postgres` tool upgrades the cluster’s data
-  to the specific PostgreSQL version requested; this resolves a bug
-  where, now that PostgreSQL 13 has been released, `upgrade-postgres`
-  would attempt to upgrade to that version and not PostgreSQL 12.
- Replace the impenetrably-named `./manage.py knight` with
-  `./manage.py change_user_role`, and extend it to support
-  “Organization owner” roles.
- Handle realm emojis that have been manually deleted more gracefully.
-
-### 3.2 -- September 15, 2020
-
- Switched from `libmemcached` to `python-binary-memcached`, a
-  pure-Python implementation; this should eliminate memcached
-  connection problems affecting some installations.
- Removed unnecessary `django-cookies-samesite` dependency, which had
-  its latest release removed from PyPI (breaking installation of Zulip
-  3.1).
- Limited which local email addresses Postfix accepts when the
-  incoming email integration is enabled; this prevents the enumeration
-  of local users via the email system.
- Fixed incorrectly case-sensitive email validation in `REMOTE_USER`
-  authentication.
- Fixed search results for `has:image`.
- Fixed ability to adjust "Who can post on the stream" configuration.
- Fixed display of "Permission [to post] will be granted in n days"
-  for n > 365.
- Support providing `nginx_listen_port` setting in conjunction with
-  `http_only` in `zulip.conf`.
- Improved upgrade documentation.
- Removed internal ID lists which could leak into the events API.
-
 ### 3.1 -- July 30, 2020

 - Removed unused `short_name` field from the User model.  This field
--- a/docs/production/export-and-import.md
+++ b/docs/production/export-and-import.md
@@ -65,9 +65,8 @@ su zulip -c '/home/zulip/deployments/current/manage.py backup'
 ```

 The backup tool provides the following options:
- `--output=/tmp/backup.tar.gz`: Filename to write the backup tarball
-  to (default: write to a file in `/tmp`).  On success, the
-  console output will show the path to the output tarball.
+- `--output`: Path where the output file should be stored. If no path is
+ provided, the output file is saved to a temporary directory.
 - `--skip-db`: Skip backup of the database.  Useful if you're using a
  remote postgres host with its own backup system and just need to
  backup non-database state.
--- a/docs/production/index.rst
+++ b/docs/production/index.rst
@@ -21,4 +21,4 @@ Zulip in Production
   email
   deployment
   email-gateway
-   video-calls
+   zoom-configuration
--- a/docs/production/management-commands.md
+++ b/docs/production/management-commands.md
@@ -117,10 +117,11 @@ There are dozens of useful management commands under
 * `./manage.py send_password_reset_email`: Sends password reset email(s)
  to one or more users.
 * `./manage.py change_user_email`: Change a user's email address.
-* `./manage.py change_user_role`: Can change are user's role
+* `./manage.py knight`: Can toggle whether a user is an administrator
  (easier done [via the
  UI](https://zulip.com/help/change-a-users-role)) or create an
-  `api_super_user`, which are needed for certain special API features.
+  API super user bot (with `--permission=api_super_user`), which are
+  needed for some content mirroring integrations.
 * `./manage.py export_single_user` does a limited version of the [main
  export tools](../production/export-and-import.md) containing just
  the messages accessible by a single user.
--- a/docs/production/security-model.md
+++ b/docs/production/security-model.md
@@ -193,7 +193,7 @@ strength allowed is controlled by two settings in

    API super user bots cannot be created by Zulip users, including
    organization owners. They can only be created on the command
-    line (via `manage.py change_user_role api_super_user`).
+    line (via `manage.py knight --permission=api_super_user`).

 ## User-uploaded content

--- a/docs/production/settings.md
+++ b/docs/production/settings.md
@@ -100,7 +100,7 @@ Some popular settings in `/etc/zulip/settings.py` include:
  tweets.
 * The [email gateway](../production/email-gateway.md), which lets
  users send emails into Zulip.
-* The [Video call integrations](../production/video-calls.md).
+* The [Zoom video call integration](zoom-configuration.md).

 ## Zulip announcement list

--- a/docs/production/upgrade-or-modify.md
+++ b/docs/production/upgrade-or-modify.md
@@ -249,9 +249,9 @@ instructions for other supported platforms.
        /home/zulip/deployments/current/ --ignore-static-assets --audit-fts-indexes
    ```

-   This will finish by restarting your Zulip server; you should now be
-   able to navigate to its URL and confirm everything is working
-   correctly.
+That last command will finish by restarting your Zulip server; you
+should now be able to navigate to its URL and confirm everything is
+working correctly.

 ### Upgrading from Ubuntu 16.04 Xenial to 18.04 Bionic

@@ -278,28 +278,11 @@ instructions for other supported platforms.
    systemctl restart memcached
    ```

-5. Finally, we need to reinstall the current version of Zulip, which
-   among other things will recompile Zulip's Python module
-   dependencies for your new version of Python:
+5. Same as for Bionic to Focal.

-    ```
-    rm -rf /srv/zulip-venv-cache/*
-    /home/zulip/deployments/current/scripts/lib/upgrade-zulip-stage-2 \
-        /home/zulip/deployments/current/ --ignore-static-assets
-    ```
-
-   This will finish by restarting your Zulip server; you should now
-   be able to navigate to its URL and confirm everything is working
-   correctly.
-
-6. [Upgrade to the latest Zulip release](#upgrading-to-a-release), now
-   that your server is running a supported operating system.
-
-7. As root, finish by verifying the contents of the full-text indexes:
-
-    ```
-    /home/zulip/deployments/current/manage.py audit_fts_indexes
-    ```
+That last command will finish by restarting your Zulip server; you
+should now be able to navigate to its URL and confirm everything is
+working correctly.

 ### Upgrading from Ubuntu 14.04 Trusty to 16.04 Xenial

@@ -312,7 +295,7 @@ instructions for other supported platforms.
 3. Same as for Bionic to Focal.

 4. As root, upgrade the database installation and OS configuration to
-   match the new OS version:
+match the new OS version:

    ```
    apt remove upstart -y
@@ -326,23 +309,11 @@ instructions for other supported platforms.
    service memcached restart
    ```

-5. Finally, we need to reinstall the current version of Zulip, which
-   among other things will recompile Zulip's Python module
-   dependencies for your new version of Python:
+5. Same as for Bionic to Focal.

-    ```
-    rm -rf /srv/zulip-venv-cache/*
-    /home/zulip/deployments/current/scripts/lib/upgrade-zulip-stage-2 \
-        /home/zulip/deployments/current/ --ignore-static-assets
-    ```
-
-   This will finish by restarting your Zulip server; you should now be
-   able to navigate to its URL and confirm everything is working
-   correctly.
-
-6. [Upgrade from Xenial to
-   Bionic](#upgrading-from-ubuntu-16-04-xenial-to-18-04-bionic), so
-   that you are running a supported operating system.
+That last command will finish by restarting your Zulip server; you
+should now be able to navigate to its URL and confirm everything is
+working correctly.

 ### Upgrading from Debian Stretch to Debian Buster

@@ -377,28 +348,11 @@ instructions for other supported platforms.
    service memcached restart
    ```

-5. Finally, we need to reinstall the current version of Zulip, which
-   among other things will recompile Zulip's Python module
-   dependencies for your new version of Python:
+5. Same as for Bionic to Focal.

-    ```
-    rm -rf /srv/zulip-venv-cache/*
-    /home/zulip/deployments/current/scripts/lib/upgrade-zulip-stage-2 \
-        /home/zulip/deployments/current/ --ignore-static-assets
-    ```
-
-   This will finish by restarting your Zulip server; you should now
-   be able to navigate to its URL and confirm everything is working
-   correctly.
-
-6. [Upgrade to the latest Zulip release](#upgrading-to-a-release), now
-   that your server is running a supported operating system.
-
-7. As root, finish by verifying the contents of the full-text indexes:
-
-    ```
-    /home/zulip/deployments/current/manage.py audit_fts_indexes
-    ```
+That last command will finish by restarting your Zulip server; you
+should now be able to navigate to its URL and confirm everything is
+working correctly.

 ## Upgrading PostgreSQL

--- a/docs/production/video-calls.md
+++ b/docs/production/video-calls.md
@@ -1,77 +0,0 @@
-# Video call providers
-
-This page documents the server-level configuration required to support
-non-default [video call integration
-options](https://zulip.com/help/start-a-call) on a self-hosted Zulip
-server.
-
-## Zoom
-
-To use the [Zoom](https://zoom.us) integration on a self-hosted
-installation, you'll need to register a custom Zoom app as follows:
-
-1. Select [**Build App**](https://marketplace.zoom.us/develop/create)
-   at the Zoom Marketplace.
-
-1. Create an app with the **OAuth** type.
-
-   * Choose an app name such as "ExampleCorp Zulip".
-   * Select **User-managed app**.
-   * Disable the option to publish the app on the Marketplace.
-   * Click **Create**.
-
-1. Inside of the Zoom app management page:
-
-   * On the **App Credentials** tab, set both the **Redirect URL for
-     OAuth** and the **Whitelist URL** to
-     `https://zulip.example.com/calls/zoom/complete` (replacing
-     `zulip.example.com` by your main Zulip hostname).
-   * On the **Scopes** tab, add the `meeting:write` scope.
-
-You can then configure your Zulip server to use that Zoom app as
-follows:
-
-1. In `/etc/zulip/zulip-secrets.conf`, set `video_zoom_client_secret`
-   to be your app's "Client Secret".
-
-1. In `/etc/zulip/settings.py`, set `VIDEO_ZOOM_CLIENT_ID` to your
-   app's "Client ID".
-
-1. Restart the Zulip server with
-   `/home/zulip/deployments/current/scripts/restart-server`.
-
-This enables Zoom support in your Zulip server.  Finally, [configure
-Zoom as the video call
-provider](https://zulip.com/help/start-a-call) in the Zulip
-organization(s) where you want to use it.
-
-## Big Blue Button
-
-To use the [Big Blue Button](https://bigbluebutton.org/) video call
-integration on a self-hosted Zulip installation, you'll need to have a
-Big Blue Button server and configure it:
-
-1. Get the Shared Secret using the `bbb-conf --secret` command on your
-   Big Blue Button Server. See also [the Big Blue Button
-   documentation](https://docs.bigbluebutton.org/2.2/customize.html#extract-the-shared-secret).
-
-2. Get the URL to your Big Blue Button API. The URL has the form of
-   `https://bigbluebutton.example.com/bigbluebutton/` and can also be
-   found using the `bbb-conf --secret` command.
-
-You can then configure your Zulip server to use that Big Blue Button
-Server as follows:
-
-1. In `/etc/zulip/zulip-secrets.conf`, set `big_blue_button_secret`
-   to be your Big Blue Button Server's shared secret.
-
-2. In `/etc/zulip/settings.py`, set `BIG_BLUE_BUTTON_URL` to your
-   to be your Big Blue Button Server's API URL.
-
-3. Restart the Zulip server with
-   `/home/zulip/deployments/current/scripts/restart-server`.
-
-This enables Big Blue Button support in your Zulip server.  Finally, [configure
-Big Blue Button as the video call
-provider](https://zulip.com/help/start-a-call) in the Zulip
-organization(s) where you want to use it.
--- a/docs/production/zoom-configuration.md
+++ b/docs/production/zoom-configuration.md
@@ -0,0 +1,36 @@
+# Zoom Video Calling OAuth Configuration
+
+To use the [Zoom](https://zoom.us) integration on a self-hosted
+installation, you'll need to register a custom Zoom Application as
+follows:
+
+1. Visit the [Zoom Marketplace](https://marketplace.zoom.us/develop/create).
+
+1. Create a new application, choosing **OAuth** as the app type.
+We recommend using a name like "ExampleCorp Zulip".
+
+1. Select *account-level app* for the authentication type, disable
+the option to publish the app in the Marketplace, and click **Create**.
+
+1. Inside of the Zoom app management page, set the Redirect URL to
+`https://zulip.example.com/calls/zoom/complete` (replacing
+`zulip.example.com` by your main Zulip hostname).
+
+1. Set the "Scopes" to `meeting:write:admin`.
+
+You can then configure your Zulip server to use that Zoom application
+as follows:
+
+1. In `/etc/zulip/zulip-secrets.conf`, set `video_zoom_client_secret`
+to be your app's "Client Secret".
+
+1. In `/etc/zulip/settings.py`, set `VIDEO_ZOOM_CLIENT_ID` to your
+   app's "Client ID".
+
+1. Restart the Zulip server with
+   `/home/zulip/deployments/current/scripts/restart-server`.
+
+This enables Zoom support in your Zulip server.  Finally, [configure
+Zoom as the video call
+provider](https://zulip.com/help/start-a-call) in the Zulip
+organization(s) where you want to use it.
--- a/frontend_tests/node_tests/compose.js
+++ b/frontend_tests/node_tests/compose.js
@@ -364,7 +364,7 @@ run_test("validate_stream_message", () => {
    assert($("#compose-all-everyone").visible());
 });

-run_test("test_validate_stream_message_post_policy_admin_only", () => {
+run_test("test_validate_stream_message_post_policy", () => {
    // This test is in continuation with test_validate but it has been separated out
    // for better readability. Their relative position of execution should not be changed.
    // Although the position with respect to test_validate_stream_message does not matter
@@ -386,45 +386,9 @@ run_test("test_validate_stream_message_post_policy_admin_only", () => {
        i18n.t("Only organization admins are allowed to post to this stream."),
    );

-    // Reset error message.
-    compose_state.stream_name("social");
-
-    page_params.is_admin = false;
-    page_params.is_guest = true;
-
-    compose_state.topic("subject102");
-    compose_state.stream_name("stream102");
-    assert(!compose.validate());
-    assert.equal(
-        $("#compose-error-msg").html(),
-        i18n.t("Only organization admins are allowed to post to this stream."),
-    );
-});
-
-run_test("test_validate_stream_message_post_policy_full_members_only", () => {
-    page_params.is_admin = false;
-    page_params.is_guest = true;
-    const sub = {
-        stream_id: 103,
-        name: "stream103",
-        subscribed: true,
-        stream_post_policy: stream_data.stream_post_policy_values.non_new_members.code,
-    };
-
-    compose_state.topic("subject103");
-    compose_state.stream_name("stream103");
-    stream_data.add_sub(sub);
-    assert(!compose.validate());
-    assert.equal(
-        $("#compose-error-msg").html(),
-        i18n.t("Guests are not allowed to post to this stream."),
-    );
-
-    // reset compose_state.stream_name to 'social' again so that any tests occurring after this
+    // reset compose_state.stream_name to 'social' again so that any tests occurung after this
    // do not reproduce this error.
    compose_state.stream_name("social");
-    // Reset page_params
-    page_params.is_guest = false;
 });

 run_test("markdown_rtl", () => {
--- a/frontend_tests/node_tests/filter.js
+++ b/frontend_tests/node_tests/filter.js
@@ -720,40 +720,34 @@ run_test("predicate_basics", () => {
    // HTML content of message is used to determine if image have link, image or attachment.
    // We are using jquery to parse the html and find existence of relevant tags/elements.
    // In tests we need to stub the calls to jquery so using zjquery's .set_find_results method.
-    function set_find_results_for_msg_content(msg, jquery_selector, results) {
-        $(`<div>${msg.content}</div>`).set_find_results(jquery_selector, results);
-    }
-
    const has_link = get_predicate([["has", "link"]]);
-    set_find_results_for_msg_content(img_msg, "a", [$("<a>")]);
+    $(img_msg.content).set_find_results("a", [$("<a>")]);
    assert(has_link(img_msg));
-    set_find_results_for_msg_content(non_img_attachment_msg, "a", [$("<a>")]);
+    $(non_img_attachment_msg.content).set_find_results("a", [$("<a>")]);
    assert(has_link(non_img_attachment_msg));
-    set_find_results_for_msg_content(link_msg, "a", [$("<a>")]);
+    $(link_msg.content).set_find_results("a", [$("<a>")]);
    assert(has_link(link_msg));
-    set_find_results_for_msg_content(no_has_filter_matching_msg, "a", false);
+    $(no_has_filter_matching_msg.content).set_find_results("a", false);
    assert(!has_link(no_has_filter_matching_msg));

    const has_attachment = get_predicate([["has", "attachment"]]);
-    set_find_results_for_msg_content(img_msg, "a[href^='/user_uploads']", [$("<a>")]);
+    $(img_msg.content).set_find_results("a[href^='/user_uploads']", [$("<a>")]);
    assert(has_attachment(img_msg));
-    set_find_results_for_msg_content(non_img_attachment_msg, "a[href^='/user_uploads']", [
-        $("<a>"),
-    ]);
+    $(non_img_attachment_msg.content).set_find_results("a[href^='/user_uploads']", [$("<a>")]);
    assert(has_attachment(non_img_attachment_msg));
-    set_find_results_for_msg_content(link_msg, "a[href^='/user_uploads']", false);
+    $(link_msg.content).set_find_results("a[href^='/user_uploads']", false);
    assert(!has_attachment(link_msg));
-    set_find_results_for_msg_content(no_has_filter_matching_msg, "a[href^='/user_uploads']", false);
+    $(no_has_filter_matching_msg.content).set_find_results("a[href^='/user_uploads']", false);
    assert(!has_attachment(no_has_filter_matching_msg));

    const has_image = get_predicate([["has", "image"]]);
-    set_find_results_for_msg_content(img_msg, ".message_inline_image", [$("<img>")]);
+    $(img_msg.content).set_find_results(".message_inline_image", [$("<img>")]);
    assert(has_image(img_msg));
-    set_find_results_for_msg_content(non_img_attachment_msg, ".message_inline_image", false);
+    $(non_img_attachment_msg.content).set_find_results(".message_inline_image", false);
    assert(!has_image(non_img_attachment_msg));
-    set_find_results_for_msg_content(link_msg, ".message_inline_image", false);
+    $(link_msg.content).set_find_results(".message_inline_image", false);
    assert(!has_image(link_msg));
-    set_find_results_for_msg_content(no_has_filter_matching_msg, ".message_inline_image", false);
+    $(no_has_filter_matching_msg.content).set_find_results(".message_inline_image", false);
    assert(!has_image(no_has_filter_matching_msg));
 });

--- a/frontend_tests/node_tests/reactions.js
+++ b/frontend_tests/node_tests/reactions.js
@@ -171,24 +171,6 @@ run_test("basics", () => {
    assert.deepEqual(result, expected_result);
 });

-run_test("unknown realm emojis (add)", () => {
-    blueslip.expect("error", "Cannot find/add realm emoji for code 'broken'.");
-    reactions.add_clean_reaction({
-        reaction_type: "realm_emoji",
-        emoji_code: "broken",
-        user_ids: [alice.user_id],
-    });
-});
-
-run_test("unknown realm emojis (insert)", () => {
-    blueslip.expect("error", "Cannot find/insert realm emoji for code 'bogus'.");
-    reactions.view.insert_new_reaction({
-        reaction_type: "realm_emoji",
-        emoji_code: "bogus",
-        user_id: bob.user_id,
-    });
-});
-
 run_test("sending", () => {
    const message_id = 1001; // see above for setup
    let emoji_name = "smile"; // should be a current reaction
--- a/puppet/zulip/files/nagios_plugins/zulip_app_frontend/check_email_deliverer_backlog
+++ b/puppet/zulip/files/nagios_plugins/zulip_app_frontend/check_email_deliverer_backlog
@@ -15,10 +15,12 @@ fi
 cd /home/zulip/deployments/current
 BACKLOG="$(./manage.py print_email_delivery_backlog)"

-if [ "$BACKLOG" -gt 0 ] && [ "$BACKLOG" -lt 10 ]; then
+if [ "$BACKLOG" -gt 0 ] && [ "$BACKLOG" -lt 10 ]
+then
    echo "backlog of $BACKLOG"
    exit 1
-elif [ "$BACKLOG" -ge 10 ]; then
+elif [ "$BACKLOG" -ge 10 ]
+then
    echo "backlog of $BACKLOG"
    exit 2
 else
--- a/puppet/zulip/files/nagios_plugins/zulip_app_frontend/check_email_deliverer_process
+++ b/puppet/zulip/files/nagios_plugins/zulip_app_frontend/check_email_deliverer_process
@@ -8,12 +8,13 @@
 SUPERVISOR_STATUS=$(supervisorctl status zulip-workers:zulip_deliver_enqueued_emails 2>&1)
 STATUS=$(echo "$SUPERVISOR_STATUS" | awk '{ print $2 }')

+
 case "$STATUS" in
    RUNNING)
        echo "Running"
        exit 0
        ;;
-    STOPPED | STARTING | BACKOFF | STOPPING | EXITED | FATAL | UNKNOWN)
+    STOPPED|STARTING|BACKOFF|STOPPING|EXITED|FATAL|UNKNOWN)
        # not "RUNNING", but a recognized supervisor status
        echo "$STATUS"
        exit 1
--- a/puppet/zulip/files/nagios_plugins/zulip_app_frontend/check_worker_memory
+++ b/puppet/zulip/files/nagios_plugins/zulip_app_frontend/check_worker_memory
@@ -9,16 +9,16 @@ if [ -z "$processes" ]; then
    echo "No workers running"
    exit 0
 fi
-mapfile -t processes <<<"$processes"
-ps -o vsize,size,pid,user,command --sort -vsize "${processes[@]}" >"$datafile"
+mapfile -t processes <<< "$processes"
+ps -o vsize,size,pid,user,command --sort -vsize "${processes[@]}" > "$datafile"
 cat "$datafile"
 top_worker=$(head -n2 "$datafile" | tail -n1)
 top_worker_memory_usage=$(echo "$top_worker" | cut -f1 -d" ")
 rm -f "$datafile"
 if [ "$top_worker_memory_usage" -gt 800000 ]; then
-    exit 2
+   exit 2
 elif [ "$top_worker_memory_usage" -gt 600000 ]; then
-    exit 1
+   exit 1
 else
-    exit 0
+   exit 0
 fi
--- a/puppet/zulip/files/postfix/access
+++ b/puppet/zulip/files/postfix/access
@@ -1,9 +0,0 @@
-# This is the list of email addresses that are accepted via SMTP;
-# these consist of only the addresses in `virtual`, as well as the
-# RFC822-specified postmaster.
-
-/\+.*@/         OK
-/\..*@/         OK
-/^mm/           OK
-
-/^postmaster@/  OK
--- a/puppet/zulip/files/postfix/virtual
+++ b/puppet/zulip/files/postfix/virtual
@@ -1,6 +1,3 @@
-# Changes to this list require a corresponding change to `access` as
-# well.
-
-/\+.*@/  zulip@localhost
-/\..*@/  zulip@localhost
-/^mm/    zulip@localhost
+/\+.*@/ zulip@localhost
+/\..*@/ zulip@localhost
+/^mm/ zulip@localhost
--- a/puppet/zulip/manifests/app_frontend.pp
+++ b/puppet/zulip/manifests/app_frontend.pp
@@ -5,11 +5,7 @@ class zulip::app_frontend {
  include zulip::app_frontend_once

  $nginx_http_only = zulipconf('application_server', 'http_only', undef)
-  if $nginx_http_only != '' {
-    $nginx_listen_port = zulipconf('application_server', 'nginx_listen_port', 80)
-  } else {
-    $nginx_listen_port = zulipconf('application_server', 'nginx_listen_port', 443)
-  }
+  $nginx_listen_port = zulipconf('application_server', 'nginx_listen_port', 443)
  $no_serve_uploads = zulipconf('application_server', 'no_serve_uploads', undef)
  $ssl_dir = $::osfamily ? {
    'debian' => '/etc/ssl',
--- a/puppet/zulip/manifests/postfix_localmail.pp
+++ b/puppet/zulip/manifests/postfix_localmail.pp
@@ -67,12 +67,4 @@ class zulip::postfix_localmail {
    ],
  }

-  file {'/etc/postfix/access':
-    ensure  => file,
-    mode    => '0644',
-    owner   => root,
-    group   => root,
-    source  => 'puppet:///modules/zulip/postfix/access',
-    require => Package[postfix],
-  }
 }
--- a/puppet/zulip/templates/nginx/zulip-enterprise.template.erb
+++ b/puppet/zulip/templates/nginx/zulip-enterprise.template.erb
@@ -16,8 +16,8 @@ include /etc/nginx/zulip-include/upstreams;

 server {
 <% if @nginx_http_only != '' -%>
-    listen <%= @nginx_listen_port %>;
-    listen [::]:<%= @nginx_listen_port %>;
+    listen 80;
+    listen [::]:80;
 <% else -%>
    listen <%= @nginx_listen_port %> http2;
    listen [::]:<%= @nginx_listen_port %> http2;
--- a/puppet/zulip/templates/postfix/main.cf.erb
+++ b/puppet/zulip/templates/postfix/main.cf.erb
@@ -16,7 +16,6 @@ smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
-smtpd_recipient_restrictions = permit_mynetworks, check_recipient_access regexp:/etc/postfix/access, reject
 myhostname = <%= @fqdn %>
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
--- a/puppet/zulip_ops/files/munin-plugins/rabbitmq_connections
+++ b/puppet/zulip_ops/files/munin-plugins/rabbitmq_connections
@@ -20,8 +20,8 @@
 # always be included.

 if [ "$1" = "autoconf" ]; then
-    echo yes
-    exit 0
+	echo yes
+	exit 0
 fi

 HOME=/tmp/
@@ -30,33 +30,33 @@ HOME=/tmp/
 # graphs should look.

 if [ "$1" = "config" ]; then
-    CONN_WARN=${queue_warn:-500}
-    CONN_CRIT=${queue_crit:-1000}
+        CONN_WARN=${queue_warn:-500}
+        CONN_CRIT=${queue_crit:-1000}

-    # The host name this plugin is for. (Can be overridden to have
-    # one machine answer for several)
+	# The host name this plugin is for. (Can be overridden to have
+	# one machine answer for several)

-    # The title of the graph
-    echo 'graph_title RabbitMQ connections'
-    # Arguments to "rrdtool graph". In this case, tell it that the
-    # lower limit of the graph is '0', and that 1k=1000 (not 1024)
-    echo 'graph_args --base 1000 -l 0'
-    # The Y-axis label
-    echo 'graph_vlabel connections'
-    # We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
-    # 420 milliload)
-    #echo 'graph_scale no'
-    echo 'graph_category RabbitMQ'
+	# The title of the graph
+	echo 'graph_title RabbitMQ connections'
+	# Arguments to "rrdtool graph". In this case, tell it that the
+	# lower limit of the graph is '0', and that 1k=1000 (not 1024)
+	echo 'graph_args --base 1000 -l 0'
+	# The Y-axis label
+	echo 'graph_vlabel connections'
+	# We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
+	# 420 milliload)
+	#echo 'graph_scale no'
+	echo 'graph_category RabbitMQ'

-    echo "connections.label Connections"
-    echo "connections.warning $CONN_WARN"
-    echo "connections.critical $CONN_CRIT"
-    echo "connections.info Number of active connections"
+	echo "connections.label Connections"
+	echo "connections.warning $CONN_WARN"
+	echo "connections.critical $CONN_CRIT"
+	echo "connections.info Number of active connections"

-    echo 'graph_info Shows the number of connections to RabbitMQ'
-    # Last, if run with the "config"-parameter, quit here (don't
-    # display any data)
-    exit 0
+	echo 'graph_info Shows the number of connections to RabbitMQ'
+	# Last, if run with the "config"-parameter, quit here (don't
+	# display any data)
+	exit 0
 fi

 # If not run with any parameters at all (or only unknown ones), do the
--- a/puppet/zulip_ops/files/munin-plugins/rabbitmq_consumers
+++ b/puppet/zulip_ops/files/munin-plugins/rabbitmq_consumers
@@ -20,54 +20,54 @@
 # always be included.

 if [ "$1" = "autoconf" ]; then
-    echo yes
-    exit 0
+	echo yes
+	exit 0
 fi

 # If run with the "config"-parameter, give out information on how the
 # graphs should look.

 HOME=/tmp/
-QUEUES=$(HOME=$HOME rabbitmqctl list_queues name \
-    | grep -v '^Listing' \
-    | grep -v 'done\.$' | sed -e 's/[.=-]/_/g')
+QUEUES=$(HOME=$HOME rabbitmqctl list_queues name | \
+		grep -v '^Listing' | \
+		grep -v 'done\.$' | sed -e 's/[.=-]/_/g' )

 if [ "$1" = "config" ]; then
-    QUEUE_WARN=${queue_warn:-100}
-    QUEUE_CRIT=${queue_crit:-500}
+        QUEUE_WARN=${queue_warn:-100}
+        QUEUE_CRIT=${queue_crit:-500}

-    # The host name this plugin is for. (Can be overridden to have
-    # one machine answer for several)
+	# The host name this plugin is for. (Can be overridden to have
+	# one machine answer for several)

-    # The title of the graph
-    echo "graph_title RabbitMQ consumers"
-    # Arguments to "rrdtool graph". In this case, tell it that the
-    # lower limit of the graph is '0', and that 1k=1000 (not 1024)
-    echo 'graph_args --base 1000 -l 0'
-    # The Y-axis label
-    echo 'graph_vlabel consumers'
-    # We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
-    # 420 milliload)
-    #echo 'graph_scale no'
-    echo 'graph_category RabbitMQ'
+	# The title of the graph
+	echo "graph_title RabbitMQ consumers"
+	# Arguments to "rrdtool graph". In this case, tell it that the
+	# lower limit of the graph is '0', and that 1k=1000 (not 1024)
+	echo 'graph_args --base 1000 -l 0'
+	# The Y-axis label
+	echo 'graph_vlabel consumers'
+	# We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
+	# 420 milliload)
+	#echo 'graph_scale no'
+	echo 'graph_category RabbitMQ'

-    for queue in $QUEUES; do
-        echo "$queue.label $queue"
-        echo "$queue.warning $QUEUE_WARN"
-        echo "$queue.critical $QUEUE_CRIT"
-        echo "$queue.info Active consumers for $queue"
-    done
+	for queue in $QUEUES; do
+		echo "$queue.label $queue"
+		echo "$queue.warning $QUEUE_WARN"
+		echo "$queue.critical $QUEUE_CRIT"
+		echo "$queue.info Active consumers for $queue"
+	done

-    echo 'graph_info Lists active consumers for a queue.'
-    # Last, if run with the "config"-parameter, quit here (don't
-    # display any data)
-    exit 0
+	echo 'graph_info Lists active consumers for a queue.'
+	# Last, if run with the "config"-parameter, quit here (don't
+	# display any data)
+	exit 0
 fi

 # If not run with any parameters at all (or only unknown ones), do the
 # real work - i.e. display the data. Almost always this will be
 # "value" subfield for every data field.

-HOME=$HOME rabbitmqctl list_queues name consumers \
-    | grep -v "^Listing" | grep -v "done.$" \
-    | perl -nle'($q, $s) = split; $q =~ s/[.=-]/_/g; print("$q.value $s")'
+HOME=$HOME rabbitmqctl list_queues name consumers| \
+	grep -v "^Listing" | grep -v "done.$" | \
+    perl -nle'($q, $s) = split; $q =~ s/[.=-]/_/g; print("$q.value $s")'
--- a/puppet/zulip_ops/files/munin-plugins/rabbitmq_messages
+++ b/puppet/zulip_ops/files/munin-plugins/rabbitmq_messages
@@ -20,54 +20,54 @@
 # always be included.

 if [ "$1" = "autoconf" ]; then
-    echo yes
-    exit 0
+	echo yes
+	exit 0
 fi

 # If run with the "config"-parameter, give out information on how the
 # graphs should look.

 HOME=/tmp/
-QUEUES=$(HOME=$HOME rabbitmqctl list_queues name \
-    | grep -v '^Listing' \
-    | grep -v 'done\.$' | sed -e 's/[.=-]/_/g')
+QUEUES=$(HOME=$HOME rabbitmqctl list_queues name | \
+		grep -v '^Listing' | \
+		grep -v 'done\.$' | sed -e 's/[.=-]/_/g' )

 if [ "$1" = "config" ]; then
-    QUEUE_WARN=${queue_warn:-10000}
-    QUEUE_CRIT=${queue_crit:-20000}
+        QUEUE_WARN=${queue_warn:-10000}
+        QUEUE_CRIT=${queue_crit:-20000}

-    # The host name this plugin is for. (Can be overridden to have
-    # one machine answer for several)
+	# The host name this plugin is for. (Can be overridden to have
+	# one machine answer for several)

-    # The title of the graph
-    echo "graph_title RabbitMQ list_queues"
-    # Arguments to "rrdtool graph". In this case, tell it that the
-    # lower limit of the graph is '0', and that 1k=1000 (not 1024)
-    echo 'graph_args --base 1000 -l 0'
-    # The Y-axis label
-    echo 'graph_vlabel queue_size'
-    # We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
-    # 420 milliload)
-    #echo 'graph_scale no'
-    echo 'graph_category RabbitMQ'
+	# The title of the graph
+	echo "graph_title RabbitMQ list_queues"
+	# Arguments to "rrdtool graph". In this case, tell it that the
+	# lower limit of the graph is '0', and that 1k=1000 (not 1024)
+	echo 'graph_args --base 1000 -l 0'
+	# The Y-axis label
+	echo 'graph_vlabel queue_size'
+	# We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
+	# 420 milliload)
+	#echo 'graph_scale no'
+	echo 'graph_category RabbitMQ'

-    for queue in $QUEUES; do
-        echo "$queue.label $queue"
-        echo "$queue.warning $QUEUE_WARN"
-        echo "$queue.critical $QUEUE_CRIT"
-        echo "$queue.info Queue size for $queue"
-    done
+	for queue in $QUEUES; do
+		echo "$queue.label $queue"
+		echo "$queue.warning $QUEUE_WARN"
+		echo "$queue.critical $QUEUE_CRIT"
+		echo "$queue.info Queue size for $queue"
+	done

-    echo 'graph_info Lists how many messages are in each queue.'
-    # Last, if run with the "config"-parameter, quit here (don't
-    # display any data)
-    exit 0
+	echo 'graph_info Lists how many messages are in each queue.'
+	# Last, if run with the "config"-parameter, quit here (don't
+	# display any data)
+	exit 0
 fi

 # If not run with any parameters at all (or only unknown ones), do the
 # real work - i.e. display the data. Almost always this will be
 # "value" subfield for every data field.

-HOME=$HOME rabbitmqctl list_queues \
-    | grep -v "^Listing" | grep -v "done.$" \
-    | perl -nle'($q, $s) = split; $q =~ s/[.=-]/_/g; print("$q.value $s")'
+HOME=$HOME rabbitmqctl list_queues | \
+	grep -v "^Listing" | grep -v "done.$" | \
+	perl -nle'($q, $s) = split; $q =~ s/[.=-]/_/g; print("$q.value $s")'
--- a/puppet/zulip_ops/files/munin-plugins/rabbitmq_messages_unacknowledged
+++ b/puppet/zulip_ops/files/munin-plugins/rabbitmq_messages_unacknowledged
@@ -20,54 +20,54 @@
 # always be included.

 if [ "$1" = "autoconf" ]; then
-    echo yes
-    exit 0
+	echo yes
+	exit 0
 fi

 # If run with the "config"-parameter, give out information on how the
 # graphs should look.

 HOME=/tmp/
-QUEUES=$(HOME=$HOME rabbitmqctl list_queues name \
-    | grep -v '^Listing' \
-    | grep -v 'done\.$' | sed -e 's/[.=-]/_/g')
+QUEUES=$(HOME=$HOME rabbitmqctl list_queues name | \
+		grep -v '^Listing' | \
+		grep -v 'done\.$' | sed -e 's/[.=-]/_/g' )

 if [ "$1" = "config" ]; then
-    QUEUE_WARN=${queue_warn:-10000}
-    QUEUE_CRIT=${queue_crit:-20000}
+        QUEUE_WARN=${queue_warn:-10000}
+        QUEUE_CRIT=${queue_crit:-20000}

-    # The host name this plugin is for. (Can be overridden to have
-    # one machine answer for several)
+	# The host name this plugin is for. (Can be overridden to have
+	# one machine answer for several)

-    # The title of the graph
-    echo "graph_title RabbitMQ Unacknowledged Messages"
-    # Arguments to "rrdtool graph". In this case, tell it that the
-    # lower limit of the graph is '0', and that 1k=1000 (not 1024)
-    echo 'graph_args --base 1000 -l 0'
-    # The Y-axis label
-    echo 'graph_vlabel unacknowledged'
-    # We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
-    # 420 milliload)
-    #echo 'graph_scale no'
-    echo 'graph_category RabbitMQ'
+	# The title of the graph
+	echo "graph_title RabbitMQ Unacknowledged Messages"
+	# Arguments to "rrdtool graph". In this case, tell it that the
+	# lower limit of the graph is '0', and that 1k=1000 (not 1024)
+	echo 'graph_args --base 1000 -l 0'
+	# The Y-axis label
+	echo 'graph_vlabel unacknowledged'
+	# We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
+	# 420 milliload)
+	#echo 'graph_scale no'
+	echo 'graph_category RabbitMQ'

-    for queue in $QUEUES; do
-        echo "$queue.label $queue"
-        echo "$queue.warning $QUEUE_WARN"
-        echo "$queue.critical $QUEUE_CRIT"
-        echo "$queue.info Unacknowledged messages for $queue"
-    done
+	for queue in $QUEUES; do
+		echo "$queue.label $queue"
+		echo "$queue.warning $QUEUE_WARN"
+		echo "$queue.critical $QUEUE_CRIT"
+		echo "$queue.info Unacknowledged messages for $queue"
+	done

-    echo 'graph_info Lists how many messages are in each queue.'
-    # Last, if run with the "config"-parameter, quit here (don't
-    # display any data)
-    exit 0
+	echo 'graph_info Lists how many messages are in each queue.'
+	# Last, if run with the "config"-parameter, quit here (don't
+	# display any data)
+	exit 0
 fi

 # If not run with any parameters at all (or only unknown ones), do the
 # real work - i.e. display the data. Almost always this will be
 # "value" subfield for every data field.

-HOME=$HOME rabbitmqctl list_queues name messages_unacknowledged \
-    | grep -v "^Listing" | grep -v "done.$" \
-    | perl -nle'($q, $s) = split; $q =~ s/[.=-]/_/g; print("$q.value $s")'
+HOME=$HOME rabbitmqctl list_queues name messages_unacknowledged | \
+	grep -v "^Listing" | grep -v "done.$" | \
+    perl -nle'($q, $s) = split; $q =~ s/[.=-]/_/g; print("$q.value $s")'
--- a/puppet/zulip_ops/files/munin-plugins/rabbitmq_messages_uncommitted
+++ b/puppet/zulip_ops/files/munin-plugins/rabbitmq_messages_uncommitted
@@ -20,54 +20,54 @@
 # always be included.

 if [ "$1" = "autoconf" ]; then
-    echo yes
-    exit 0
+	echo yes
+	exit 0
 fi

 # If run with the "config"-parameter, give out information on how the
 # graphs should look.

 HOME=/tmp/
-QUEUES=$(HOME=$HOME rabbitmqctl list_queues name \
-    | grep -v '^Listing' \
-    | grep -v 'done\.$' | sed -e 's/[.=-]/_/g')
+QUEUES=$(HOME=$HOME rabbitmqctl list_queues name | \
+		grep -v '^Listing' | \
+		grep -v 'done\.$' | sed -e 's/[.=-]/_/g' )

 if [ "$1" = "config" ]; then
-    QUEUE_WARN=${queue_warn:-10000}
-    QUEUE_CRIT=${queue_crit:-20000}
+        QUEUE_WARN=${queue_warn:-10000}
+        QUEUE_CRIT=${queue_crit:-20000}

-    # The host name this plugin is for. (Can be overridden to have
-    # one machine answer for several)
+	# The host name this plugin is for. (Can be overridden to have
+	# one machine answer for several)

-    # The title of the graph
-    echo "graph_title RabbitMQ Uncommitted Messages"
-    # Arguments to "rrdtool graph". In this case, tell it that the
-    # lower limit of the graph is '0', and that 1k=1000 (not 1024)
-    echo 'graph_args --base 1000 -l 0'
-    # The Y-axis label
-    echo 'graph_vlabel uncommitted'
-    # We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
-    # 420 milliload)
-    #echo 'graph_scale no'
-    echo 'graph_category RabbitMQ'
+	# The title of the graph
+	echo "graph_title RabbitMQ Uncommitted Messages"
+	# Arguments to "rrdtool graph". In this case, tell it that the
+	# lower limit of the graph is '0', and that 1k=1000 (not 1024)
+	echo 'graph_args --base 1000 -l 0'
+	# The Y-axis label
+	echo 'graph_vlabel uncommitted'
+	# We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
+	# 420 milliload)
+	#echo 'graph_scale no'
+	echo 'graph_category RabbitMQ'

-    for queue in $QUEUES; do
-        echo "$queue.label $queue"
-        echo "$queue.warning $QUEUE_WARN"
-        echo "$queue.critical $QUEUE_CRIT"
-        echo "$queue.info Uncommitted messages for $queue"
-    done
+	for queue in $QUEUES; do
+		echo "$queue.label $queue"
+		echo "$queue.warning $QUEUE_WARN"
+		echo "$queue.critical $QUEUE_CRIT"
+		echo "$queue.info Uncommitted messages for $queue"
+	done

-    echo 'graph_info Lists how many messages are in each queue.'
-    # Last, if run with the "config"-parameter, quit here (don't
-    # display any data)
-    exit 0
+	echo 'graph_info Lists how many messages are in each queue.'
+	# Last, if run with the "config"-parameter, quit here (don't
+	# display any data)
+	exit 0
 fi

 # If not run with any parameters at all (or only unknown ones), do the
 # real work - i.e. display the data. Almost always this will be
 # "value" subfield for every data field.

-HOME=$HOME rabbitmqctl list_channels name messages_uncommitted \
-    | grep -v "^Listing" | grep -v "done.$" \
-    | perl -nle'($q, $s) = /^(.*)\s+(\d+)$/; $q =~ s/[.=-]/_/g; print("$q.value $s")'
+HOME=$HOME rabbitmqctl list_channels name messages_uncommitted | \
+	grep -v "^Listing" | grep -v "done.$" | \
+    perl -nle'($q, $s) = /^(.*)\s+(\d+)$/; $q =~ s/[.=-]/_/g; print("$q.value $s")'
--- a/puppet/zulip_ops/files/munin-plugins/rabbitmq_queue_memory
+++ b/puppet/zulip_ops/files/munin-plugins/rabbitmq_queue_memory
@@ -20,54 +20,54 @@
 # always be included.

 if [ "$1" = "autoconf" ]; then
-    echo yes
-    exit 0
+	echo yes
+	exit 0
 fi

 # If run with the "config"-parameter, give out information on how the
 # graphs should look.

 HOME=/tmp/
-QUEUES=$(rabbitmqctl list_queues name \
-    | grep -v '^Listing' \
-    | grep -v 'done\.$' | sed -e 's/[.=-]/_/g')
+QUEUES=$(rabbitmqctl list_queues name | \
+		grep -v '^Listing' | \
+		grep -v 'done\.$' | sed -e 's/[.=-]/_/g' )

 if [ "$1" = "config" ]; then
-    QUEUE_WARN=${queue_warn:-10000}
-    QUEUE_CRIT=${queue_crit:-20000}
+        QUEUE_WARN=${queue_warn:-10000}
+        QUEUE_CRIT=${queue_crit:-20000}

-    # The host name this plugin is for. (Can be overridden to have
-    # one machine answer for several)
+	# The host name this plugin is for. (Can be overridden to have
+	# one machine answer for several)

-    # The title of the graph
-    echo "graph_title RabbitMQ Memory used by queue"
-    # Arguments to "rrdtool graph". In this case, tell it that the
-    # lower limit of the graph is '0', and that 1k=1000 (not 1024)
-    echo 'graph_args --base 1024 --vertical-label Bytes -l 0'
-    # The Y-axis label
-    echo 'graph_vlabel memory'
-    # We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
-    # 420 milliload)
-    #echo 'graph_scale no'
-    echo 'graph_category RabbitMQ'
+	# The title of the graph
+	echo "graph_title RabbitMQ Memory used by queue"
+	# Arguments to "rrdtool graph". In this case, tell it that the
+	# lower limit of the graph is '0', and that 1k=1000 (not 1024)
+	echo 'graph_args --base 1024 --vertical-label Bytes -l 0'
+	# The Y-axis label
+	echo 'graph_vlabel memory'
+	# We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
+	# 420 milliload)
+	#echo 'graph_scale no'
+	echo 'graph_category RabbitMQ'

-    for queue in $QUEUES; do
-        echo "$queue.label $queue"
-        echo "$queue.warning $QUEUE_WARN"
-        echo "$queue.critical $QUEUE_CRIT"
-        echo "$queue.info Memory used by $queue"
-    done
+	for queue in $QUEUES; do
+		echo "$queue.label $queue"
+		echo "$queue.warning $QUEUE_WARN"
+		echo "$queue.critical $QUEUE_CRIT"
+		echo "$queue.info Memory used by $queue"
+	done

-    echo 'graph_info Show memory usage by queue'
-    # Last, if run with the "config"-parameter, quit here (don't
-    # display any data)
-    exit 0
+	echo 'graph_info Show memory usage by queue'
+	# Last, if run with the "config"-parameter, quit here (don't
+	# display any data)
+	exit 0
 fi

 # If not run with any parameters at all (or only unknown ones), do the
 # real work - i.e. display the data. Almost always this will be
 # "value" subfield for every data field.

-HOME=$HOME rabbitmqctl list_queues name memory \
-    | grep -v "^Listing" | grep -v "done.$" \
-    | perl -nle'($q, $s) = split; $q =~ s/[.=-]/_/g; print("$q.value $s")'
+HOME=$HOME rabbitmqctl list_queues name memory | \
+	grep -v "^Listing" | grep -v "done.$" | \
+    perl -nle'($q, $s) = split; $q =~ s/[.=-]/_/g; print("$q.value $s")'
--- a/puppet/zulip_ops/files/munin-plugins/tornado_event_queues
+++ b/puppet/zulip_ops/files/munin-plugins/tornado_event_queues
@@ -18,8 +18,8 @@
 # always be included.

 if [ "$1" = "autoconf" ]; then
-    echo yes
-    exit 0
+	echo yes
+	exit 0
 fi

 HOME=/tmp/
@@ -28,30 +28,30 @@ HOME=/tmp/
 # graphs should look.

 if [ "$1" = "config" ]; then
-    # The host name this plugin is for. (Can be overridden to have
-    # one machine answer for several)
+	# The host name this plugin is for. (Can be overridden to have
+	# one machine answer for several)

-    # The title of the graph
-    echo 'graph_title Event queues'
-    # Arguments to "rrdtool graph". In this case, tell it that the
-    # lower limit of the graph is '0', and that 1k=1000 (not 1024)
-    echo 'graph_args --base 1000 -l 0'
-    # The Y-axis label
-    echo 'graph_vlabel Number'
-    # We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
-    # 420 milliload)
-    #echo 'graph_scale no'
-    echo 'graph_category Tornado'
+	# The title of the graph
+	echo 'graph_title Event queues'
+	# Arguments to "rrdtool graph". In this case, tell it that the
+	# lower limit of the graph is '0', and that 1k=1000 (not 1024)
+	echo 'graph_args --base 1000 -l 0'
+	# The Y-axis label
+	echo 'graph_vlabel Number'
+	# We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
+	# 420 milliload)
+	#echo 'graph_scale no'
+	echo 'graph_category Tornado'

-    echo "active_queues.label Total active event queues"
-    echo "active_queues.info Total number of active event queues"
-    echo "active_users.label Users with active event queues"
-    echo "active_users.info Number of users with active event queues"
+	echo "active_queues.label Total active event queues"
+	echo "active_queues.info Total number of active event queues"
+	echo "active_users.label Users with active event queues"
+	echo "active_users.info Number of users with active event queues"

-    echo 'graph_info Shows the number of active event queues'
-    # Last, if run with the "config"-parameter, quit here (don't
-    # display any data)
-    exit 0
+	echo 'graph_info Shows the number of active event queues'
+	# Last, if run with the "config"-parameter, quit here (don't
+	# display any data)
+	exit 0
 fi

 # If not run with any parameters at all (or only unknown ones), do the
--- a/puppet/zulip_ops/files/postgresql/setup_disks.sh
+++ b/puppet/zulip_ops/files/postgresql/setup_disks.sh
@@ -5,7 +5,7 @@ set -e
 LOCALDISK=/dev/nvme0n1

 if ! grep -q $LOCALDISK /etc/fstab; then
-    echo "$LOCALDISK   /srv  xfs    nofail,noatime 1 1" >>/etc/fstab
+    echo "$LOCALDISK   /srv  xfs    nofail,noatime 1 1" >> /etc/fstab
 fi

 if ! mountpoint -q /srv; then
--- a/puppet/zulip_ops/files/zulip-ec2-configure-interfaces_if-up.d.sh
+++ b/puppet/zulip_ops/files/zulip-ec2-configure-interfaces_if-up.d.sh
@@ -5,9 +5,9 @@ set -e

 # Only run from ifup.
 if [ "$MODE" != start ]; then
-    exit 0
+	exit 0
 fi

 if [ "$IFACE" = eth0 ]; then
-    /usr/local/sbin/zulip-ec2-configure-interfaces
+	/usr/local/sbin/zulip-ec2-configure-interfaces
 fi
--- a/requirements/common.in
+++ b/requirements/common.in
@@ -79,7 +79,8 @@ pika
 psycopg2 --no-binary psycopg2

 # Needed for memcached usage
-python-binary-memcached
+# https://github.com/jaysonsantos/python-binary-memcached/pull/230, https://github.com/jaysonsantos/python-binary-memcached/pull/231
+https://github.com/jaysonsantos/python-binary-memcached/archive/364ce723ea73290a6ae27551cab28070424fd280.zip#egg=python-binary-memcached==0.29.0+git

 # Needed for compression support in memcached via python-binary-memcached
 django-bmemcached
@@ -177,6 +178,9 @@ pyahocorasick
 # Used for rate limiting authentication.
 decorator

+# Use SameSite cookies in legacy Django (remove with Django 2.1)
+django-cookies-samesite
+
 # For server-side enforcement of password strength
 zxcvbn

--- a/requirements/dev.in
+++ b/requirements/dev.in
@@ -54,7 +54,7 @@ python-digitalocean
 pip-tools

 # zulip's linting framework - zulint
-https://github.com/zulip/zulint/archive/e8c7e42440e8b1a2e58316e16437e815cacfd495.zip#egg=zulint==0.0.1
+https://github.com/zulip/zulint/archive/204a02dbc730253061af08f67a26858dc73754cb.zip#egg=zulint==0.0.1

 -r mypy.in

--- a/requirements/dev.txt
+++ b/requirements/dev.txt
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -27,9 +27,10 @@ commonmark==0.9.1 \
    --hash=sha256:452f9dc859be7f06631ddcb328b6919c67984aca654e5fefb3914d54691aed60 \
    --hash=sha256:da2f38c92590f83de410ba1a3cbceafbc74fee9def35f9251ba9a971d6d66fd9 \
    # via recommonmark
-docutils==0.16 \
-    --hash=sha256:0c5b78adfbf7762415433f5515cd5c9e762339e23369dbe8000d84a4bf4ab3af \
-    --hash=sha256:c2de3a60e9e7d07be26b7f2b00ca0309c207e06c100f9cc2a94931fc75a478fc \
+docutils==0.15.2 \
+    --hash=sha256:6c4f696463b79f1fb8ba0c594b63840ebd41f059e92b31957c46b74a4599b6d0 \
+    --hash=sha256:9e4d7ecfc600058e07ba661411a2b7de2fd0fafa17d1a7f7361cd47b1175c827 \
+    --hash=sha256:a2aeea129088da402665e92e0b25b04b073c04b2dce4ab65caaa38b7ce2e1a99 \
    # via recommonmark, sphinx
 idna==2.8 \
    --hash=sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407 \
@@ -82,9 +83,9 @@ packaging==20.4 \
    --hash=sha256:4357f74f47b9c12db93624a82154e9b120fa8293699949152b22065d556079f8 \
    --hash=sha256:998416ba6962ae7fbd6596850b80e17859a5753ba17c32284f67bfff33784181 \
    # via sphinx
-pygments==2.7.2 \
-    --hash=sha256:381985fcc551eb9d37c52088a32914e00517e57f4a21609f48141ba08e193fa0 \
-    --hash=sha256:88a0bbcd659fcb9573703957c6b9cff9fab7295e6e76db54c9d00ae42df32773 \
+pygments==2.6.1 \
+    --hash=sha256:647344a061c249a3b74e230c739f434d7ea4d8b1d5f3721bc0f3558049b38f44 \
+    --hash=sha256:ff7a40b4860b727ab48fad6360eb351cc1b33cbf9b15a0f689ca5353e9463324 \
    # via sphinx
 pyparsing==2.4.7 \
    --hash=sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1 \
@@ -105,6 +106,8 @@ requests==2.24.0 \
 six==1.15.0 \
    --hash=sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259 \
    --hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced \
+    --hash=sha256:8ce375b18ae4a749516d7e6c6fbbf8be6177c53974f53534d8eadb646cd279b1 \
+    --hash=sha256:92ad876fb6a201a7e23a6b85ea96d9643a51e285667c253a8653643804f7cb68 \
    # via packaging
 snowballstemmer==2.0.0 \
    --hash=sha256:209f257d7533fdb3cb73bdbd24f436239ca3b2fa67d56f6ff88e86be08cc5ef0 \
@@ -114,9 +117,9 @@ sphinx-rtd-theme==0.5.0 \
    --hash=sha256:22c795ba2832a169ca301cd0a083f7a434e09c538c70beb42782c073651b707d \
    --hash=sha256:373413d0f82425aaa28fb288009bf0d0964711d347763af2f1b65cafcb028c82 \
    # via -r requirements/docs.in
-sphinx==3.2.1 \
-    --hash=sha256:321d6d9b16fa381a5306e5a0b76cd48ffbc588e6340059a729c6fdd66087e0e8 \
-    --hash=sha256:ce6fd7ff5b215af39e2fcd44d4a321f6694b4530b6f2b2109b64d120773faea0 \
+sphinx==3.1.2 \
+    --hash=sha256:97dbf2e31fc5684bb805104b8ad34434ed70e6c588f6896991b2fdfd2bef8c00 \
+    --hash=sha256:b9daeb9b39aa1ffefc2809b43604109825300300b987a24f45976c001ba1a8fd \
    # via -r requirements/docs.in, recommonmark, sphinx-rtd-theme
 sphinxcontrib-applehelp==1.0.2 \
    --hash=sha256:806111e5e962be97c29ec4c1e7fe277bfd19e9652fb1a4392105b43e01af885a \
@@ -142,13 +145,13 @@ sphinxcontrib-serializinghtml==1.1.4 \
    --hash=sha256:eaa0eccc86e982a9b939b2b82d12cc5d013385ba5eadcc7e4fed23f4405f77bc \
    --hash=sha256:f242a81d423f59617a8e5cf16f5d4d74e28ee9a66f9e5b637a18082991db5a9a \
    # via sphinx
-urllib3==1.25.11 \
-    --hash=sha256:8d7eaa5a82a1cac232164990f04874c594c9453ec55eef02eab885aa02fc17a2 \
-    --hash=sha256:f5321fbe4bf3fefa0efd0bfe7fb14e90909eb62a48ccda331726b4319897dd5e \
+urllib3==1.25.9 \
+    --hash=sha256:3018294ebefce6572a474f0604c2021e33b3fd8006ecd11d62107a5d2a963527 \
+    --hash=sha256:88206b0eb87e6d677d424843ac5209e3fb9d0190d0ee169599165ec25e9d9115 \
    # via requests

 # The following packages are considered to be unsafe in a requirements file:
-setuptools==50.3.2 \
-    --hash=sha256:2c242a0856fbad7efbe560df4a7add9324f340cf48df43651e9604924466794a \
-    --hash=sha256:ed0519d27a243843b05d82a5e9d01b0b083d9934eaa3d02779a23da18077bd3c \
+setuptools==49.1.0 \
+    --hash=sha256:60351853f8c093ef57224695ee989d5d074168f6b93dae000fa9996072adaba3 \
+    --hash=sha256:daf2e1c215f805b0ddc3b4262886bb6667ae0d4563887a8374fb766adc47c324 \
    # via sphinx
--- a/requirements/mypy.txt
+++ b/requirements/mypy.txt
@@ -30,37 +30,28 @@ mypy==0.782 \
 typed-ast==1.4.1 \
    --hash=sha256:0666aa36131496aed8f7be0410ff974562ab7eeac11ef351def9ea6fa28f6355 \
    --hash=sha256:0c2c07682d61a629b68433afb159376e24e5b2fd4641d35424e462169c0a7919 \
-    --hash=sha256:0d8110d78a5736e16e26213114a38ca35cb15b6515d535413b090bd50951556d \
    --hash=sha256:249862707802d40f7f29f6e1aad8d84b5aa9e44552d2cc17384b209f091276aa \
    --hash=sha256:24995c843eb0ad11a4527b026b4dde3da70e1f2d8806c99b7b4a7cf491612652 \
    --hash=sha256:269151951236b0f9a6f04015a9004084a5ab0d5f19b57de779f908621e7d8b75 \
-    --hash=sha256:3742b32cf1c6ef124d57f95be609c473d7ec4c14d0090e5a5e05a15269fb4d0c \
    --hash=sha256:4083861b0aa07990b619bd7ddc365eb7fa4b817e99cf5f8d9cf21a42780f6e01 \
    --hash=sha256:498b0f36cc7054c1fead3d7fc59d2150f4d5c6c56ba7fb150c013fbc683a8d2d \
    --hash=sha256:4e3e5da80ccbebfff202a67bf900d081906c358ccc3d5e3c8aea42fdfdfd51c1 \
    --hash=sha256:6daac9731f172c2a22ade6ed0c00197ee7cc1221aa84cfdf9c31defeb059a907 \
    --hash=sha256:715ff2f2df46121071622063fc7543d9b1fd19ebfc4f5c8895af64a77a8c852c \
    --hash=sha256:73d785a950fc82dd2a25897d525d003f6378d1cb23ab305578394694202a58c3 \
-    --hash=sha256:7e4c9d7658aaa1fc80018593abdf8598bf91325af6af5cce4ce7c73bc45ea53d \
    --hash=sha256:8c8aaad94455178e3187ab22c8b01a3837f8ee50e09cf31f1ba129eb293ec30b \
    --hash=sha256:8ce678dbaf790dbdb3eba24056d5364fb45944f33553dd5869b7580cdbb83614 \
-    --hash=sha256:92c325624e304ebf0e025d1224b77dd4e6393f18aab8d829b5b7e04afe9b7a2c \
    --hash=sha256:aaee9905aee35ba5905cfb3c62f3e83b3bec7b39413f0a7f19be4e547ea01ebb \
-    --hash=sha256:b52ccf7cfe4ce2a1064b18594381bccf4179c2ecf7f513134ec2f993dd4ab395 \
    --hash=sha256:bcd3b13b56ea479b3650b82cabd6b5343a625b0ced5429e4ccad28a8973f301b \
    --hash=sha256:c9e348e02e4d2b4a8b2eedb48210430658df6951fa484e59de33ff773fbd4b41 \
    --hash=sha256:d205b1b46085271b4e15f670058ce182bd1199e56b317bf2ec004b6a44f911f6 \
    --hash=sha256:d43943ef777f9a1c42bf4e552ba23ac77a6351de620aa9acf64ad54933ad4d34 \
    --hash=sha256:d5d33e9e7af3b34a40dc05f498939f0ebf187f07c385fd58d591c533ad8562fe \
-    --hash=sha256:d648b8e3bf2fe648745c8ffcee3db3ff903d0817a01a12dd6a6ea7a8f4889072 \
-    --hash=sha256:f208eb7aff048f6bea9586e61af041ddf7f9ade7caed625742af423f6bae3298 \
-    --hash=sha256:fac11badff8313e23717f3dada86a15389d0708275bddf766cca67a84ead3e91 \
    --hash=sha256:fc0fea399acb12edbf8a628ba8d2312f583bdbdb3335635db062fa98cf71fca4 \
-    --hash=sha256:fcf135e17cc74dbfbc05894ebca928ffeb23d9790b3167a674921db19082401f \
    --hash=sha256:fe460b922ec15dd205595c9b5b99e2f056fd98ae8f9f56b888e7a17dc2b757e7 \
    # via mypy
-typing-extensions==3.7.4.3 \
-    --hash=sha256:7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918 \
-    --hash=sha256:99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c \
-    --hash=sha256:dafc7639cde7f1b6e1acc0f457842a83e722ccca8eef5270af2d74792619a89f \
+typing-extensions==3.7.4.2 \
+    --hash=sha256:6e95524d8a547a91e08f404ae485bbb71962de46967e1b71a0cb89af24e761c5 \
+    --hash=sha256:79ee589a3caca649a9bfd2a8de4709837400dfa00b6cc81962a1e6a1815969ae \
+    --hash=sha256:f8d2bd89d25bc39dabe7d23df520442fa1d8969b82544370e03d88b5a591c392 \
    # via mypy
--- a/requirements/pip.txt
+++ b/requirements/pip.txt
@@ -7,17 +7,17 @@
 #
 # For details, see requirements/README.md .
 #
-wheel==0.35.1 \
-    --hash=sha256:497add53525d16c173c2c1c733b8f655510e909ea78cc0e29d374243544b77a2 \
-    --hash=sha256:99a22d87add3f634ff917310a3d87e499f19e663413a52eb9232c447aa646c9f \
+wheel==0.34.2 \
+    --hash=sha256:8788e9155fe14f54164c1b9eb0a319d98ef02c160725587ad60f14ddc57b6f96 \
+    --hash=sha256:df277cb51e61359aba502208d680f90c0493adec6f0e848af94948778aed386e \
    # via -r requirements/pip.in

 # The following packages are considered to be unsafe in a requirements file:
-pip==20.2.4 \
-    --hash=sha256:51f1c7514530bd5c145d8f13ed936ad6b8bfcb8cf74e10403d0890bc986f0033 \
-    --hash=sha256:85c99a857ea0fb0aedf23833d9be5c40cf253fe24443f0829c7b472e23c364a1 \
+pip==20.1.1 \
+    --hash=sha256:27f8dc29387dd83249e06e681ce087e6061826582198a425085e0bf4c1cf3a55 \
+    --hash=sha256:b27c4dedae8c41aa59108f2fa38bf78e0890e590545bc8ece7cdceb4ba60f6e4 \
    # via -r requirements/pip.in
-setuptools==50.3.2 \
-    --hash=sha256:2c242a0856fbad7efbe560df4a7add9324f340cf48df43651e9604924466794a \
-    --hash=sha256:ed0519d27a243843b05d82a5e9d01b0b083d9934eaa3d02779a23da18077bd3c \
+setuptools==49.1.0 \
+    --hash=sha256:60351853f8c093ef57224695ee989d5d074168f6b93dae000fa9996072adaba3 \
+    --hash=sha256:daf2e1c215f805b0ddc3b4262886bb6667ae0d4563887a8374fb766adc47c324 \
    # via -r requirements/pip.in
--- a/requirements/prod.txt
+++ b/requirements/prod.txt
@@ -31,9 +31,9 @@ argon2-cffi==20.1.0 \
    --hash=sha256:d8029b2d3e4b4cea770e9e5a0104dd8fa185c1724a0f01528ae4826a6d25f97d \
    --hash=sha256:da7f0445b71db6d3a72462e04f36544b0de871289b0bc8a7cc87c0f5ec7079fa \
    # via -r requirements/common.in
-attrs==20.2.0 \
-    --hash=sha256:26b54ddbbb9ee1d34d5d3668dd37d6cf74990ab23c828c2888dccdceee395594 \
-    --hash=sha256:fce7fc47dfc976152e82d53ff92fa0407700c21acd20886a13777a0d20e655dc \
+attrs==19.3.0 \
+    --hash=sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c \
+    --hash=sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72 \
    # via jsonschema, openapi-core
 babel==2.8.0 \
    --hash=sha256:1aac2ae2d0d8ea368fa90906567f5c08463d98ade155c0c4bfedd6a0f7160e38 \
@@ -43,123 +43,112 @@ backcall==0.2.0 \
    --hash=sha256:5cbdbf27be5e7cfadb448baf0aa95508f91f2bbc6c6437cd9cd06e2a4c215e1e \
    --hash=sha256:fbbce6a29f263178a1f7915c1940bde0ec2b2a967566fe1c65c1dfb7422bd255 \
    # via ipython
-beautifulsoup4==4.9.3 \
-    --hash=sha256:4c98143716ef1cb40bf7f39a8e3eec8f8b009509e74904ba3a7b315431577e35 \
-    --hash=sha256:84729e322ad1d5b4d25f805bfa05b902dd96450f43842c4e99067d5e1369eb25 \
-    --hash=sha256:fff47e031e34ec82bf17e00da8f592fe7de69aeea38be00523c04623c04fb666 \
+beautifulsoup4==4.9.1 \
+    --hash=sha256:73cc4d115b96f79c7d77c1c7f7a0a8d4c57860d1041df407dd1aae7f07a77fd7 \
+    --hash=sha256:a6237df3c32ccfaee4fd201c8f5f9d9df619b93121d01353a64a73ce8c6ef9a8 \
+    --hash=sha256:e718f2342e2e099b640a34ab782407b7b676f47ee272d6739e60b8ea23829f2c \
    # via -r requirements/common.in, pyoembed, zulip-bots
-boto3==1.16.7 \
-    --hash=sha256:2cabcdc217a128832d6c948cae22cbd3af03ae0736efcb59749f1f11f528be54 \
-    --hash=sha256:b378c28c2db3be96abc2ca460c2f08424da8960b87d5d430cb7d6b712ec255b2 \
+boto3==1.14.20 \
+    --hash=sha256:e6ab26155b2f83798218106580ab2b3cd47691e25aba912e0351502eda8d86e0 \
+    --hash=sha256:f7aa33b382cc9e73ef7f590b885e72732ad2bd9628c5e312c9aeb8ba011c6820 \
    # via -r requirements/common.in
-botocore==1.19.7 \
-    --hash=sha256:1481d6d3ccb77cb7cd97395110408238f3ab93b0d823156c7a2fb697604eb50d \
-    --hash=sha256:ab59f842797cbd09ee7d9e3f353bb9546f428853d94db448977dd554320620b3 \
+botocore==1.17.20 \
+    --hash=sha256:d1bf8c2085719221683edf54913c6155c68705f26ab4a72c45e4de5176a8cf7b \
+    --hash=sha256:e7fee600092b51ca8016c541d5c50a8b39179d5c184ec3fd430400d99ba0c55a \
    # via boto3, s3transfer
 cachetools==4.1.1 \
    --hash=sha256:513d4ff98dd27f85743a8dc0e92f55ddb1b49e060c2d5961512855cda2c01a98 \
    --hash=sha256:bbaa39c3dede00175df2dc2b03d0cf18dd2d32a7de7beb68072d13043c9edb20 \
    # via premailer
-cchardet==2.1.7 \
-    --hash=sha256:0b859069bbb9d27c78a2c9eb997e6f4b738db2d7039a03f8792b4058d61d1109 \
-    --hash=sha256:228d2533987c450f39acf7548f474dd6814c446e9d6bd228e8f1d9a2d210f10b \
-    --hash=sha256:2309ff8fc652b0fc3c0cff5dbb172530c7abb92fe9ba2417c9c0bcf688463c1c \
-    --hash=sha256:24974b3e40fee9e7557bb352be625c39ec6f50bc2053f44a3d1191db70b51675 \
-    --hash=sha256:273699c4e5cd75377776501b72a7b291a988c6eec259c29505094553ee505597 \
-    --hash=sha256:27a9ba87c9f99e0618e1d3081189b1217a7d110e5c5597b0b7b7c3fedd1c340a \
-    --hash=sha256:302aa443ae2526755d412c9631136bdcd1374acd08e34f527447f06f3c2ddb98 \
-    --hash=sha256:45456c59ec349b29628a3c6bfb86d818ec3a6fbb7eb72de4ff3bd4713681c0e3 \
-    --hash=sha256:48ba829badef61441e08805cfa474ccd2774be2ff44b34898f5854168c596d4d \
-    --hash=sha256:50ad671e8d6c886496db62c3bd68b8d55060688c655873aa4ce25ca6105409a1 \
-    --hash=sha256:54341e7e1ba9dc0add4c9d23b48d3a94e2733065c13920e85895f944596f6150 \
-    --hash=sha256:54d0b26fd0cd4099f08fb9c167600f3e83619abefeaa68ad823cc8ac1f7bcc0c \
-    --hash=sha256:5a25f9577e9bebe1a085eec2d6fdd72b7a9dd680811bba652ea6090fb2ff472f \
-    --hash=sha256:6b6397d8a32b976a333bdae060febd39ad5479817fabf489e5596a588ad05133 \
-    --hash=sha256:70eeae8aaf61192e9b247cf28969faef00578becd2602526ecd8ae7600d25e0e \
-    --hash=sha256:80e6faae75ecb9be04a7b258dc4750d459529debb6b8dee024745b7b5a949a34 \
-    --hash=sha256:90086e5645f8a1801350f4cc6cb5d5bf12d3fa943811bb08667744ec1ecc9ccd \
-    --hash=sha256:a39526c1c526843965cec589a6f6b7c2ab07e3e56dc09a7f77a2be6a6afa4636 \
-    --hash=sha256:b154effa12886e9c18555dfc41a110f601f08d69a71809c8d908be4b1ab7314f \
-    --hash=sha256:b59ddc615883835e03c26f81d5fc3671fab2d32035c87f50862de0da7d7db535 \
-    --hash=sha256:bd7f262f41fd9caf5a5f09207a55861a67af6ad5c66612043ed0f81c58cdf376 \
-    --hash=sha256:c428b6336545053c2589f6caf24ea32276c6664cb86db817e03a94c60afa0eaf \
-    --hash=sha256:c6f70139aaf47ffb94d89db603af849b82efdf756f187cdd3e566e30976c519f \
-    --hash=sha256:c96aee9ebd1147400e608a3eff97c44f49811f8904e5a43069d55603ac4d8c97 \
-    --hash=sha256:ec3eb5a9c475208cf52423524dcaf713c394393e18902e861f983c38eeb77f18 \
-    --hash=sha256:eee4f5403dc3a37a1ca9ab87db32b48dc7e190ef84601068f45397144427cc5e \
-    --hash=sha256:f16517f3697569822c6d09671217fdeab61dfebc7acb5068634d6b0728b86c0b \
-    --hash=sha256:f86e0566cb61dc4397297696a4a1b30f6391b50bc52b4f073507a48466b6255a \
-    --hash=sha256:fdac1e4366d0579fff056d1280b8dc6348be964fda8ebb627c0269e097ab37fa \
+cchardet==2.1.6 \
+    --hash=sha256:0f6e4e464e332da776b9c1a34e4e83b6301d38c2724efc93848c46ade66d02bb \
+    --hash=sha256:217a7008bd399bdb61f6a0a2570acc5c3a9f96140e0a0d089b9e748c4d4e4c4e \
+    --hash=sha256:27b0f23088873d1dd36d2c8a2e45c9167e312e1aac7e4baeb47f7428a2669638 \
+    --hash=sha256:2a958fb093f69ee5f16be7a1aee5122e07aff4350fa4dc9b953b87c34468e605 \
+    --hash=sha256:2aa1b008965c703ad6597361b0f6d427c8971fe94a2c99ec3724c228ae50d6a6 \
+    --hash=sha256:2c05b66b12f9ab0493c5ffb666036fd8c9004a9cc9d5a9264dc24738b50ab8c3 \
+    --hash=sha256:4096759825a130cb27a58ddf6d58e10abdd0127d29fbf53fde26df7ad879737b \
+    --hash=sha256:40c199f9c0569ac479fae7c4e12d2e16fc1e8237836b928474fdd228b8d11477 \
+    --hash=sha256:4486f6e5bdf06f0081d13832f2a061d9e90597eb02093fda9d37e3985e3b2ef2 \
+    --hash=sha256:54d2653520237ebbd2928f2c0f2eb7c616ee2b5194d73d945060cd54a7846b64 \
+    --hash=sha256:5e38cfad9d3ca0f571c4352e9ca0f5ab718508f492a37d3236ae70810140e250 \
+    --hash=sha256:68409e00d75ff13dd7a192ec49559f5527ee8959a51a9f4dd7b168df972b4d44 \
+    --hash=sha256:79b0e113144c2ef0050bc9fe647c7657c5298f3012ecd8937d930b24ddd61404 \
+    --hash=sha256:7a2d98df461d3f36b403fdd8d7890c823ed05bd98eb074412ed56fbfedb94751 \
+    --hash=sha256:7bba1cbb4358dc9a2d2da00f4b38b159a5483d2f3b1d698a7c2cae518f955170 \
+    --hash=sha256:84d2ce838cf3c2fe7f0517941702d42f7e598e5173632ec47a113cd521669b98 \
+    --hash=sha256:8b1d02c99f6444c63336a76638741eaf4ac4005b454e3b8252a40074bf0d84a1 \
+    --hash=sha256:8f7ade2578b2326a0a554c03f60c8d079331220179a592e83e143c9556b7f5b2 \
+    --hash=sha256:953fe382304b19f5aa8fc2da4b092a3bb58a477d33af4def4b81abdce4c9288c \
+    --hash=sha256:acc96b4a8f756af289fa90ffa67ddef57401d99131e51e71872e3609483941ce \
+    --hash=sha256:af284494ea6c40f9613b4d939abe585eb9290cb92037eab66122c93190fcb338 \
+    --hash=sha256:b76afb2059ad69eab576949980a17413c1e9e5a5624abf9e43542d8853f146b3 \
+    --hash=sha256:ccb9f6f06265382028468b47e726f2d42539256fb498d1b0e473c39037b42b8a \
+    --hash=sha256:cf134e1cfb0c53f08abb1ab9158a7e7f859c3ddb451d5fe535a2cc5f2958a688 \
+    --hash=sha256:dff9480d9b6260f59ad10e1cec5be13905be5da88a4a2bd5a5bd4d49c49c4a05 \
+    --hash=sha256:e27771798c8ad50df1375e762d59369354af94eb8ac21eca5bfd1eeef589f545 \
+    --hash=sha256:f245f045054e8d6dab2a0e366d3c74f3a47fb7dec2595ae2035b234b1a829c7a \
+    --hash=sha256:f5c94994d876d8709847c3a92643309d716f43716580a2e5831262366a9ee8b6 \
+    --hash=sha256:fd16f57ce42a72397cd9fe38977fc809eb02172731cb354572f28a6d8e4cf322 \
    # via talon
 certifi==2020.6.20 \
    --hash=sha256:5930595817496dd21bb8dc35dad090f1c2cd0adfaf21204bf6732ca5d8ee34d3 \
    --hash=sha256:8fc0819f1f30ba15bdb34cceffb9ef04d99f420f68eb75d901e9560b8749fc41 \
    # via requests
-cffi==1.14.3 \
-    --hash=sha256:005f2bfe11b6745d726dbb07ace4d53f057de66e336ff92d61b8c7e9c8f4777d \
-    --hash=sha256:09e96138280241bd355cd585148dec04dbbedb4f46128f340d696eaafc82dd7b \
-    --hash=sha256:0b1ad452cc824665ddc682400b62c9e4f5b64736a2ba99110712fdee5f2505c4 \
-    --hash=sha256:0ef488305fdce2580c8b2708f22d7785ae222d9825d3094ab073e22e93dfe51f \
-    --hash=sha256:15f351bed09897fbda218e4db5a3d5c06328862f6198d4fb385f3e14e19decb3 \
-    --hash=sha256:22399ff4870fb4c7ef19fff6eeb20a8bbf15571913c181c78cb361024d574579 \
-    --hash=sha256:23e5d2040367322824605bc29ae8ee9175200b92cb5483ac7d466927a9b3d537 \
-    --hash=sha256:2791f68edc5749024b4722500e86303a10d342527e1e3bcac47f35fbd25b764e \
-    --hash=sha256:2f9674623ca39c9ebe38afa3da402e9326c245f0f5ceff0623dccdac15023e05 \
-    --hash=sha256:3363e77a6176afb8823b6e06db78c46dbc4c7813b00a41300a4873b6ba63b171 \
-    --hash=sha256:33c6cdc071ba5cd6d96769c8969a0531be2d08c2628a0143a10a7dcffa9719ca \
-    --hash=sha256:3b8eaf915ddc0709779889c472e553f0d3e8b7bdf62dab764c8921b09bf94522 \
-    --hash=sha256:3cb3e1b9ec43256c4e0f8d2837267a70b0e1ca8c4f456685508ae6106b1f504c \
-    --hash=sha256:3eeeb0405fd145e714f7633a5173318bd88d8bbfc3dd0a5751f8c4f70ae629bc \
-    --hash=sha256:44f60519595eaca110f248e5017363d751b12782a6f2bd6a7041cba275215f5d \
-    --hash=sha256:4d7c26bfc1ea9f92084a1d75e11999e97b62d63128bcc90c3624d07813c52808 \
-    --hash=sha256:529c4ed2e10437c205f38f3691a68be66c39197d01062618c55f74294a4a4828 \
-    --hash=sha256:6642f15ad963b5092d65aed022d033c77763515fdc07095208f15d3563003869 \
-    --hash=sha256:85ba797e1de5b48aa5a8427b6ba62cf69607c18c5d4eb747604b7302f1ec382d \
-    --hash=sha256:8f0f1e499e4000c4c347a124fa6a27d37608ced4fe9f7d45070563b7c4c370c9 \
-    --hash=sha256:a624fae282e81ad2e4871bdb767e2c914d0539708c0f078b5b355258293c98b0 \
-    --hash=sha256:b0358e6fefc74a16f745afa366acc89f979040e0cbc4eec55ab26ad1f6a9bfbc \
-    --hash=sha256:bbd2f4dfee1079f76943767fce837ade3087b578aeb9f69aec7857d5bf25db15 \
-    --hash=sha256:bf39a9e19ce7298f1bd6a9758fa99707e9e5b1ebe5e90f2c3913a47bc548747c \
-    --hash=sha256:c11579638288e53fc94ad60022ff1b67865363e730ee41ad5e6f0a17188b327a \
-    --hash=sha256:c150eaa3dadbb2b5339675b88d4573c1be3cb6f2c33a6c83387e10cc0bf05bd3 \
-    --hash=sha256:c53af463f4a40de78c58b8b2710ade243c81cbca641e34debf3396a9640d6ec1 \
-    --hash=sha256:cb763ceceae04803adcc4e2d80d611ef201c73da32d8f2722e9d0ab0c7f10768 \
-    --hash=sha256:cc75f58cdaf043fe6a7a6c04b3b5a0e694c6a9e24050967747251fb80d7bce0d \
-    --hash=sha256:d80998ed59176e8cba74028762fbd9b9153b9afc71ea118e63bbf5d4d0f9552b \
-    --hash=sha256:de31b5164d44ef4943db155b3e8e17929707cac1e5bd2f363e67a56e3af4af6e \
-    --hash=sha256:e66399cf0fc07de4dce4f588fc25bfe84a6d1285cc544e67987d22663393926d \
-    --hash=sha256:f0620511387790860b249b9241c2f13c3a80e21a73e0b861a2df24e9d6f56730 \
-    --hash=sha256:f4eae045e6ab2bb54ca279733fe4eb85f1effda392666308250714e01907f394 \
-    --hash=sha256:f92cdecb618e5fa4658aeb97d5eb3d2f47aa94ac6477c6daf0f306c5a3b9e6b1 \
-    --hash=sha256:f92f789e4f9241cd262ad7a555ca2c648a98178a953af117ef7fad46aa1d5591 \
+cffi==1.14.0 \
+    --hash=sha256:001bf3242a1bb04d985d63e138230802c6c8d4db3668fb545fb5005ddf5bb5ff \
+    --hash=sha256:00789914be39dffba161cfc5be31b55775de5ba2235fe49aa28c148236c4e06b \
+    --hash=sha256:028a579fc9aed3af38f4892bdcc7390508adabc30c6af4a6e4f611b0c680e6ac \
+    --hash=sha256:14491a910663bf9f13ddf2bc8f60562d6bc5315c1f09c704937ef17293fb85b0 \
+    --hash=sha256:1cae98a7054b5c9391eb3249b86e0e99ab1e02bb0cc0575da191aedadbdf4384 \
+    --hash=sha256:2089ed025da3919d2e75a4d963d008330c96751127dd6f73c8dc0c65041b4c26 \
+    --hash=sha256:2d384f4a127a15ba701207f7639d94106693b6cd64173d6c8988e2c25f3ac2b6 \
+    --hash=sha256:337d448e5a725bba2d8293c48d9353fc68d0e9e4088d62a9571def317797522b \
+    --hash=sha256:399aed636c7d3749bbed55bc907c3288cb43c65c4389964ad5ff849b6370603e \
+    --hash=sha256:3b911c2dbd4f423b4c4fcca138cadde747abdb20d196c4a48708b8a2d32b16dd \
+    --hash=sha256:3d311bcc4a41408cf5854f06ef2c5cab88f9fded37a3b95936c9879c1640d4c2 \
+    --hash=sha256:62ae9af2d069ea2698bf536dcfe1e4eed9090211dbaafeeedf5cb6c41b352f66 \
+    --hash=sha256:66e41db66b47d0d8672d8ed2708ba91b2f2524ece3dee48b5dfb36be8c2f21dc \
+    --hash=sha256:675686925a9fb403edba0114db74e741d8181683dcf216be697d208857e04ca8 \
+    --hash=sha256:7e63cbcf2429a8dbfe48dcc2322d5f2220b77b2e17b7ba023d6166d84655da55 \
+    --hash=sha256:8a6c688fefb4e1cd56feb6c511984a6c4f7ec7d2a1ff31a10254f3c817054ae4 \
+    --hash=sha256:8c0ffc886aea5df6a1762d0019e9cb05f825d0eec1f520c51be9d198701daee5 \
+    --hash=sha256:95cd16d3dee553f882540c1ffe331d085c9e629499ceadfbda4d4fde635f4b7d \
+    --hash=sha256:99f748a7e71ff382613b4e1acc0ac83bf7ad167fb3802e35e90d9763daba4d78 \
+    --hash=sha256:b8c78301cefcf5fd914aad35d3c04c2b21ce8629b5e4f4e45ae6812e461910fa \
+    --hash=sha256:c420917b188a5582a56d8b93bdd8e0f6eca08c84ff623a4c16e809152cd35793 \
+    --hash=sha256:c43866529f2f06fe0edc6246eb4faa34f03fe88b64a0a9a942561c8e22f4b71f \
+    --hash=sha256:cab50b8c2250b46fe738c77dbd25ce017d5e6fb35d3407606e7a4180656a5a6a \
+    --hash=sha256:cef128cb4d5e0b3493f058f10ce32365972c554572ff821e175dbc6f8ff6924f \
+    --hash=sha256:cf16e3cf6c0a5fdd9bc10c21687e19d29ad1fe863372b5543deaec1039581a30 \
+    --hash=sha256:e56c744aa6ff427a607763346e4170629caf7e48ead6921745986db3692f987f \
+    --hash=sha256:e577934fc5f8779c554639376beeaa5657d54349096ef24abe8c74c5d9c117c3 \
+    --hash=sha256:f2b0fa0c01d8a0c7483afd9f31d7ecf2d71760ca24499c8697aeb5ca37dc090c \
    # via argon2-cffi, cryptography
 chardet==3.0.4 \
    --hash=sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae \
    --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691 \
    # via requests, talon
-cryptography==3.2.1 \
-    --hash=sha256:07ca431b788249af92764e3be9a488aa1d39a0bc3be313d826bbec690417e538 \
-    --hash=sha256:13b88a0bd044b4eae1ef40e265d006e34dbcde0c2f1e15eb9896501b2d8f6c6f \
-    --hash=sha256:32434673d8505b42c0de4de86da8c1620651abd24afe91ae0335597683ed1b77 \
-    --hash=sha256:3cd75a683b15576cfc822c7c5742b3276e50b21a06672dc3a800a2d5da4ecd1b \
-    --hash=sha256:4e7268a0ca14536fecfdf2b00297d4e407da904718658c1ff1961c713f90fd33 \
-    --hash=sha256:545a8550782dda68f8cdc75a6e3bf252017aa8f75f19f5a9ca940772fc0cb56e \
-    --hash=sha256:55d0b896631412b6f0c7de56e12eb3e261ac347fbaa5d5e705291a9016e5f8cb \
-    --hash=sha256:5849d59358547bf789ee7e0d7a9036b2d29e9a4ddf1ce5e06bb45634f995c53e \
-    --hash=sha256:6dc59630ecce8c1f558277ceb212c751d6730bd12c80ea96b4ac65637c4f55e7 \
-    --hash=sha256:7117319b44ed1842c617d0a452383a5a052ec6aa726dfbaffa8b94c910444297 \
-    --hash=sha256:75e8e6684cf0034f6bf2a97095cb95f81537b12b36a8fedf06e73050bb171c2d \
-    --hash=sha256:7b8d9d8d3a9bd240f453342981f765346c87ade811519f98664519696f8e6ab7 \
-    --hash=sha256:a035a10686532b0587d58a606004aa20ad895c60c4d029afa245802347fab57b \
-    --hash=sha256:a4e27ed0b2504195f855b52052eadcc9795c59909c9d84314c5408687f933fc7 \
-    --hash=sha256:a733671100cd26d816eed39507e585c156e4498293a907029969234e5e634bc4 \
-    --hash=sha256:a75f306a16d9f9afebfbedc41c8c2351d8e61e818ba6b4c40815e2b5740bb6b8 \
-    --hash=sha256:bd717aa029217b8ef94a7d21632a3bb5a4e7218a4513d2521c2a2fd63011e98b \
-    --hash=sha256:d25cecbac20713a7c3bc544372d42d8eafa89799f492a43b79e1dfd650484851 \
-    --hash=sha256:d26a2557d8f9122f9bf445fc7034242f4375bd4e95ecda007667540270965b13 \
-    --hash=sha256:d3545829ab42a66b84a9aaabf216a4dce7f16dbc76eb69be5c302ed6b8f4a29b \
-    --hash=sha256:d3d5e10be0cf2a12214ddee45c6bd203dab435e3d83b4560c03066eda600bfe3 \
-    --hash=sha256:efe15aca4f64f3a7ea0c09c87826490e50ed166ce67368a68f315ea0807a20df \
+cryptography==2.9.2 \
+    --hash=sha256:091d31c42f444c6f519485ed528d8b451d1a0c7bf30e8ca583a0cac44b8a0df6 \
+    --hash=sha256:18452582a3c85b96014b45686af264563e3e5d99d226589f057ace56196ec78b \
+    --hash=sha256:1dfa985f62b137909496e7fc182dac687206d8d089dd03eaeb28ae16eec8e7d5 \
+    --hash=sha256:1e4014639d3d73fbc5ceff206049c5a9a849cefd106a49fa7aaaa25cc0ce35cf \
+    --hash=sha256:22e91636a51170df0ae4dcbd250d318fd28c9f491c4e50b625a49964b24fe46e \
+    --hash=sha256:3b3eba865ea2754738616f87292b7f29448aec342a7c720956f8083d252bf28b \
+    --hash=sha256:651448cd2e3a6bc2bb76c3663785133c40d5e1a8c1a9c5429e4354201c6024ae \
+    --hash=sha256:726086c17f94747cedbee6efa77e99ae170caebeb1116353c6cf0ab67ea6829b \
+    --hash=sha256:844a76bc04472e5135b909da6aed84360f522ff5dfa47f93e3dd2a0b84a89fa0 \
+    --hash=sha256:88c881dd5a147e08d1bdcf2315c04972381d026cdb803325c03fe2b4a8ed858b \
+    --hash=sha256:96c080ae7118c10fcbe6229ab43eb8b090fccd31a09ef55f83f690d1ef619a1d \
+    --hash=sha256:a0c30272fb4ddda5f5ffc1089d7405b7a71b0b0f51993cb4e5dbb4590b2fc229 \
+    --hash=sha256:bb1f0281887d89617b4c68e8db9a2c42b9efebf2702a3c5bf70599421a8623e3 \
+    --hash=sha256:c447cf087cf2dbddc1add6987bbe2f767ed5317adb2d08af940db517dd704365 \
+    --hash=sha256:c4fd17d92e9d55b84707f4fd09992081ba872d1a0c610c109c18e062e06a2e55 \
+    --hash=sha256:d0d5aeaedd29be304848f1c5059074a740fa9f6f26b84c5b63e8b29e73dfc270 \
+    --hash=sha256:daf54a4b07d67ad437ff239c8a4080cfd1cc7213df57d33c97de7b4738048d5e \
+    --hash=sha256:e993468c859d084d5579e2ebee101de8f5a27ce8e2159959b6673b418fd8c785 \
+    --hash=sha256:f118a95c7480f5be0df8afeb9a11bd199aa20afab7a96bcf20409b411a3a85f0 \
    # via -r requirements/common.in, apns2, pyopenssl, requests, social-auth-core
 cssselect==1.1.0 \
    --hash=sha256:f612ee47b749c877ebae5bb77035d8f4202c6ad0f0fc1271b3c18ad6c4468ecf \
@@ -199,13 +188,16 @@ django-bitfield==2.0.1 \
 django-bmemcached==0.3.0 \
    --hash=sha256:4e4b7d97216dbae331c1de10e699ca22804b94ec3a90d2762dd5d146e6986a8a \
    # via -r requirements/common.in
+django-cookies-samesite==0.6.6 \
+    --hash=sha256:a26dc27bfc446279c981a301b053eff845b93d9ba62798e281c90584a7ccaa4a \
+    # via -r requirements/common.in
 django-formtools==2.2 \
    --hash=sha256:304fa777b8ef9e0693ce7833f885cb89ba46b0e46fc23b01176900a93f46742f \
    --hash=sha256:c5272c03c1cd51b2375abf7397a199a3148a9fbbf2f100e186467a84025d13b2 \
    # via django-two-factor-auth
-django-otp==1.0.2 \
-    --hash=sha256:8ba5ab9bd2738c7321376c349d7cce49cf4404e79f6804e0a3cc462a91728e18 \
-    --hash=sha256:f523fb9dec420f28a29d3e2ad72ac06f64588956ed4f2b5b430d8e957ebb8287 \
+django-otp==0.9.3 \
+    --hash=sha256:97849f7bf1b50c4c36a5845ab4d2e11dd472fa8e6bcc34fe18b6d3af6e4aa449 \
+    --hash=sha256:d2390e61794bc10dea2fd949cbcfb7946e9ae4fb248df5494ccc4ef9ac50427e \
    # via django-two-factor-auth
 django-phonenumber-field==3.0.1 \
    --hash=sha256:1ab19f723928582fed412bd9844221fa4ff466276d8526b8b4a9913ee1487c5e \
@@ -218,18 +210,23 @@ django-statsd-mozilla==0.4.0 \
    --hash=sha256:0d87cb63de8107279cbb748caad9aa74c6a44e7e96ccc5dbf07b89f77285a4b8 \
    --hash=sha256:81084f3d426f5184f0a0f1dbfe035cc26b66f041d2184559d916a228d856f0d3 \
    # via -r requirements/common.in
-django-two-factor-auth[phonenumberslite]==1.13 \
-    --hash=sha256:24c2850a687c86800f4aa4131b7cebadf56f35be04ca359c4990578df1cc249a \
-    --hash=sha256:afb60e62f22b1f29a568666c0444ab05cabe8acc4d7c54d833d67f7b50f842fd \
+django-two-factor-auth[phonenumberslite]==1.12.1 \
+    --hash=sha256:612adb0dd6e9ed3b4ecd6763f2e3f56358d7b5afb843a3a49994d1d3bc91ffc2 \
+    --hash=sha256:8e698d548a5a7c02c7ba343bc5376a7bbdc4e59c20ef13223743fe42fa4a1281 \
    # via -r requirements/common.in
 django-webpack4-loader==0.0.5 \
    --hash=sha256:baa043c4601ed763d161490e2888cf6aa93a2fd9b60681e6b19e35dc7fcb155d \
    --hash=sha256:be90257041170f39c025ff674c9064569c9303b464536488b6a6cedd8e3d28be \
    # via -r requirements/common.in
-django==2.2.16 \
-    --hash=sha256:62cf45e5ee425c52e411c0742e641a6588b7e8af0d2c274a27940931b2786594 \
-    --hash=sha256:83ced795a0f239f41d8ecabf51cc5fad4b97462a6008dc12e5af3cb9288724ec \
+django==2.2.14 \
+    --hash=sha256:edf0ecf6657713b0435b6757e6069466925cae70d634a3283c96b80c01e06191 \
+    --hash=sha256:f2250bd35d0f6c23e930c544629934144e5dd39a4c06092e1050c731c1712ba8 \
    # via -r requirements/common.in, django-auth-ldap, django-bitfield, django-formtools, django-otp, django-phonenumber-field, django-sendfile2, django-two-factor-auth
+docutils==0.15.2 \
+    --hash=sha256:6c4f696463b79f1fb8ba0c594b63840ebd41f059e92b31957c46b74a4599b6d0 \
+    --hash=sha256:9e4d7ecfc600058e07ba661411a2b7de2fd0fafa17d1a7f7361cd47b1175c827 \
+    --hash=sha256:a2aeea129088da402665e92e0b25b04b073c04b2dce4ab65caaa38b7ce2e1a99 \
+    # via botocore
 future==0.18.2 \
    --hash=sha256:b1bead90b70cf6ec3f0710ae53a525360fa360d306a86583adc6bf83a4db537d \
    # via python-twitter
@@ -268,67 +265,31 @@ idna==2.8 \
    --hash=sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407 \
    --hash=sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c \
    # via hyperlink, requests
-ijson==3.1.2.post0 \
-    --hash=sha256:00db1983548098bc05713a772b1ff38cf89fb6e61cba016c217b9db5c77e0af0 \
-    --hash=sha256:05667689cd99fb89415eb2f7f75dfd09a0f38d3bdec3f952cab5112db1c7df49 \
-    --hash=sha256:0dc6b14b12de1a067483d55a3091272647de44f7e0f5db706fd2f33c98a35d4d \
-    --hash=sha256:1536e6f535fcfdffb7023c665b6364dedf201babec471267e0d8b5ea2f66071a \
-    --hash=sha256:174fa90d5c8db90f1bbe8a09beaa1252e88b2d9d511f6539f83281d19615241d \
-    --hash=sha256:1a4652f5a7fe411d48bcc4b3c7b16981334aac8ff7cebc11db23010d3dcbc133 \
-    --hash=sha256:1b446023e861c78cc574a019d789b99d16a89739bee731ca25d8eb645cdf0a5c \
-    --hash=sha256:2c170d10b8f53504f3bd19e326cb13b94f0a8616ea58957766861f28ae82608c \
-    --hash=sha256:314e4dcb11b68f270ad0a52dfb83a9c5d3a028a59972e82ff1602b70a8926ca4 \
-    --hash=sha256:33644537801b3e921aa524f53c58ae944873ba012b45ce61a519f4e1091d67b8 \
-    --hash=sha256:3ffa7c7ffd06c4d77bfa652e1346ae5a059afc9dd03e0ada6c9fffe6297f0d5a \
-    --hash=sha256:417ddab70e2e40b828133bc69f783c2ae0154dc6d127d31dcb7fa84ae145eaca \
-    --hash=sha256:423a93f115d5643d769d306c416c1320afed9f618178acb7b932fa6c836227e6 \
-    --hash=sha256:48a1e5efc8230a3ec2f672b588caef31b37353d1982b352111a76376847c1cd7 \
-    --hash=sha256:57f226fc566beb90c921aecaaa386ffb72903686cac5da1feb58c1f642fabf28 \
-    --hash=sha256:582e3751a066a71ec709f1fff4c9aa5996aabf5da167364a9228dec0cda68411 \
-    --hash=sha256:599494a944b17106b74fd2a9d9aefa2b5921e751c6e86176d1b0a5c69e8d6d54 \
-    --hash=sha256:63267b361ec9d8b086d015a56b924c531e1a354db7dc3e033d82fbc5aa7da34b \
-    --hash=sha256:65faf4011e958e666319fbb28ea7e38b4b453b11ad45b346ad379c3b9962f14f \
-    --hash=sha256:704fdc1ef40fe60449af07d0e2bd2492ddba4cbd59d6c7bd9f6b5bcf8aacb9d4 \
-    --hash=sha256:7542fca8ff3e52bd7b84a2c7aa831b9f59ef7094580bd9a1b81bb78041004b33 \
-    --hash=sha256:7f7270ed63d0897738d069320129afcf5a0806598d4f03eeb252ae2e59c52628 \
-    --hash=sha256:7fab072af766569d6fd9474123230cf150d99b38fb37061eb3a86c4ca8bb1a4d \
-    --hash=sha256:810d674e744dd48263780d478df1b3ca7f1fab793c5fc4b3de361bd30abebc6c \
-    --hash=sha256:8f43bc489592076099ae5a9ed5071a803415b733dd4152a911b802753779b81f \
-    --hash=sha256:8fe5e92735375fef22c561d4ef7e2cdb58e62b978a8853f31d0fba0892b2dfc4 \
-    --hash=sha256:9803b062ea93380a4b50fa8236e3bd7f83917cc57d25bd3d4be590748f238b99 \
-    --hash=sha256:98814ac06c334558e4c5951b41c298970f9b07da45b28d1dcb99bf31f1544b32 \
-    --hash=sha256:98b461a87c1443b053482e893a4f5ae03b36f1547ffaaca9010cfc5eab1b4913 \
-    --hash=sha256:99ef4233915f52808af22a843f5fc3508e91e6bc25200744edb11c739a2b6b9b \
-    --hash=sha256:9f0da97d0ad5666b116ea7ae26c23d431e3896f60f6972f911031e1566a8790b \
-    --hash=sha256:9f8682e7ed795cffea778efe73dd8aadc54ee554d2df34abe52dd6201f2335c8 \
-    --hash=sha256:a3ec8feee777b756c9f7551d7f277531242485812aaee313b93c4eeceff46a1e \
-    --hash=sha256:ac3b9e15858dc8e79db907070d5ecf8bfad33965a89ffd9725035831e0d744ad \
-    --hash=sha256:adbdc33511afb6ffe443317b1279e12b35b5ef3e5b8da3cbdd0b99991f186121 \
-    --hash=sha256:ae8494c5934fb30b568e43c9b9a673460d4627fd3db9d2ece2f36311bb0ba353 \
-    --hash=sha256:b1a0f6e29abd1dd20cd511779a2c267920a6f63135313c671d56dc2c01ebec2c \
-    --hash=sha256:b1d6d51af46c50e9c158a9b6279f2a79b2a5fc0e7c973f5e2314c8f6640e0828 \
-    --hash=sha256:b77ed93ca4fc005c1642edb32e20378f49ce49e99b9b9372eb1edca20fce57c7 \
-    --hash=sha256:bbc10c6647c2adeba3fd6a14bbb7081ccb699a7adaf1ea2f388a3d04c8355f38 \
-    --hash=sha256:c4a568a9217f036f1204ffa392abf41085ff9a98e451bf41bc84e279774cc433 \
-    --hash=sha256:c82d2a8714806080bef4f04245eb688d6ae2c989d30a2736d23e06dbd37e4dfc \
-    --hash=sha256:ccc4c6fa5efd88c597c14af61851f3dacd374da960c83926c72eb64cb35d3676 \
-    --hash=sha256:ccf90708837818a67aea62150cb6be7c1b599bbc276a97eda4f876816d1ad7a5 \
-    --hash=sha256:d1fc119c1f6a801f3fa3f52749f650336d14c91f7c098be006833bf525a864fe \
-    --hash=sha256:d2f45100cecdfe082a8369be93b89e3dd75580937af95e1aa95702be82468140 \
-    --hash=sha256:d3cd485f588d50fb5a8a9ecdb04243b55dd67dd24934b2de3da93e580115ec9c \
-    --hash=sha256:dddb7c9ea0479925af5e5b514c21968193c069ae70a568e23fa2f0be300b41cf \
-    --hash=sha256:e1c2ac1940c9b7acb3c18249504ee82ebfacaa72f0b9b647e59c14dde7b92d9d \
-    --hash=sha256:e3d40b6913d9ef814cdefd9a68a547815d145ef9dfb5b0fe368943d9f4d2cabe \
-    --hash=sha256:ef29d59d1cb45e463dc8e41606fc16e12d73c0f708b698298d8898eec2e86cb7 \
-    --hash=sha256:f099755dc779932078ee6e591be961d90cb5bf9484606b08b0d23db2467cb7f8 \
-    --hash=sha256:f4922bd95ac21a7f43a289f2927ca02f6d48385ad0f3419f47b3c5e81b8ea03e \
-    --hash=sha256:fb675584287e4e98c925b7b602f72fc8f9af902d6f2ab8f5d06c77ee0b458e24 \
-    --hash=sha256:fe85dd4d33903668c89f8c4786af7b67d686b7a6b884a895d6954a6190a24023 \
-    --hash=sha256:feb25e1b878a05e3730fdd935f6069331ff27228ba8107c93b9bc26d64b33fb3 \
+ijson==3.1.post0 \
+    --hash=sha256:07cd88c9224392726128673fea7a90276746d3bf56d11635e3457769eda6295a \
+    --hash=sha256:0ae656f3ca3bd833dc548583f13ba205eaee7c15d27496091549de4523931e00 \
+    --hash=sha256:13c088aa3d79585aa7c137c0367d5f6c34596a907bff0af3bcfbd18db49edfdb \
+    --hash=sha256:1c7ee9405c6392e44f777ca76e917e729bc86cbb6c608981860b360879e6b991 \
+    --hash=sha256:3bff72a69fd54c36b0b74e532e7e0f737e221b84528369aaf53bbd380c935d29 \
+    --hash=sha256:4f19911b7b844d0e78f9903387b9984d44e598405d6e5a8a93a269cedf34e01d \
+    --hash=sha256:5a1788225e5074ffb47d5884049ad55ce3ddc7e069ea07f1608a819235894e45 \
+    --hash=sha256:663e607af2643c86493fce07c495235c3431d62dae78feaa449feeec6dd10301 \
+    --hash=sha256:67188e55800dfd89a9fcd2565d36f148bc51a3b4081da3c82ee1a5a87206bd3b \
+    --hash=sha256:8353709024d85eeb97428c53c74c3ac7473b5959a9f1cbde7fcc41341d1c93f9 \
+    --hash=sha256:88a65bbf2d35c882ac6ca50c476f0a914cd47f48292c099b393dd56070c842aa \
+    --hash=sha256:a1d55a1df5654f79d15a890b4bfe35cbd2f9fed71ac8e8034575ec875771fb4d \
+    --hash=sha256:a6109893bf2e51cd4027a1983a46f3300c3c12172151b01e71d340274a9344ed \
+    --hash=sha256:b303e2ff8d1ea326ed426fd5614d89850341cef54fe3010087b9fe8dc2926620 \
+    --hash=sha256:b85216d962e083262eb8bd3ea5fc0c285ca3a0ef7d8ea198f60b954ca05fe0e5 \
+    --hash=sha256:b8552dce8ca65f29ffe4fac9bb770f8556a7cfa5d4f840611bbc878fe3f54e05 \
+    --hash=sha256:deb698069fb38c9300df5fe9eeb4d6abd9011abdb470ca914fdce165b4e99e38 \
+    --hash=sha256:e19b7a2d3ff9122aa235b63e61788b7a800ad81f2f2bd91fef0d31a65cb9ceb1 \
+    --hash=sha256:e25c4b59eb05ac1d96b4df47205d3f7d18d148e6d375e452a4f37c2db5216aff \
+    --hash=sha256:e96efc3411384070ad3e95645a5e9b5af7c67c348eefa96f71a1e71f0f08119b \
    # via -r requirements/common.in
-importlib-metadata==2.0.0 ; python_version < "3.8" \
-    --hash=sha256:77a540690e24b0305878c37ffd421785a6f7e53c8b5720d211b211de8d0e95da \
-    --hash=sha256:cefa1a2f919b866c5beb7c9f7b0ebb4061f30a8a9bf16d609b000e2dfaceb9c3 \
+importlib-metadata==1.7.0 ; python_version < "3.8" \
+    --hash=sha256:90bb658cdbbf6d1735b6341ce708fc7024a3e14e99ffdc5783edea9f9b077f83 \
+    --hash=sha256:dc15b2969b4ce36305c51eebe62d418ac7791e9a157911d58bfb1f9ccd8e2070 \
    # via -r requirements/common.in, jsonschema, markdown
 ipython-genutils==0.2.0 \
    --hash=sha256:72dd37233799e619666c9f639a9da83c34013a73e8bbc79a7a6348d93c61fab8 \
@@ -341,10 +302,10 @@ ipython==7.16.1 \
 isodate==0.6.0 \
    --hash=sha256:2e364a3d5759479cdb2d37cce6b9376ea504db2ff90252a2e5b7cc89cc9ff2d8 \
    --hash=sha256:aa4d33c06640f5352aca96e4b81afd8ab3b47337cc12089822d6f322ac772c81 \
-    # via openapi-core, openapi-schema-validator, python3-saml
-jedi==0.17.2 \
-    --hash=sha256:86ed7d9b750603e4ba582ea8edc678657fb4007894a12bcf6f4bb97892f31d20 \
-    --hash=sha256:98cc583fa0f2f8304968199b01b6b4b94f469a1f4a74c1560506ca2a211378b5 \
+    # via openapi-schema-validator, python3-saml
+jedi==0.17.1 \
+    --hash=sha256:1ddb0ec78059e8e27ec9eb5098360b4ea0a3dd840bedf21415ea820c21b40a22 \
+    --hash=sha256:807d5d4f96711a2bcfdd5dfa3b1ae6d09aa53832b182090b222b5efb81f52f63 \
    # via ipython
 jinja2==2.11.2 \
    --hash=sha256:89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0 \
@@ -362,74 +323,61 @@ jsx-lexer==0.0.8 \
    --hash=sha256:1cb35102b78525aa3f587dc327f3208c0e1c76d5cdea64d4f9c3ced05d10c017 \
    --hash=sha256:b879c7fafe974440a1dd9f9544dfb8629fa22078ada7f769c8fbb06149eac5d1 \
    # via -r requirements/common.in
-lazy-object-proxy==1.5.1 \
-    --hash=sha256:00b78a97a79d0dfefa584d44dd1aba9668d3de7ec82335ba0ff51d53ef107143 \
-    --hash=sha256:042b54fd71c2092e6d10e5e66fa60f65c5954f8145e809f5d9f394c9b13d32ee \
-    --hash=sha256:11f87dc06eb5f376cc6d5f0c19a1b4dca202035622777c4ce8e5b72c87b035d6 \
-    --hash=sha256:19ae6f6511a02008ef3554e158c41bb2a8e5c8455935b98d6da076d9f152fd7c \
-    --hash=sha256:22c1935c6f8e3d6ea2e169eb03928adbdb8a2251d2890f8689368d65e70aa176 \
-    --hash=sha256:30ef2068f4f94660144515380ef04b93d15add2214eab8be4cd46ebc900d681c \
-    --hash=sha256:33da47ba3a581860ddd3d38c950a5fe950ca389f7123edd0d6ab0bc473499fe7 \
-    --hash=sha256:3e8698dc384857413580012f4ca322d89e63ef20fc3d4635a5b606d6d4b61f6a \
-    --hash=sha256:4fdd7113fc5143c72dacf415079eec42fcbe69cc9d3d291b4ca742e3a9455807 \
-    --hash=sha256:63b6d9a5077d54db271fcc6772440f7380ec3fa559d0e2497dbfae2f47c2c814 \
-    --hash=sha256:8133b63b05f12751cddd8e3e7f02ba39dc7cfa7d2ba99d80d7436f0ba26d6b75 \
-    --hash=sha256:89b8e5780e49753e2b4cd5aab45d3df092ddcbba3de2c4d4492a029588fe1758 \
-    --hash=sha256:8d82e27cbbea6edb8821751806f39f5dcfd7b46a5e23d27b98d6d8c8ec751df8 \
-    --hash=sha256:92cedd6e26712505adb1c17fab64651a498cc0102a80ba562ff4a2451088f57a \
-    --hash=sha256:9723364577b79ad9958a68851fe2acb94da6fd25170c595516a8289e6a129043 \
-    --hash=sha256:c484020ad26973a14a7cb1e1d2e0bfe97cf6803273ae9bd154e0213cc74bad49 \
-    --hash=sha256:c697bd1b333b3e6abdff04ef9f5fb4b1936633d9cc4e28d90606705c9083254c \
-    --hash=sha256:d0f7e14ff3424639d33e6bc449e77e4b345e52c21bbd6f6004a1d219196e2664 \
-    --hash=sha256:db2df3eff7ed3e6813638686f1bb5934d1a0662d9d3b4196b5164a86be3a1e8f \
-    --hash=sha256:edbcb4c5efabd93ede05b272296a5a78a67e9b6e82ba7f51a07b8103db06ce01 \
-    --hash=sha256:ef355fb3802e0fc5a71dadb65a3c317bfc9bdf567d357f8e0b1900b432ffe486 \
-    --hash=sha256:fe2f61fed5817bf8db01d9a72309ed5990c478a077e9585b58740c26774bce39 \
+lazy-object-proxy==1.5.0 \
+    --hash=sha256:0aef3fa29f7d1194d6f8a99382b1b844e5a14d3bc1ef82c3b1c4fb7e7e2019bc \
+    --hash=sha256:159ae2bbb4dc3ba506aeba868d14e56a754c0be402d1f0d7fdb264e0bdf2b095 \
+    --hash=sha256:161a68a427022bf13e249458be2cb8da56b055988c584d372a917c665825ae9a \
+    --hash=sha256:2d58f0e6395bf41087a383a48b06b42165f3b699f1aa41ba201db84ab77be63d \
+    --hash=sha256:311c9d1840042fc8e2dd80fc80272a7ea73e7646745556153c9cda85a4628b18 \
+    --hash=sha256:35c3ad7b7f7d5d4a54a80f0ff5a41ab186237d6486843f8dde00c42cfab33905 \
+    --hash=sha256:459ef557e669d0046fe2b92eb4822c097c00b5ef9d11df0f9bd7d4267acdfc52 \
+    --hash=sha256:4a50513b6be001b9b7be2c435478fe9669249c77c241813907a44cda1fcd03f4 \
+    --hash=sha256:51035b175740c44707694c521560b55b66da9d5a7c545cf22582bc02deb61664 \
+    --hash=sha256:96f2cdb35bdfda10e075f12892a42cff5179bbda698992b845f36c5e92755d33 \
+    --hash=sha256:a0aed261060cd0372abf08d16399b1224dbb5b400312e6b00f2b23eabe1d4e96 \
+    --hash=sha256:a6052c4c7d95de2345d9c58fc0fe34fff6c27a8ed8550dafeb18ada84406cc99 \
+    --hash=sha256:cbf1354292a4f7abb6a0188f74f5e902e4510ebad105be1dbc4809d1ed92f77e \
+    --hash=sha256:da82b2372f5ded8806eaac95b19af89a7174efdb418d4e7beb0c6ab09cee7d95 \
+    --hash=sha256:dd89f466c930d7cfe84c94b5cbe862867c88b269f23e5aa61d40945e0d746f54 \
+    --hash=sha256:e3183fbeb452ec11670c2d9bfd08a57bc87e46856b24d1c335f995239bedd0e1 \
+    --hash=sha256:e9a571e7168076a0d5ecaabd91e9032e86d815cca3a4bf0dafead539ef071aa5 \
+    --hash=sha256:ec6aba217d0c4f71cbe48aea962a382dedcd111f47b55e8b58d4aaca519bd360 \
    # via openapi-core
 libthumbor==2.0.1 \
    --hash=sha256:3c4e1a59c019d22f868d225315c06f97fad30fb5e78112d6a230b978e7d24e38 \
    --hash=sha256:ed4fe5f27f8f90e7285b7e6dce99c1b67d43a140bf370e989080b43d80ce25f0 \
    # via -r requirements/common.in
-lxml==4.6.1 \
-    --hash=sha256:0e89f5d422988c65e6936e4ec0fe54d6f73f3128c80eb7ecc3b87f595523607b \
-    --hash=sha256:189ad47203e846a7a4951c17694d845b6ade7917c47c64b29b86526eefc3adf5 \
-    --hash=sha256:1d87936cb5801c557f3e981c9c193861264c01209cb3ad0964a16310ca1b3301 \
-    --hash=sha256:211b3bcf5da70c2d4b84d09232534ad1d78320762e2c59dedc73bf01cb1fc45b \
-    --hash=sha256:2358809cc64394617f2719147a58ae26dac9e21bae772b45cfb80baa26bfca5d \
-    --hash=sha256:23c83112b4dada0b75789d73f949dbb4e8f29a0a3511647024a398ebd023347b \
-    --hash=sha256:24e811118aab6abe3ce23ff0d7d38932329c513f9cef849d3ee88b0f848f2aa9 \
-    --hash=sha256:2d5896ddf5389560257bbe89317ca7bcb4e54a02b53a3e572e1ce4226512b51b \
-    --hash=sha256:2d6571c48328be4304aee031d2d5046cbc8aed5740c654575613c5a4f5a11311 \
-    --hash=sha256:2e311a10f3e85250910a615fe194839a04a0f6bc4e8e5bb5cac221344e3a7891 \
-    --hash=sha256:302160eb6e9764168e01d8c9ec6becddeb87776e81d3fcb0d97954dd51d48e0a \
-    --hash=sha256:3a7a380bfecc551cfd67d6e8ad9faa91289173bdf12e9cfafbd2bdec0d7b1ec1 \
-    --hash=sha256:3d9b2b72eb0dbbdb0e276403873ecfae870599c83ba22cadff2db58541e72856 \
-    --hash=sha256:475325e037fdf068e0c2140b818518cf6bc4aa72435c407a798b2db9f8e90810 \
-    --hash=sha256:4b7572145054330c8e324a72d808c8c8fbe12be33368db28c39a255ad5f7fb51 \
-    --hash=sha256:4fff34721b628cce9eb4538cf9a73d02e0f3da4f35a515773cce6f5fe413b360 \
-    --hash=sha256:56eff8c6fb7bc4bcca395fdff494c52712b7a57486e4fbde34c31bb9da4c6cc4 \
-    --hash=sha256:573b2f5496c7e9f4985de70b9bbb4719ffd293d5565513e04ac20e42e6e5583f \
-    --hash=sha256:7ecaef52fd9b9535ae5f01a1dd2651f6608e4ec9dc136fc4dfe7ebe3c3ddb230 \
-    --hash=sha256:803a80d72d1f693aa448566be46ffd70882d1ad8fc689a2e22afe63035eb998a \
-    --hash=sha256:8862d1c2c020cb7a03b421a9a7b4fe046a208db30994fc8ff68c627a7915987f \
-    --hash=sha256:9b06690224258db5cd39a84e993882a6874676f5de582da57f3df3a82ead9174 \
-    --hash=sha256:a71400b90b3599eb7bf241f947932e18a066907bf84617d80817998cee81e4bf \
-    --hash=sha256:bb252f802f91f59767dcc559744e91efa9df532240a502befd874b54571417bd \
-    --hash=sha256:be1ebf9cc25ab5399501c9046a7dcdaa9e911802ed0e12b7d620cd4bbf0518b3 \
-    --hash=sha256:be7c65e34d1b50ab7093b90427cbc488260e4b3a38ef2435d65b62e9fa3d798a \
-    --hash=sha256:c0dac835c1a22621ffa5e5f999d57359c790c52bbd1c687fe514ae6924f65ef5 \
-    --hash=sha256:c152b2e93b639d1f36ec5a8ca24cde4a8eefb2b6b83668fcd8e83a67badcb367 \
-    --hash=sha256:d182eada8ea0de61a45a526aa0ae4bcd222f9673424e65315c35820291ff299c \
-    --hash=sha256:d18331ea905a41ae71596502bd4c9a2998902328bbabd29e3d0f5f8569fabad1 \
-    --hash=sha256:d20d32cbb31d731def4b1502294ca2ee99f9249b63bc80e03e67e8f8e126dea8 \
-    --hash=sha256:d4ad7fd3269281cb471ad6c7bafca372e69789540d16e3755dd717e9e5c9d82f \
-    --hash=sha256:d6f8c23f65a4bfe4300b85f1f40f6c32569822d08901db3b6454ab785d9117cc \
-    --hash=sha256:d84d741c6e35c9f3e7406cb7c4c2e08474c2a6441d59322a00dcae65aac6315d \
-    --hash=sha256:e65c221b2115a91035b55a593b6eb94aa1206fa3ab374f47c6dc10d364583ff9 \
-    --hash=sha256:f98b6f256be6cec8dd308a8563976ddaff0bdc18b730720f6f4bee927ffe926f \
+lxml==4.5.2 \
+    --hash=sha256:05a444b207901a68a6526948c7cc8f9fe6d6f24c70781488e32fd74ff5996e3f \
+    --hash=sha256:08fc93257dcfe9542c0a6883a25ba4971d78297f63d7a5a26ffa34861ca78730 \
+    --hash=sha256:107781b213cf7201ec3806555657ccda67b1fccc4261fb889ef7fc56976db81f \
+    --hash=sha256:121b665b04083a1e85ff1f5243d4a93aa1aaba281bc12ea334d5a187278ceaf1 \
+    --hash=sha256:2b30aa2bcff8e958cd85d907d5109820b01ac511eae5b460803430a7404e34d7 \
+    --hash=sha256:4b4a111bcf4b9c948e020fd207f915c24a6de3f1adc7682a2d92660eb4e84f1a \
+    --hash=sha256:5591c4164755778e29e69b86e425880f852464a21c7bb53c7ea453bbe2633bbe \
+    --hash=sha256:59daa84aef650b11bccd18f99f64bfe44b9f14a08a28259959d33676554065a1 \
+    --hash=sha256:5a9c8d11aa2c8f8b6043d845927a51eb9102eb558e3f936df494e96393f5fd3e \
+    --hash=sha256:5dd20538a60c4cc9a077d3b715bb42307239fcd25ef1ca7286775f95e9e9a46d \
+    --hash=sha256:74f48ec98430e06c1fa8949b49ebdd8d27ceb9df8d3d1c92e1fdc2773f003f20 \
+    --hash=sha256:786aad2aa20de3dbff21aab86b2fb6a7be68064cbbc0219bde414d3a30aa47ae \
+    --hash=sha256:7ad7906e098ccd30d8f7068030a0b16668ab8aa5cda6fcd5146d8d20cbaa71b5 \
+    --hash=sha256:80a38b188d20c0524fe8959c8ce770a8fdf0e617c6912d23fc97c68301bb9aba \
+    --hash=sha256:92282c83547a9add85ad658143c76a64a8d339028926d7dc1998ca029c88ea6a \
+    --hash=sha256:94150231f1e90c9595ccc80d7d2006c61f90a5995db82bccbca7944fd457f0f6 \
+    --hash=sha256:9dc9006dcc47e00a8a6a029eb035c8f696ad38e40a27d073a003d7d1443f5d88 \
+    --hash=sha256:a76979f728dd845655026ab991df25d26379a1a8fc1e9e68e25c7eda43004bed \
+    --hash=sha256:aa8eba3db3d8761db161003e2d0586608092e217151d7458206e243be5a43843 \
+    --hash=sha256:bea760a63ce9bba566c23f726d72b3c0250e2fa2569909e2d83cda1534c79443 \
+    --hash=sha256:c3f511a3c58676147c277eff0224c061dd5a6a8e1373572ac817ac6324f1b1e0 \
+    --hash=sha256:cc411ad324a4486b142c41d9b2b6a722c534096963688d879ea6fa8a35028258 \
+    --hash=sha256:cdc13a1682b2a6241080745b1953719e7fe0850b40a5c71ca574f090a1391df6 \
+    --hash=sha256:e1cacf4796b20865789083252186ce9dc6cc59eca0c2e79cca332bdff24ac481 \
+    --hash=sha256:e70d4e467e243455492f5de463b72151cc400710ac03a0678206a5f27e79ddef \
+    --hash=sha256:ecc930ae559ea8a43377e8b60ca6f8d61ac532fc57efb915d899de4a67928efd \
+    --hash=sha256:f161af26f596131b63b236372e4ce40f3167c1b5b5d459b29d2514bd8c9dc9ee \
    # via -r requirements/common.in, premailer, pyoembed, talon, xmlsec, zulip-bots
-markdown-include==0.6.0 \
-    --hash=sha256:6f5d680e36f7780c7f0f61dca53ca581bd50d1b56137ddcd6353efafa0c3e4a2 \
+markdown-include==0.5.1 \
+    --hash=sha256:72a45461b589489a088753893bc95c5fa5909936186485f4ed55caa57d10250f \
    # via -r requirements/common.in
 markdown==3.2.2 \
    --hash=sha256:1fafe3f1ecabfb514a5285fca634a53c1b32a81cb0feb154264d55bf2ff22c17 \
@@ -474,43 +422,43 @@ matrix-client==0.3.2 \
    --hash=sha256:2855a2614a177db66f9bc3ba38cbd2876041456f663c334f72a160ab6bb11c49 \
    --hash=sha256:dce3ccb8665df0d519f08e07a16e6d3f9fab3a947df4b7a7c4bb26573d68f2d5 \
    # via zulip
-more-itertools==8.5.0 \
-    --hash=sha256:6f83822ae94818eae2612063a5101a7311e68ae8002005b5e05f03fd74a86a20 \
-    --hash=sha256:9b30f12df9393f0d28af9210ff8efe48d10c94f73e5daf886f10c4b0b0b4f03c \
+more-itertools==8.4.0 \
+    --hash=sha256:68c70cc7167bdf5c7c9d8f6954a7837089c6a36bf565383919bb595efb8a17e5 \
+    --hash=sha256:b78134b2063dd214000685165d81c154522c3ee0a1c0d4d113c80361c234c5a2 \
    # via openapi-core
 oauthlib==3.1.0 \
    --hash=sha256:bee41cc35fcca6e988463cacc3bcb8a96224f470ca547e697b604cc697b2f889 \
    --hash=sha256:df884cd6cbe20e32633f1db1072e9356f53638e4361bef4e8b03c9127c9328ea \
    # via requests-oauthlib, social-auth-core
-openapi-core==0.13.4 \
-    --hash=sha256:1b4a21e2f0f5d567fb0835929d0a3fb7456f5091b6297f46a9cabaa7d8b05639 \
-    --hash=sha256:b8b4283d84038495fb3bde4a868cd9377272ecf898f142d7706d6d49fc14d218 \
-    --hash=sha256:f2ef90ae4a97a6efa0c47a2e8740afcd378cd478e76e778115a8c0c376e9541e \
+openapi-core==0.13.3 \
+    --hash=sha256:57973b7383214a529012cf65ddac8c22b25a4df497366e588e88c627581c2928 \
+    --hash=sha256:8c5e2053c51f8d43d241b54d322f6c1c32adf1a20617490d361d9c0d5a123448 \
+    --hash=sha256:df53cc8b9d217616bbde4e6ef943c9213af810a01cd74f62e7885756c6080af4 \
    # via -r requirements/common.in
 openapi-schema-validator==0.1.1 \
    --hash=sha256:3f0b0f9086e7d717a0413a462d3d9e6f82f7e80a744abf21943ee2e0d9e8c50d \
    --hash=sha256:8fc97a575393d179d70e7c7ebd30ed9fc46eb6c5013f2790736c2e50ea150f06 \
    --hash=sha256:b7afe93aff4a876781279b376c1ba5decb338483e9484af26b140ef215119e23 \
    # via openapi-core
-openapi-spec-validator==0.2.9 \
-    --hash=sha256:6dd75e50c94f1bb454d0e374a56418e7e06a07affb2c7f1df88564c5d728dac3 \
-    --hash=sha256:79381a69b33423ee400ae1624a461dae7725e450e2e306e32f2dd8d16a4d85cb \
-    --hash=sha256:ec1b01a00e20955a527358886991ae34b4b791b253027ee9f7df5f84b59d91c7 \
+openapi-spec-validator==0.2.8 \
+    --hash=sha256:0caacd9829e9e3051e830165367bf58d436d9487b29a09220fa7edb9f47ff81b \
+    --hash=sha256:d4da8aef72bf5be40cf0df444abd20009a41baf9048a8e03750c07a934f1bdd8 \
+    --hash=sha256:e489c7a273284bc78277ac22791482e8058d323b4a265015e9fcddf6a8045bcd \
    # via openapi-core
-parse==1.18.0 \
-    --hash=sha256:91666032d6723dc5905248417ef0dc9e4c51df9526aaeef271eacad6491f06a4 \
+parse==1.15.0 \
+    --hash=sha256:a6d4e2c2f1fbde6717d28084a191a052950f758c0cbd83805357e6575c2b95c0 \
    # via openapi-core
-parso==0.7.1 \
-    --hash=sha256:97218d9159b2520ff45eb78028ba8b50d2bc61dcc062a9682666f2dc4bd331ea \
-    --hash=sha256:caba44724b994a8a5e086460bb212abc5a8bc46951bf4a9a1210745953622eb9 \
+parso==0.7.0 \
+    --hash=sha256:158c140fc04112dc45bca311633ae5033c2c2a7b732fa33d0955bad8152a8dd0 \
+    --hash=sha256:908e9fae2144a076d72ae4e25539143d40b8e3eafbaeae03c1bfe226f4cdf12c \
    # via jedi
 pexpect==4.8.0 \
    --hash=sha256:0b48a55dcb3c05f3329815901ea4fc1537514d6ba867a152b581d69ae3710937 \
    --hash=sha256:fc65a43959d153d0114afe13997d439c22823a27cefceb5ff35c2178c6784c0c \
    # via ipython
-phonenumberslite==8.12.11 \
-    --hash=sha256:aa63b5910ab2a1cd9cd5c22ca6439972e80f2e1bdf2638b98f610469cd572aa9 \
-    --hash=sha256:e92b8f82ee6248ebd13248762b6b1d136dcb574c9c6f90d60745833412f3bd18 \
+phonenumberslite==8.12.6 \
+    --hash=sha256:19c8f083676061ca5848104aaecfd0d6378d1fc9b37d3777a8636fce05bca6d1 \
+    --hash=sha256:f898bff9cb2fe6a0f6e6d6d8d27e550acf77af4cf20ec22f4f02c0a399ae6f39 \
    # via django-two-factor-auth
 pickleshare==0.7.5 \
    --hash=sha256:87683d47965c1da65cdacaf31c8441d12b8044cdec9aca500cd78fc2c683afca \
@@ -520,35 +468,33 @@ pika==1.1.0 \
    --hash=sha256:4e1a1a6585a41b2341992ec32aadb7a919d649eb82904fd8e4a4e0871c8cf3af \
    --hash=sha256:9fa76ba4b65034b878b2b8de90ff8660a59d925b087c5bb88f8fdbb4b64a1dbf \
    # via -r requirements/common.in
-pillow==8.0.1 \
-    --hash=sha256:006de60d7580d81f4a1a7e9f0173dc90a932e3905cc4d47ea909bc946302311a \
-    --hash=sha256:0a2e8d03787ec7ad71dc18aec9367c946ef8ef50e1e78c71f743bc3a770f9fae \
-    --hash=sha256:0eeeae397e5a79dc088d8297a4c2c6f901f8fb30db47795113a4a605d0f1e5ce \
-    --hash=sha256:11c5c6e9b02c9dac08af04f093eb5a2f84857df70a7d4a6a6ad461aca803fb9e \
-    --hash=sha256:2fb113757a369a6cdb189f8df3226e995acfed0a8919a72416626af1a0a71140 \
-    --hash=sha256:4b0ef2470c4979e345e4e0cc1bbac65fda11d0d7b789dbac035e4c6ce3f98adb \
-    --hash=sha256:59e903ca800c8cfd1ebe482349ec7c35687b95e98cefae213e271c8c7fffa021 \
-    --hash=sha256:5abd653a23c35d980b332bc0431d39663b1709d64142e3652890df4c9b6970f6 \
-    --hash=sha256:5f9403af9c790cc18411ea398a6950ee2def2a830ad0cfe6dc9122e6d528b302 \
-    --hash=sha256:6b4a8fd632b4ebee28282a9fef4c341835a1aa8671e2770b6f89adc8e8c2703c \
-    --hash=sha256:6c1aca8231625115104a06e4389fcd9ec88f0c9befbabd80dc206c35561be271 \
-    --hash=sha256:795e91a60f291e75de2e20e6bdd67770f793c8605b553cb6e4387ce0cb302e09 \
-    --hash=sha256:7ba0ba61252ab23052e642abdb17fd08fdcfdbbf3b74c969a30c58ac1ade7cd3 \
-    --hash=sha256:7c9401e68730d6c4245b8e361d3d13e1035cbc94db86b49dc7da8bec235d0015 \
-    --hash=sha256:81f812d8f5e8a09b246515fac141e9d10113229bc33ea073fec11403b016bcf3 \
-    --hash=sha256:895d54c0ddc78a478c80f9c438579ac15f3e27bf442c2a9aa74d41d0e4d12544 \
-    --hash=sha256:8de332053707c80963b589b22f8e0229f1be1f3ca862a932c1bcd48dafb18dd8 \
-    --hash=sha256:92c882b70a40c79de9f5294dc99390671e07fc0b0113d472cbea3fde15db1792 \
-    --hash=sha256:95edb1ed513e68bddc2aee3de66ceaf743590bf16c023fb9977adc4be15bd3f0 \
-    --hash=sha256:b63d4ff734263ae4ce6593798bcfee6dbfb00523c82753a3a03cbc05555a9cc3 \
-    --hash=sha256:bd7bf289e05470b1bc74889d1466d9ad4a56d201f24397557b6f65c24a6844b8 \
-    --hash=sha256:cc3ea6b23954da84dbee8025c616040d9aa5eaf34ea6895a0a762ee9d3e12e11 \
-    --hash=sha256:cc9ec588c6ef3a1325fa032ec14d97b7309db493782ea8c304666fb10c3bd9a7 \
-    --hash=sha256:d3d07c86d4efa1facdf32aa878bd508c0dc4f87c48125cc16b937baa4e5b5e11 \
-    --hash=sha256:d8a96747df78cda35980905bf26e72960cba6d355ace4780d4bdde3b217cdf1e \
-    --hash=sha256:e38d58d9138ef972fceb7aeec4be02e3f01d383723965bfcef14d174c8ccd039 \
-    --hash=sha256:eb472586374dc66b31e36e14720747595c2b265ae962987261f044e5cce644b5 \
-    --hash=sha256:fbd922f702582cb0d71ef94442bfca57624352622d75e3be7a1e7e9360b07e72 \
+pillow==7.2.0 \
+    --hash=sha256:0295442429645fa16d05bd567ef5cff178482439c9aad0411d3f0ce9b88b3a6f \
+    --hash=sha256:06aba4169e78c439d528fdeb34762c3b61a70813527a2c57f0540541e9f433a8 \
+    --hash=sha256:09d7f9e64289cb40c2c8d7ad674b2ed6105f55dc3b09aa8e4918e20a0311e7ad \
+    --hash=sha256:0a80dd307a5d8440b0a08bd7b81617e04d870e40a3e46a32d9c246e54705e86f \
+    --hash=sha256:1ca594126d3c4def54babee699c055a913efb01e106c309fa6b04405d474d5ae \
+    --hash=sha256:25930fadde8019f374400f7986e8404c8b781ce519da27792cbe46eabec00c4d \
+    --hash=sha256:431b15cffbf949e89df2f7b48528be18b78bfa5177cb3036284a5508159492b5 \
+    --hash=sha256:52125833b070791fcb5710fabc640fc1df07d087fc0c0f02d3661f76c23c5b8b \
+    --hash=sha256:5e51ee2b8114def244384eda1c82b10e307ad9778dac5c83fb0943775a653cd8 \
+    --hash=sha256:612cfda94e9c8346f239bf1a4b082fdd5c8143cf82d685ba2dba76e7adeeb233 \
+    --hash=sha256:6d7741e65835716ceea0fd13a7d0192961212fd59e741a46bbed7a473c634ed6 \
+    --hash=sha256:6edb5446f44d901e8683ffb25ebdfc26988ee813da3bf91e12252b57ac163727 \
+    --hash=sha256:725aa6cfc66ce2857d585f06e9519a1cc0ef6d13f186ff3447ab6dff0a09bc7f \
+    --hash=sha256:8dad18b69f710bf3a001d2bf3afab7c432785d94fcf819c16b5207b1cfd17d38 \
+    --hash=sha256:94cf49723928eb6070a892cb39d6c156f7b5a2db4e8971cb958f7b6b104fb4c4 \
+    --hash=sha256:97f9e7953a77d5a70f49b9a48da7776dc51e9b738151b22dacf101641594a626 \
+    --hash=sha256:9ad7f865eebde135d526bb3163d0b23ffff365cf87e767c649550964ad72785d \
+    --hash=sha256:a060cf8aa332052df2158e5a119303965be92c3da6f2d93b6878f0ebca80b2f6 \
+    --hash=sha256:c79f9c5fb846285f943aafeafda3358992d64f0ef58566e23484132ecd8d7d63 \
+    --hash=sha256:c92302a33138409e8f1ad16731568c55c9053eee71bb05b6b744067e1b62380f \
+    --hash=sha256:d08b23fdb388c0715990cbc06866db554e1822c4bdcf6d4166cf30ac82df8c41 \
+    --hash=sha256:d350f0f2c2421e65fbc62690f26b59b0bcda1b614beb318c81e38647e0f673a1 \
+    --hash=sha256:ec29604081f10f16a7aea809ad42e27764188fc258b02259a03a8ff7ded3808d \
+    --hash=sha256:edf31f1150778abd4322444c393ab9c7bd2af271dd4dafb4208fb613b1f3cdc9 \
+    --hash=sha256:f7e30c27477dffc3e85c2463b3e649f751789e0f6c8456099eea7ddd53be4a8a \
+    --hash=sha256:ffe538682dc19cc542ae7c3e504fdf54ca7f86fb8a135e59dd6bc8627eae6cce \
    # via -r requirements/common.in
 polib==1.1.0 \
    --hash=sha256:93b730477c16380c9a96726c54016822ff81acfa553977fdd131f2b90ba858d7 \
@@ -558,24 +504,24 @@ premailer==3.7.0 \
    --hash=sha256:5eec9603e84cee583a390de69c75192e50d76e38ef0292b027bd64923766aca7 \
    --hash=sha256:c7ac48986984a810afea5147bc8410a8fe0659bf52f357e78b28a1b949209b91 \
    # via -r requirements/common.in
-prompt-toolkit==3.0.8 \
-    --hash=sha256:25c95d2ac813909f813c93fde734b6e44406d1477a9faef7c915ff37d39c0a8c \
-    --hash=sha256:7debb9a521e0b1ee7d2fe96ee4bd60ef03c6492784de0547337ca4433e46aa63 \
+prompt-toolkit==3.0.5 \
+    --hash=sha256:563d1a4140b63ff9dd587bda9557cffb2fe73650205ab6f4383092fb882e7dc8 \
+    --hash=sha256:df7e9e63aea609b1da3a65641ceaf5bc7d05e0a04de5bd45d05dbeffbabf9e04 \
    # via ipython
-psycopg2==2.8.6 \
-    --hash=sha256:00195b5f6832dbf2876b8bf77f12bdce648224c89c880719c745b90515233301 \
-    --hash=sha256:068115e13c70dc5982dfc00c5d70437fe37c014c808acce119b5448361c03725 \
-    --hash=sha256:26e7fd115a6db75267b325de0fba089b911a4a12ebd3d0b5e7acb7028bc46821 \
-    --hash=sha256:56007a226b8e95aa980ada7abdea6b40b75ce62a433bd27cec7a8178d57f4051 \
-    --hash=sha256:56fee7f818d032f802b8eed81ef0c1232b8b42390df189cab9cfa87573fe52c5 \
-    --hash=sha256:6a3d9efb6f36f1fe6aa8dbb5af55e067db802502c55a9defa47c5a1dad41df84 \
-    --hash=sha256:a49833abfdede8985ba3f3ec641f771cca215479f41523e99dace96d5b8cce2a \
-    --hash=sha256:ad2fe8a37be669082e61fb001c185ffb58867fdbb3e7a6b0b0d2ffe232353a3e \
-    --hash=sha256:b8cae8b2f022efa1f011cc753adb9cbadfa5a184431d09b273fb49b4167561ad \
-    --hash=sha256:d160744652e81c80627a909a0e808f3c6653a40af435744de037e3172cf277f5 \
-    --hash=sha256:f22ea9b67aea4f4a1718300908a2fb62b3e4276cf00bd829a97ab5894af42ea3 \
-    --hash=sha256:f974c96fca34ae9e4f49839ba6b78addf0346777b46c4da27a7bf54f48d3057d \
-    --hash=sha256:fb23f6c71107c37fd667cb4ea363ddeb936b348bbd6449278eb92c189699f543 \
+psycopg2==2.8.5 \
+    --hash=sha256:132efc7ee46a763e68a815f4d26223d9c679953cd190f1f218187cb60decf535 \
+    --hash=sha256:2327bf42c1744a434ed8ed0bbaa9168cac7ee5a22a9001f6fc85c33b8a4a14b7 \
+    --hash=sha256:27c633f2d5db0fc27b51f1b08f410715b59fa3802987aec91aeb8f562724e95c \
+    --hash=sha256:2c0afb40cfb4d53487ee2ebe128649028c9a78d2476d14a67781e45dc287f080 \
+    --hash=sha256:2df2bf1b87305bd95eb3ac666ee1f00a9c83d10927b8144e8e39644218f4cf81 \
+    --hash=sha256:440a3ea2c955e89321a138eb7582aa1d22fe286c7d65e26a2c5411af0a88ae72 \
+    --hash=sha256:6a471d4d2a6f14c97a882e8d3124869bc623f3df6177eefe02994ea41fd45b52 \
+    --hash=sha256:6b306dae53ec7f4f67a10942cf8ac85de930ea90e9903e2df4001f69b7833f7e \
+    --hash=sha256:a0984ff49e176062fcdc8a5a2a670c9bb1704a2f69548bce8f8a7bad41c661bf \
+    --hash=sha256:ac5b23d0199c012ad91ed1bbb971b7666da651c6371529b1be8cbe2a7bf3c3a9 \
+    --hash=sha256:acf56d564e443e3dea152efe972b1434058244298a94348fc518d6dd6a9fb0bb \
+    --hash=sha256:d3b29d717d39d3580efd760a9a46a7418408acebbb784717c90d708c9ed5f055 \
+    --hash=sha256:f7d46240f7a1ae1dd95aab38bd74f7428d46531f69219954266d669da60c0818 \
    # via -r requirements/common.in
 ptyprocess==0.6.0 \
    --hash=sha256:923f299cc5ad920c68f2bc0bc98b75b9f838b93b599941a6b63ddbc2476394c0 \
@@ -599,9 +545,9 @@ pycparser==2.20 \
    --hash=sha256:2d475327684562c3a96cc71adf7dc8c4f0565175cf86b6d7a404ff4c771f15f0 \
    --hash=sha256:7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705 \
    # via cffi
-pygments==2.7.2 \
-    --hash=sha256:381985fcc551eb9d37c52088a32914e00517e57f4a21609f48141ba08e193fa0 \
-    --hash=sha256:88a0bbcd659fcb9573703957c6b9cff9fab7295e6e76db54c9d00ae42df32773 \
+pygments==2.6.1 \
+    --hash=sha256:647344a061c249a3b74e230c739f434d7ea4d8b1d5f3721bc0f3558049b38f44 \
+    --hash=sha256:ff7a40b4860b727ab48fad6360eb351cc1b33cbf9b15a0f689ca5353e9463324 \
    # via -r requirements/common.in, ipython, jsx-lexer
 pyjwt==1.7.1 \
    --hash=sha256:5c6eca3c2940464d106b99ba83b00c6add741c9becaec087fb7ccdefea71350e \
@@ -614,11 +560,11 @@ pyopenssl==19.1.0 \
    --hash=sha256:621880965a720b8ece2f1b2f54ea2071966ab00e2970ad2ce11d596102063504 \
    --hash=sha256:9a24494b2602aaf402be5c9e30a0b82d4a5c67528fe8fb475e3f3bc00dd69507 \
    # via requests
-pyrsistent==0.17.3 \
-    --hash=sha256:2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e \
+pyrsistent==0.16.0 \
+    --hash=sha256:28669905fe725965daa16184933676547c5bb40a5153055a8dee2a4bd7933ad3 \
    # via jsonschema
-python-binary-memcached==0.30.1 \
-    --hash=sha256:f91c3d79d022121c22ef733e9beee86e0598e29ffec67401c68cece1ba7f036a \
+https://github.com/jaysonsantos/python-binary-memcached/archive/364ce723ea73290a6ae27551cab28070424fd280.zip#egg=python-binary-memcached==0.29.0+git \
+    --hash=sha256:0e6f4c7c34c71e29e1daa53cca6598dcbdb8bd49d7c6aaac6c02d93bdc2d5a8f \
    # via -r requirements/common.in, django-bmemcached
 python-dateutil==2.8.1 \
    --hash=sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c \
@@ -672,34 +618,28 @@ redis==3.5.3 \
    --hash=sha256:0e7e0cfca8660dea8b7d5cd8c4f6c5e29e11f31158c0b0ae91a397f00e5a05a2 \
    --hash=sha256:432b788c4530cfe16d8d943a09d40ca6c16149727e4afe8c2c9d5580c59d9f24 \
    # via -r requirements/common.in
-regex==2020.10.28 \
-    --hash=sha256:03855ee22980c3e4863dc84c42d6d2901133362db5daf4c36b710dd895d78f0a \
-    --hash=sha256:06b52815d4ad38d6524666e0d50fe9173533c9cc145a5779b89733284e6f688f \
-    --hash=sha256:11116d424734fe356d8777f89d625f0df783251ada95d6261b4c36ad27a394bb \
-    --hash=sha256:119e0355dbdd4cf593b17f2fc5dbd4aec2b8899d0057e4957ba92f941f704bf5 \
-    --hash=sha256:1ec66700a10e3c75f1f92cbde36cca0d3aaee4c73dfa26699495a3a30b09093c \
-    --hash=sha256:2dc522e25e57e88b4980d2bdd334825dbf6fa55f28a922fc3bfa60cc09e5ef53 \
-    --hash=sha256:3a5f08039eee9ea195a89e180c5762bfb55258bfb9abb61a20d3abee3b37fd12 \
-    --hash=sha256:49461446b783945597c4076aea3f49aee4b4ce922bd241e4fcf62a3e7c61794c \
-    --hash=sha256:4afa350f162551cf402bfa3cd8302165c8e03e689c897d185f16a167328cc6dd \
-    --hash=sha256:4b5a9bcb56cc146c3932c648603b24514447eafa6ce9295234767bf92f69b504 \
-    --hash=sha256:625116aca6c4b57c56ea3d70369cacc4d62fead4930f8329d242e4fe7a58ce4b \
-    --hash=sha256:654c1635f2313d0843028487db2191530bca45af61ca85d0b16555c399625b0e \
-    --hash=sha256:8092a5a06ad9a7a247f2a76ace121183dc4e1a84c259cf9c2ce3bbb69fac3582 \
-    --hash=sha256:832339223b9ce56b7b15168e691ae654d345ac1635eeb367ade9ecfe0e66bee0 \
-    --hash=sha256:8ca9dca965bd86ea3631b975d63b0693566d3cc347e55786d5514988b6f5b84c \
-    --hash=sha256:a62162be05edf64f819925ea88d09d18b09bebf20971b363ce0c24e8b4aa14c0 \
-    --hash=sha256:b88fa3b8a3469f22b4f13d045d9bd3eda797aa4e406fde0a2644bc92bbdd4bdd \
-    --hash=sha256:c13d311a4c4a8d671f5860317eb5f09591fbe8259676b86a85769423b544451e \
-    --hash=sha256:c2c6c56ee97485a127555c9595c069201b5161de9d05495fbe2132b5ac104786 \
-    --hash=sha256:c3466a84fce42c2016113101018a9981804097bacbab029c2d5b4fcb224b89de \
-    --hash=sha256:c8a2b7ccff330ae4c460aff36626f911f918555660cc28163417cb84ffb25789 \
-    --hash=sha256:cb905f3d2e290a8b8f1579d3984f2cfa7c3a29cc7cba608540ceeed18513f520 \
-    --hash=sha256:cfcf28ed4ce9ced47b9b9670a4f0d3d3c0e4d4779ad4dadb1ad468b097f808aa \
-    --hash=sha256:dd3e6547ecf842a29cf25123fbf8d2461c53c8d37aa20d87ecee130c89b7079b \
-    --hash=sha256:ea37320877d56a7f0a1e6a625d892cf963aa7f570013499f5b8d5ab8402b5625 \
-    --hash=sha256:f1fce1e4929157b2afeb4bb7069204d4370bab9f4fc03ca1fbec8bd601f8c87d \
-    --hash=sha256:f43109822df2d3faac7aad79613f5f02e4eab0fc8ad7932d2e70e2a83bd49c26 \
+regex==2020.6.8 \
+    --hash=sha256:08997a37b221a3e27d68ffb601e45abfb0093d39ee770e4257bd2f5115e8cb0a \
+    --hash=sha256:112e34adf95e45158c597feea65d06a8124898bdeac975c9087fe71b572bd938 \
+    --hash=sha256:1700419d8a18c26ff396b3b06ace315b5f2a6e780dad387e4c48717a12a22c29 \
+    --hash=sha256:2f6f211633ee8d3f7706953e9d3edc7ce63a1d6aad0be5dcee1ece127eea13ae \
+    --hash=sha256:52e1b4bef02f4040b2fd547357a170fc1146e60ab310cdbdd098db86e929b387 \
+    --hash=sha256:55b4c25cbb3b29f8d5e63aeed27b49fa0f8476b0d4e1b3171d85db891938cc3a \
+    --hash=sha256:5aaa5928b039ae440d775acea11d01e42ff26e1561c0ffcd3d805750973c6baf \
+    --hash=sha256:654cb773b2792e50151f0e22be0f2b6e1c3a04c5328ff1d9d59c0398d37ef610 \
+    --hash=sha256:690f858d9a94d903cf5cada62ce069b5d93b313d7d05456dbcd99420856562d9 \
+    --hash=sha256:6ad8663c17db4c5ef438141f99e291c4d4edfeaacc0ce28b5bba2b0bf273d9b5 \
+    --hash=sha256:89cda1a5d3e33ec9e231ece7307afc101b5217523d55ef4dc7fb2abd6de71ba3 \
+    --hash=sha256:92d8a043a4241a710c1cf7593f5577fbb832cf6c3a00ff3fc1ff2052aff5dd89 \
+    --hash=sha256:95fa7726d073c87141f7bbfb04c284901f8328e2d430eeb71b8ffdd5742a5ded \
+    --hash=sha256:97712e0d0af05febd8ab63d2ef0ab2d0cd9deddf4476f7aa153f76feef4b2754 \
+    --hash=sha256:b2ba0f78b3ef375114856cbdaa30559914d081c416b431f2437f83ce4f8b7f2f \
+    --hash=sha256:bae83f2a56ab30d5353b47f9b2a33e4aac4de9401fb582b55c42b132a8ac3868 \
+    --hash=sha256:c78e66a922de1c95a208e4ec02e2e5cf0bb83a36ceececc10a72841e53fbf2bd \
+    --hash=sha256:cf59bbf282b627130f5ba68b7fa3abdb96372b24b66bdf72a4920e8153fc7910 \
+    --hash=sha256:e3cdc9423808f7e1bb9c2e0bdb1c9dc37b0607b30d646ff6faf0d4e41ee8fee3 \
+    --hash=sha256:e9b64e609d37438f7d6e68c2546d2cb8062f3adb27e6336bc129b51be20773ac \
+    --hash=sha256:fbff901c54c22425a5b809b914a3bfaf4b9570eee0e5ce8186ac71eb2025191c \
    # via talon
 requests-oauthlib==1.3.0 \
    --hash=sha256:7f71572defaecd16372f9006f33c2ec8c077c3cfa6f5911a9a90202beb513f3d \
@@ -716,6 +656,8 @@ s3transfer==0.3.3 \
 six==1.15.0 \
    --hash=sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259 \
    --hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced \
+    --hash=sha256:8ce375b18ae4a749516d7e6c6fbbf8be6177c53974f53534d8eadb646cd279b1 \
+    --hash=sha256:92ad876fb6a201a7e23a6b85ea96d9643a51e285667c253a8653643804f7cb68 \
    # via argon2-cffi, cryptography, django-bitfield, hypchat, isodate, jsonschema, libthumbor, openapi-core, openapi-schema-validator, openapi-spec-validator, pyopenssl, python-binary-memcached, python-dateutil, qrcode, social-auth-app-django, social-auth-core, talon, traitlets, twilio, zulip
 social-auth-app-django==4.0.0 \
    --hash=sha256:2c69e57df0b30c9c1823519c5f1992cbe4f3f98fdc7d95c840e091a752708840 \
@@ -735,49 +677,39 @@ sourcemap==0.2.1 \
    --hash=sha256:be00a90185e7a16b87bbe62a68ffd5e38bc438ef4700806d9b90e44d8027787c \
    --hash=sha256:c448a8c48f9482e522e4582106b0c641a83b5dbc7f13927b178848e3ea20967b \
    # via -r requirements/common.in
-sqlalchemy==1.3.20 \
-    --hash=sha256:009e8388d4d551a2107632921320886650b46332f61dc935e70c8bcf37d8e0d6 \
-    --hash=sha256:0157c269701d88f5faf1fa0e4560e4d814f210c01a5b55df3cab95e9346a8bcc \
-    --hash=sha256:0a92745bb1ebbcb3985ed7bda379b94627f0edbc6c82e9e4bac4fb5647ae609a \
-    --hash=sha256:0cca1844ba870e81c03633a99aa3dc62256fb96323431a5dec7d4e503c26372d \
-    --hash=sha256:166917a729b9226decff29416f212c516227c2eb8a9c9f920d69ced24e30109f \
-    --hash=sha256:1f5f369202912be72fdf9a8f25067a5ece31a2b38507bb869306f173336348da \
-    --hash=sha256:2909dffe5c9a615b7e6c92d1ac2d31e3026dc436440a4f750f4749d114d88ceb \
-    --hash=sha256:2b5dafed97f778e9901b79cc01b88d39c605e0545b4541f2551a2fd785adc15b \
-    --hash=sha256:2e9bd5b23bba8ae8ce4219c9333974ff5e103c857d9ff0e4b73dc4cb244c7d86 \
-    --hash=sha256:3aa6d45e149a16aa1f0c46816397e12313d5e37f22205c26e06975e150ffcf2a \
-    --hash=sha256:4bdbdb8ca577c6c366d15791747c1de6ab14529115a2eb52774240c412a7b403 \
-    --hash=sha256:53fd857c6c8ffc0aa6a5a3a2619f6a74247e42ec9e46b836a8ffa4abe7aab327 \
-    --hash=sha256:5cdfe54c1e37279dc70d92815464b77cd8ee30725adc9350f06074f91dbfeed2 \
-    --hash=sha256:5d92c18458a4aa27497a986038d5d797b5279268a2de303cd00910658e8d149c \
-    --hash=sha256:632b32183c0cb0053194a4085c304bc2320e5299f77e3024556fa2aa395c2a8b \
-    --hash=sha256:7c735c7a6db8ee9554a3935e741cf288f7dcbe8706320251eb38c412e6a4281d \
-    --hash=sha256:7cd40cb4bc50d9e87b3540b23df6e6b24821ba7e1f305c1492b0806c33dbdbec \
-    --hash=sha256:84f0ac4a09971536b38cc5d515d6add7926a7e13baa25135a1dbb6afa351a376 \
-    --hash=sha256:8dcbf377529a9af167cbfc5b8acec0fadd7c2357fc282a1494c222d3abfc9629 \
-    --hash=sha256:950f0e17ffba7a7ceb0dd056567bc5ade22a11a75920b0e8298865dc28c0eff6 \
-    --hash=sha256:9e379674728f43a0cd95c423ac0e95262500f9bfd81d33b999daa8ea1756d162 \
-    --hash=sha256:b15002b9788ffe84e42baffc334739d3b68008a973d65fad0a410ca5d0531980 \
-    --hash=sha256:b6f036ecc017ec2e2cc2a40615b41850dc7aaaea6a932628c0afc73ab98ba3fb \
-    --hash=sha256:bad73f9888d30f9e1d57ac8829f8a12091bdee4949b91db279569774a866a18e \
-    --hash=sha256:bbc58fca72ce45a64bb02b87f73df58e29848b693869e58bd890b2ddbb42d83b \
-    --hash=sha256:bca4d367a725694dae3dfdc86cf1d1622b9f414e70bd19651f5ac4fb3aa96d61 \
-    --hash=sha256:be41d5de7a8e241864189b7530ca4aaf56a5204332caa70555c2d96379e18079 \
-    --hash=sha256:bf53d8dddfc3e53a5bda65f7f4aa40fae306843641e3e8e701c18a5609471edf \
-    --hash=sha256:c092fe282de83d48e64d306b4bce03114859cdbfe19bf8a978a78a0d44ddadb1 \
-    --hash=sha256:c3ab23ee9674336654bf9cac30eb75ac6acb9150dc4b1391bec533a7a4126471 \
-    --hash=sha256:ce64a44c867d128ab8e675f587aae7f61bd2db836a3c4ba522d884cd7c298a77 \
-    --hash=sha256:d05cef4a164b44ffda58200efcb22355350979e000828479971ebca49b82ddb1 \
-    --hash=sha256:d2f25c7f410338d31666d7ddedfa67570900e248b940d186b48461bd4e5569a1 \
-    --hash=sha256:d3b709d64b5cf064972b3763b47139e4a0dc4ae28a36437757f7663f67b99710 \
-    --hash=sha256:e32e3455db14602b6117f0f422f46bc297a3853ae2c322ecd1e2c4c04daf6ed5 \
-    --hash=sha256:ed53209b5f0f383acb49a927179fa51a6e2259878e164273ebc6815f3a752465 \
-    --hash=sha256:f605f348f4e6a2ba00acb3399c71d213b92f27f2383fc4abebf7a37368c12142 \
-    --hash=sha256:fcdb3755a7c355bc29df1b5e6fb8226d5c8b90551d202d69d0076a8a5649d68b \
+sqlalchemy==1.3.18 \
+    --hash=sha256:0942a3a0df3f6131580eddd26d99071b48cfe5aaf3eab2783076fbc5a1c1882e \
+    --hash=sha256:0ec575db1b54909750332c2e335c2bb11257883914a03bc5a3306a4488ecc772 \
+    --hash=sha256:109581ccc8915001e8037b73c29590e78ce74be49ca0a3630a23831f9e3ed6c7 \
+    --hash=sha256:16593fd748944726540cd20f7e83afec816c2ac96b082e26ae226e8f7e9688cf \
+    --hash=sha256:427273b08efc16a85aa2b39892817e78e3ed074fcb89b2a51c4979bae7e7ba98 \
+    --hash=sha256:50c4ee32f0e1581828843267d8de35c3298e86ceecd5e9017dc45788be70a864 \
+    --hash=sha256:512a85c3c8c3995cc91af3e90f38f460da5d3cade8dc3a229c8e0879037547c9 \
+    --hash=sha256:57aa843b783179ab72e863512e14bdcba186641daf69e4e3a5761d705dcc35b1 \
+    --hash=sha256:621f58cd921cd71ba6215c42954ffaa8a918eecd8c535d97befa1a8acad986dd \
+    --hash=sha256:6ac2558631a81b85e7fb7a44e5035347938b0a73f5fdc27a8566777d0792a6a4 \
+    --hash=sha256:716754d0b5490bdcf68e1e4925edc02ac07209883314ad01a137642ddb2056f1 \
+    --hash=sha256:736d41cfebedecc6f159fc4ac0769dc89528a989471dc1d378ba07d29a60ba1c \
+    --hash=sha256:8619b86cb68b185a778635be5b3e6018623c0761dde4df2f112896424aa27bd8 \
+    --hash=sha256:87fad64529cde4f1914a5b9c383628e1a8f9e3930304c09cf22c2ae118a1280e \
+    --hash=sha256:89494df7f93b1836cae210c42864b292f9b31eeabca4810193761990dc689cce \
+    --hash=sha256:8cac7bb373a5f1423e28de3fd5fc8063b9c8ffe8957dc1b1a59cb90453db6da1 \
+    --hash=sha256:8fd452dc3d49b3cc54483e033de6c006c304432e6f84b74d7b2c68afa2569ae5 \
+    --hash=sha256:adad60eea2c4c2a1875eb6305a0b6e61a83163f8e233586a4d6a55221ef984fe \
+    --hash=sha256:c26f95e7609b821b5f08a72dab929baa0d685406b953efd7c89423a511d5c413 \
+    --hash=sha256:cbe1324ef52ff26ccde2cb84b8593c8bf930069dfc06c1e616f1bfd4e47f48a3 \
+    --hash=sha256:d05c4adae06bd0c7f696ae3ec8d993ed8ffcc4e11a76b1b35a5af8a099bd2284 \
+    --hash=sha256:d98bc827a1293ae767c8f2f18be3bb5151fd37ddcd7da2a5f9581baeeb7a3fa1 \
+    --hash=sha256:da2fb75f64792c1fc64c82313a00c728a7c301efe6a60b7a9fe35b16b4368ce7 \
+    --hash=sha256:e4624d7edb2576cd72bb83636cd71c8ce544d8e272f308bd80885056972ca299 \
+    --hash=sha256:e89e0d9e106f8a9180a4ca92a6adde60c58b1b0299e1b43bd5e0312f535fbf33 \
+    --hash=sha256:f11c2437fb5f812d020932119ba02d9e2bc29a6eca01a055233a8b449e3e1e7d \
+    --hash=sha256:f57be5673e12763dd400fea568608700a63ce1c6bd5bdbc3cc3a2c5fdb045274 \
+    --hash=sha256:fc728ece3d5c772c196fd338a99798e7efac7a04f9cb6416299a3638ee9a94cd \
    # via -r requirements/common.in
-sqlparse==0.4.1 \
-    --hash=sha256:017cde379adbd6a1f15a61873f43e8274179378e95ef3fede90b5aa64d304ed0 \
-    --hash=sha256:0f91fd2e829c44362cbcfab3e9ae12e22badaa8a29ad5ff599f9ec109f0454e8 \
+sqlparse==0.3.1 \
+    --hash=sha256:022fb9c87b524d1f7862b3037e541f68597a730a8843245c349fc93e1643dc4e \
+    --hash=sha256:e162203737712307dfe78860cc56c8da8a852ab2ee33750e33aeadf38d12c548 \
    # via django
 statsd==3.3.0 \
    --hash=sha256:c610fb80347fca0ef62666d241bce64184bd7cc1efe582f9690e045c25535eaa \
@@ -786,9 +718,9 @@ statsd==3.3.0 \
 strict-rfc3339==0.7 \
    --hash=sha256:5cad17bedfc3af57b399db0fed32771f18fc54bbd917e85546088607ac5e1277 \
    # via openapi-schema-validator
-stripe==2.55.0 \
-    --hash=sha256:2eebf023595e8aa9d65d8b46ccc3c716185bb9625d0e39d3956282fd7525848d \
-    --hash=sha256:833313d28dcceca71128ee915c2dacbbf235c909e0a01b0f94ee5037e1c46109 \
+stripe==2.48.0 \
+    --hash=sha256:515fe2cc915e639468f30150a39c162fc0fb090256ae9d6a04e5022925d136f1 \
+    --hash=sha256:bdbbea632b8faa983c670db61debbe0bdb5802ef98fd0613a03aa466e56cdade \
    # via -r requirements/common.in
 https://github.com/zulip/talon/archive/7d8bdc4dbcfcc5a73298747293b99fe53da55315.zip#egg=talon==1.2.10.zulip1 \
    --hash=sha256:21d87c437379287d09df7a2d2af7bd818d4fa00be619dff446dacbdb4338d921 \
@@ -804,23 +736,27 @@ traitlets==4.3.3 \
    --hash=sha256:70b4c6a1d9019d7b4f6846832288f86998aa3b9207c6821f3578a6a6a467fe44 \
    --hash=sha256:d023ee369ddd2763310e4c3eae1ff649689440d4ae59d7485eb4cfbbe3e359f7 \
    # via ipython
-twilio==6.46.0 \
-    --hash=sha256:9d591617b22e75b26cda11a10d353e2001d990a7ca1696d92e50abfc6ecdcb73 \
+twilio==6.44.0 \
+    --hash=sha256:d9528dca74bbfa7b1ada1880af79eb1d7df87edbb3887c5976d264e8f3ed0890 \
    # via -r requirements/common.in
-typing-extensions==3.7.4.3 \
-    --hash=sha256:7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918 \
-    --hash=sha256:99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c \
-    --hash=sha256:dafc7639cde7f1b6e1acc0f457842a83e722ccca8eef5270af2d74792619a89f \
+typing-extensions==3.7.4.2 \
+    --hash=sha256:6e95524d8a547a91e08f404ae485bbb71962de46967e1b71a0cb89af24e761c5 \
+    --hash=sha256:79ee589a3caca649a9bfd2a8de4709837400dfa00b6cc81962a1e6a1815969ae \
+    --hash=sha256:f8d2bd89d25bc39dabe7d23df520442fa1d8969b82544370e03d88b5a591c392 \
    # via -r requirements/common.in
+ua-parser==0.10.0 \
+    --hash=sha256:46ab2e383c01dbd2ab284991b87d624a26a08f72da4d7d413f5bfab8b9036f8a \
+    --hash=sha256:47b1782ed130d890018d983fac37c2a80799d9e0b9c532e734c67cf70f185033 \
+    # via django-cookies-samesite
 uhashring==1.2 \
    --hash=sha256:f7304ca2ff763bbf1e2f8a78f21131721811619c5841de4f8c98063344906931 \
    # via python-binary-memcached
 https://github.com/zulip/ultrajson/archive/70ac02becc3e11174cd5072650f885b30daab8a8.zip#egg=ujson==1.35+git \
    --hash=sha256:e95c20f47093dc7376ddf70b95489979375fb6e88b8d7e4b5576d917dda8ef5a \
    # via -r requirements/common.in
-urllib3==1.25.11 \
-    --hash=sha256:8d7eaa5a82a1cac232164990f04874c594c9453ec55eef02eab885aa02fc17a2 \
-    --hash=sha256:f5321fbe4bf3fefa0efd0bfe7fb14e90909eb62a48ccda331726b4319897dd5e \
+urllib3==1.25.9 \
+    --hash=sha256:3018294ebefce6572a474f0604c2021e33b3fd8006ecd11d62107a5d2a963527 \
+    --hash=sha256:88206b0eb87e6d677d424843ac5209e3fb9d0190d0ee169599165ec25e9d9115 \
    # via botocore, requests
 uwsgi==2.0.19.1 \
    --hash=sha256:faa85e053c0b1be4d5585b0858d3a511d2cd10201802e8676060fd0a109e5869 \
@@ -854,9 +790,9 @@ yamole==2.1.7 \
    --hash=sha256:cd37040d1b396d58ac5bd9864999b98700d37156b2e65d9498486874aee38fda \
    --hash=sha256:f491345f18e9d4133eed196166136144e92bb4bad83e60d44ce5754adf130a36 \
    # via -r requirements/common.in
-zipp==3.4.0 \
-    --hash=sha256:102c24ef8f171fd729d46599845e95c7ab894a4cf45f5de11a44cc7444fb1108 \
-    --hash=sha256:ed5eee1974372595f9e416cc7bbeeb12335201d8081ca8a0743c954d4446e5cb \
+zipp==3.1.0 \
+    --hash=sha256:aa36550ff0c0b7ef7fa639055d797116ee891440eac1a56f378e2d3179e0320b \
+    --hash=sha256:c599e4d75c98f6798c509911d08a22e6c021d074469042177c8c86fb92eefd96 \
    # via importlib-metadata
 https://github.com/zulip/python-zulip-api/archive/0.7.0.zip/#egg=zulip==0.7.0_git&subdirectory=zulip \
    --hash=sha256:161e3f38a9d27bf76a30da3d3d81f5f1b71a8c2c8144e0c4a33cd15018606d9f \
@@ -869,11 +805,11 @@ zxcvbn==4.4.28 \
    # via -r requirements/common.in

 # The following packages are considered to be unsafe in a requirements file:
-pip==20.2.4 \
-    --hash=sha256:51f1c7514530bd5c145d8f13ed936ad6b8bfcb8cf74e10403d0890bc986f0033 \
-    --hash=sha256:85c99a857ea0fb0aedf23833d9be5c40cf253fe24443f0829c7b472e23c364a1 \
+pip==20.1.1 \
+    --hash=sha256:27f8dc29387dd83249e06e681ce087e6061826582198a425085e0bf4c1cf3a55 \
+    --hash=sha256:b27c4dedae8c41aa59108f2fa38bf78e0890e590545bc8ece7cdceb4ba60f6e4 \
    # via zulip-bots
-setuptools==50.3.2 \
-    --hash=sha256:2c242a0856fbad7efbe560df4a7add9324f340cf48df43651e9604924466794a \
-    --hash=sha256:ed0519d27a243843b05d82a5e9d01b0b083d9934eaa3d02779a23da18077bd3c \
+setuptools==49.1.0 \
+    --hash=sha256:60351853f8c093ef57224695ee989d5d074168f6b93dae000fa9996072adaba3 \
+    --hash=sha256:daf2e1c215f805b0ddc3b4262886bb6667ae0d4563887a8374fb766adc47c324 \
    # via ipython, jsonschema
--- a/requirements/thumbor-dev.txt
+++ b/requirements/thumbor-dev.txt
@@ -7,44 +7,23 @@
 #
 # For details, see requirements/README.md .
 #
-aiobotocore==1.1.2 \
-    --hash=sha256:457549acaf3a3d10ad8a6256ec5b791ea885e4d2fa11783d22bb8f411a058141 \
-    --hash=sha256:54b23e3ac82955caa90ea320301255a4c738ff0a827599f57129e3f1d883c9ba \
+aiobotocore==1.0.7 \
+    --hash=sha256:9589d812714a5b78f0b8249916c17374e507dd7edfd5038a85cd6f25028506f3 \
+    --hash=sha256:d3183a22a376a97ed0a739854408fcf4ee9f24a629b38f84451b7e2111622ae3 \
    # via tc-aws
-aiohttp==3.7.2 \
-    --hash=sha256:027be45c4b37e21be81d07ae5242361d73eebad1562c033f80032f955f34df82 \
-    --hash=sha256:06efdb01ab71ec20786b592d510d1d354fbe0b2e4449ee47067b9ca65d45a006 \
-    --hash=sha256:0989ff15834a4503056d103077ec3652f9ea5699835e1ceaee46b91cf59830bf \
-    --hash=sha256:11e087c316e933f1f52f3d4a09ce13f15ad966fc43df47f44ca4e8067b6a2e0d \
-    --hash=sha256:184ead67248274f0e20b0cd6bb5f25209b2fad56e5373101cc0137c32c825c87 \
-    --hash=sha256:1c36b7ef47cfbc150314c2204cd73613d96d6d0982d41c7679b7cdcf43c0e979 \
-    --hash=sha256:2aea79734ac5ceeac1ec22b4af4efb4efd6a5ca3d73d77ec74ed782cf318f238 \
-    --hash=sha256:2e886611b100c8c93b753b457e645c5e4b8008ec443434d2a480e5a2bb3e6514 \
-    --hash=sha256:476b1f8216e59a3c2ffb71b8d7e1da60304da19f6000d422bacc371abb0fc43d \
-    --hash=sha256:48104c883099c0e614c5c38f98c1d174a2c68f52f58b2a6e5a07b59df78262ab \
-    --hash=sha256:4afd8002d9238e5e93acf1a8baa38b3ddf1f7f0ebef174374131ff0c6c2d7973 \
-    --hash=sha256:547b196a7177511da4f475fc81d0bb88a51a8d535c7444bbf2338b6dc82cb996 \
-    --hash=sha256:67f8564c534d75c1d613186939cee45a124d7d37e7aece83b17d18af665b0d7a \
-    --hash=sha256:6e0d1231a626d07b23f6fe904caa44efb249da4222d8a16ab039fb2348722292 \
-    --hash=sha256:7e26712871ebaf55497a60f55483dc5e74326d1fb0bfceab86ebaeaa3a266733 \
-    --hash=sha256:7f1aeb72f14b9254296cdefa029c00d3c4550a26e1059084f2ee10d22086c2d0 \
-    --hash=sha256:8319a55de469d5af3517dfe1f6a77f248f6668c5a552396635ef900f058882ef \
-    --hash=sha256:835bd35e14e4f36414e47c195e6645449a0a1c3fd5eeae4b7f22cb4c5e4f503a \
-    --hash=sha256:89c1aa729953b5ac6ca3c82dcbd83e7cdecfa5cf9792c78c154a642e6e29303d \
-    --hash=sha256:8a8addd41320637c1445fea0bae1fd9fe4888acc2cd79217ee33e5d1c83cfe01 \
-    --hash=sha256:8fbeeb2296bb9fe16071a674eadade7391be785ae0049610e64b60ead6abcdd7 \
-    --hash=sha256:a1f1cc11c9856bfa7f1ca55002c39070bde2a97ce48ef631468e99e2ac8e3fe6 \
-    --hash=sha256:ad5c3559e3cd64f746df43fa498038c91aa14f5d7615941ea5b106e435f3b892 \
-    --hash=sha256:b822bf7b764283b5015e3c49b7bb93f37fc03545f4abe26383771c6b1c813436 \
-    --hash=sha256:b84cef790cb93cec82a468b7d2447bf16e3056d2237b652e80f57d653b61da88 \
-    --hash=sha256:be9fa3fe94fc95e9bf84e84117a577c892906dd3cb0a95a7ae21e12a84777567 \
-    --hash=sha256:c53f1d2bd48f5f407b534732f5b3c6b800a58e70b53808637848d8a9ee127fe7 \
-    --hash=sha256:c588a0f824dc7158be9eec1ff465d1c868ad69a4dc518cd098cc11e4f7da09d9 \
-    --hash=sha256:c6da1af59841e6d43255d386a2c4bfb59c0a3b262bdb24325cc969d211be6070 \
-    --hash=sha256:c9a415f4f2764ab6c7d63ee6b86f02a46b4df9bc11b0de7ffef206908b7bf0b4 \
-    --hash=sha256:cdbb65c361ff790c424365a83a496fc8dd1983689a5fb7c6852a9a3ff1710c61 \
-    --hash=sha256:f04dcbf6af1868048a9b4754b1684c669252aa2419aa67266efbcaaead42ced7 \
-    --hash=sha256:f8c583c31c6e790dc003d9d574e3ed2c5b337947722965096c4d684e4f183570 \
+aiohttp==3.6.2 \
+    --hash=sha256:1e984191d1ec186881ffaed4581092ba04f7c61582a177b187d3a2f07ed9719e \
+    --hash=sha256:259ab809ff0727d0e834ac5e8a283dc5e3e0ecc30c4d80b3cd17a4139ce1f326 \
+    --hash=sha256:2f4d1a4fdce595c947162333353d4a44952a724fba9ca3205a3df99a33d1307a \
+    --hash=sha256:32e5f3b7e511aa850829fbe5aa32eb455e5534eaa4b1ce93231d00e2f76e5654 \
+    --hash=sha256:344c780466b73095a72c616fac5ea9c4665add7fc129f285fbdbca3cccf4612a \
+    --hash=sha256:460bd4237d2dbecc3b5ed57e122992f60188afe46e7319116da5eb8a9dfedba4 \
+    --hash=sha256:4c6efd824d44ae697814a2a85604d8e992b875462c6655da161ff18fd4f29f17 \
+    --hash=sha256:50aaad128e6ac62e7bf7bd1f0c0a24bc968a0c0590a726d5a955af193544bcec \
+    --hash=sha256:6206a135d072f88da3e71cc501c59d5abffa9d0bb43269a6dcd28d66bfafdbdd \
+    --hash=sha256:65f31b622af739a802ca6fd1a3076fd0ae523f8485c52924a89561ba10c49b48 \
+    --hash=sha256:ae55bac364c405caa23a4f2d6cfecc6a0daada500274ffca4a9230e7129eac59 \
+    --hash=sha256:b778ce0c909a2653741cb4b1ac7015b5c130ab9c897611df43ae6a58523cb965 \
    # via aiobotocore
 aioitertools==0.7.0 \
    --hash=sha256:341cb05a0903177ef1b73d4cc12c92aee18e81c364e0138f4efc7ec3c47b8177 \
@@ -54,13 +33,13 @@ async-timeout==3.0.1 \
    --hash=sha256:0c3c816a028d47f659d6ff5c745cb2acf1f966da1fe5c19c77a70282b25f4c5f \
    --hash=sha256:4291ca197d287d274d0b6cb5d6f8f8f82d434ed288f962539ff18cc9012f9ea3 \
    # via aiohttp
-attrs==20.2.0 \
-    --hash=sha256:26b54ddbbb9ee1d34d5d3668dd37d6cf74990ab23c828c2888dccdceee395594 \
-    --hash=sha256:fce7fc47dfc976152e82d53ff92fa0407700c21acd20886a13777a0d20e655dc \
+attrs==19.3.0 \
+    --hash=sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c \
+    --hash=sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72 \
    # via aiohttp
-botocore==1.17.44 \
-    --hash=sha256:1b46ffe1d13922066c873323186cbf97e77c137e08e27039d9d684552ccc4892 \
-    --hash=sha256:1f6175bf59ffa068055b65f7d703eb1f748c338594a40dfdc645a6130280d8bb \
+botocore==1.15.32 \
+    --hash=sha256:3ea89601ee452b65084005278bd832be854cfde5166685dcb14b6c8f19d3fc6d \
+    --hash=sha256:a963af564d94107787ff3d2c534e8b7aed7f12e014cdd609f8fcb17bf9d9b19a \
    # via aiobotocore
 chardet==3.0.4 \
    --hash=sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae \
@@ -77,9 +56,9 @@ django-auth-ldap==2.2.0 \
    --hash=sha256:0ed2d88d81c39be915a9ab53b97ec0a33a3d16055518ab4c9bcffe8236d40370 \
    --hash=sha256:11af1773b08613339d2c3a0cec1308a4d563518f17b1719c3759994d0b4d04bf \
    # via -r requirements/thumbor.in
-django==2.2.16 \
-    --hash=sha256:62cf45e5ee425c52e411c0742e641a6588b7e8af0d2c274a27940931b2786594 \
-    --hash=sha256:83ced795a0f239f41d8ecabf51cc5fad4b97462a6008dc12e5af3cb9288724ec \
+django==2.2.14 \
+    --hash=sha256:edf0ecf6657713b0435b6757e6069466925cae70d634a3283c96b80c01e06191 \
+    --hash=sha256:f2250bd35d0f6c23e930c544629934144e5dd39a4c06092e1050c731c1712ba8 \
    # via -r requirements/thumbor.in, django-auth-ldap
 docutils==0.15.2 \
    --hash=sha256:6c4f696463b79f1fb8ba0c594b63840ebd41f059e92b31957c46b74a4599b6d0 \
@@ -101,94 +80,73 @@ libthumbor==2.0.1 \
    --hash=sha256:3c4e1a59c019d22f868d225315c06f97fad30fb5e78112d6a230b978e7d24e38 \
    --hash=sha256:ed4fe5f27f8f90e7285b7e6dce99c1b67d43a140bf370e989080b43d80ce25f0 \
    # via thumbor
-multidict==5.0.0 \
-    --hash=sha256:02b2ea2bb1277a970d238c5c783023790ca94d386c657aeeb165259950951cc6 \
-    --hash=sha256:0ce1d956ecbf112d49915ebc2f29c03e35fe451fb5e9f491edf9a2f4395ee0af \
-    --hash=sha256:0ffdb4b897b15df798c0a5939a0323ccf703f2bae551dfab4eb1af7fbab38ead \
-    --hash=sha256:11dcf2366da487d5b9de1d4b2055308c7ed9bde1a52973d07a89b42252af9ebe \
-    --hash=sha256:167bd8e6351b57525bbf2d524ca5a133834699a2fcb090aad0c330c6017f3f3e \
-    --hash=sha256:1b324444299c3a49b601b1bf621fc21704e29066f6ac2b7d7e4034a4a18662a1 \
-    --hash=sha256:20eaf1c279c543e07c164e4ac02151488829177da06607efa7ccfecd71b21e79 \
-    --hash=sha256:2739d1d9237835122b27d88990849ecf41ef670e0fcb876159edd236ca9ef40f \
-    --hash=sha256:28b5913e5b6fef273e5d4230b61f33c8a51c3ce5f44a88582dee6b5ca5c9977b \
-    --hash=sha256:2b0cfc33f53e5c8226f7d7c4e126fa0780f970ef1e96f7c6353da7d01eafe490 \
-    --hash=sha256:32f0a904859a6274d7edcbb01752c8ae9c633fb7d1c131771ff5afd32eceee42 \
-    --hash=sha256:39713fa2c687e0d0e709ad751a8a709ac051fcdc7f2048f6fd09365dd03c83eb \
-    --hash=sha256:4ef76ce695da72e176f6a51867afb3bf300ce16ba2597824caaef625af5906a9 \
-    --hash=sha256:5263359a03368985b5296b7a73363d761a269848081879ba04a6e4bfd0cf4a78 \
-    --hash=sha256:52b5b51281d760197ce3db063c166fdb626e01c8e428a325aa37198ce31c9565 \
-    --hash=sha256:5dd303b545b62f9d2b14f99fbdb84c109a20e64a57f6a192fe6aebcb6263b59d \
-    --hash=sha256:60af726c19a899ed49bbb276e062f08b80222cb6b9feda44b59a128b5ff52966 \
-    --hash=sha256:60b12d14bc122ba2dae1e4460a891b3a96e73d815b4365675f6ec0a1725416a5 \
-    --hash=sha256:620c39b1270b68e194023ad471b6a54bdb517bb48515939c9829b56c783504a3 \
-    --hash=sha256:62f6e66931fb87e9016e7c1cc806ab4f3e39392fd502362df3cac888078b27cb \
-    --hash=sha256:711289412b78cf41a21457f4c806890466013d62bf4296bd3d71fad73ff8a581 \
-    --hash=sha256:7561a804093ea4c879e06b5d3d18a64a0bc21004bade3540a4b31342b528d326 \
-    --hash=sha256:786ad04ad954afe9927a1b3049aa58722e182160fe2fcac7ad7f35c93595d4f6 \
-    --hash=sha256:79dc3e6e7ce853fb7ed17c134e01fcb0d0c826b33201aa2a910fb27ed75c2eb9 \
-    --hash=sha256:84e4943d8725659942e7401bdf31780acde9cfdaf6fe977ff1449fffafcd93a9 \
-    --hash=sha256:932964cf57c0e59d1f3fb63ff342440cf8aaa75bf0dbcbad902c084024975380 \
-    --hash=sha256:a5eca9ee72b372199c2b76672145e47d3c829889eefa2037b1f3018f54e5f67d \
-    --hash=sha256:aad240c1429e386af38a2d6761032f0bec5177fed7c5f582c835c99fff135b5c \
-    --hash=sha256:bbec545b8f82536bc50afa9abce832176ed250aa22bfff3e20b3463fb90b0b35 \
-    --hash=sha256:c339b7d73c0ea5c551025617bb8aa1c00a0111187b6545f48836343e6cfbe6a0 \
-    --hash=sha256:c692087913e12b801a759e25a626c3d311f416252dfba2ecdfd254583427949f \
-    --hash=sha256:cda06c99cd6f4a36571bb38e560a6fcfb1f136521e57f612e0bc31957b1cd4bd \
-    --hash=sha256:ec8bc0ab00c76c4260a201eaa58812ea8b1b7fde0ecf5f9c9365a182bd4691ed \
+multidict==4.7.6 \
+    --hash=sha256:1ece5a3369835c20ed57adadc663400b5525904e53bae59ec854a5d36b39b21a \
+    --hash=sha256:275ca32383bc5d1894b6975bb4ca6a7ff16ab76fa622967625baeebcf8079000 \
+    --hash=sha256:3750f2205b800aac4bb03b5ae48025a64e474d2c6cc79547988ba1d4122a09e2 \
+    --hash=sha256:4538273208e7294b2659b1602490f4ed3ab1c8cf9dbdd817e0e9db8e64be2507 \
+    --hash=sha256:5141c13374e6b25fe6bf092052ab55c0c03d21bd66c94a0e3ae371d3e4d865a5 \
+    --hash=sha256:51a4d210404ac61d32dada00a50ea7ba412e6ea945bbe992e4d7a595276d2ec7 \
+    --hash=sha256:5cf311a0f5ef80fe73e4f4c0f0998ec08f954a6ec72b746f3c179e37de1d210d \
+    --hash=sha256:6513728873f4326999429a8b00fc7ceddb2509b01d5fd3f3be7881a257b8d463 \
+    --hash=sha256:7388d2ef3c55a8ba80da62ecfafa06a1c097c18032a501ffd4cabbc52d7f2b19 \
+    --hash=sha256:9456e90649005ad40558f4cf51dbb842e32807df75146c6d940b6f5abb4a78f3 \
+    --hash=sha256:c026fe9a05130e44157b98fea3ab12969e5b60691a276150db9eda71710cd10b \
+    --hash=sha256:d14842362ed4cf63751648e7672f7174c9818459d169231d03c56e84daf90b7c \
+    --hash=sha256:e0d072ae0f2a179c375f67e3da300b47e1a83293c554450b29c900e50afaae87 \
+    --hash=sha256:f07acae137b71af3bb548bd8da720956a3bc9f9a0b87733e0899226a2317aeb7 \
+    --hash=sha256:fbb77a75e529021e7c4a8d4e823d88ef4d23674a202be4f5addffc72cbb91430 \
+    --hash=sha256:fcfbb44c59af3f8ea984de67ec7c306f618a3ec771c2843804069917a8f2e255 \
+    --hash=sha256:feed85993dbdb1dbc29102f50bca65bdc68f2c0c8d352468c25b54874f23c39d \
    # via aiohttp, yarl
-numpy==1.19.3 \
-    --hash=sha256:0ee77786eebbfa37f2141fd106b549d37c89207a0d01d8852fde1c82e9bfc0e7 \
-    --hash=sha256:199bebc296bd8a5fc31c16f256ac873dd4d5b4928dfd50e6c4995570fc71a8f3 \
-    --hash=sha256:1a307bdd3dd444b1d0daa356b5f4c7de2e24d63bdc33ea13ff718b8ec4c6a268 \
-    --hash=sha256:1ea7e859f16e72ab81ef20aae69216cfea870676347510da9244805ff9670170 \
-    --hash=sha256:271139653e8b7a046d11a78c0d33bafbddd5c443a5b9119618d0652a4eb3a09f \
-    --hash=sha256:35bf5316af8dc7c7db1ad45bec603e5fb28671beb98ebd1d65e8059efcfd3b72 \
-    --hash=sha256:463792a249a81b9eb2b63676347f996d3f0082c2666fd0604f4180d2e5445996 \
-    --hash=sha256:50d3513469acf5b2c0406e822d3f314d7ac5788c2b438c24e5dd54d5a81ef522 \
-    --hash=sha256:50f68ebc439821b826823a8da6caa79cd080dee2a6d5ab9f1163465a060495ed \
-    --hash=sha256:51e8d2ae7c7e985c7bebf218e56f72fa93c900ad0c8a7d9fbbbf362f45710f69 \
-    --hash=sha256:522053b731e11329dd52d258ddf7de5288cae7418b55e4b7d32f0b7e31787e9d \
-    --hash=sha256:5ea4401ada0d3988c263df85feb33818dc995abc85b8125f6ccb762009e7bc68 \
-    --hash=sha256:604d2e5a31482a3ad2c88206efd43d6fcf666ada1f3188fd779b4917e49b7a98 \
-    --hash=sha256:6ff88bcf1872b79002569c63fe26cd2cda614e573c553c4d5b814fb5eb3d2822 \
-    --hash=sha256:7197ee0a25629ed782c7bd01871ee40702ffeef35bc48004bc2fdcc71e29ba9d \
-    --hash=sha256:741d95eb2b505bb7a99fbf4be05fa69f466e240c2b4f2d3ddead4f1b5f82a5a5 \
-    --hash=sha256:83af653bb92d1e248ccf5fdb05ccc934c14b936bcfe9b917dc180d3f00250ac6 \
-    --hash=sha256:8802d23e4895e0c65e418abe67cdf518aa5cbb976d97f42fd591f921d6dffad0 \
-    --hash=sha256:8edc4d687a74d0a5f8b9b26532e860f4f85f56c400b3a98899fc44acb5e27add \
-    --hash=sha256:942d2cdcb362739908c26ce8dd88db6e139d3fa829dd7452dd9ff02cba6b58b2 \
-    --hash=sha256:9a0669787ba8c9d3bb5de5d9429208882fb47764aa79123af25c5edc4f5966b9 \
-    --hash=sha256:9d08d84bb4128abb9fbd9f073e5c69f70e5dab991a9c42e5b4081ea5b01b5db0 \
-    --hash=sha256:9f7f56b5e85b08774939622b7d45a5d00ff511466522c44fc0756ac7692c00f2 \
-    --hash=sha256:a2daea1cba83210c620e359de2861316f49cc7aea8e9a6979d6cb2ddab6dda8c \
-    --hash=sha256:b9074d062d30c2779d8af587924f178a539edde5285d961d2dfbecbac9c4c931 \
-    --hash=sha256:c4aa79993f5d856765819a3651117520e41ac3f89c3fc1cb6dee11aa562df6da \
-    --hash=sha256:d78294f1c20f366cde8a75167f822538a7252b6e8b9d6dbfb3bdab34e7c1929e \
-    --hash=sha256:dfdc8b53aa9838b9d44ed785431ca47aa3efaa51d0d5dd9c412ab5247151a7c4 \
-    --hash=sha256:dffed17848e8b968d8d3692604e61881aa6ef1f8074c99e81647ac84f6038535 \
-    --hash=sha256:e080087148fd70469aade2abfeadee194357defd759f9b59b349c6192aba994c \
-    --hash=sha256:e983cbabe10a8989333684c98fdc5dd2f28b236216981e0c26ed359aaa676772 \
-    --hash=sha256:ea6171d2d8d648dee717457d0f75db49ad8c2f13100680e284d7becf3dc311a6 \
-    --hash=sha256:eefc13863bf01583a85e8c1121a901cc7cb8f059b960c4eba30901e2e6aba95f \
-    --hash=sha256:efd656893171bbf1331beca4ec9f2e74358fc732a2084f664fd149cc4b3441d2 \
+numpy==1.19.0 \
+    --hash=sha256:13af0184177469192d80db9bd02619f6fa8b922f9f327e077d6f2a6acb1ce1c0 \
+    --hash=sha256:26a45798ca2a4e168d00de75d4a524abf5907949231512f372b217ede3429e98 \
+    --hash=sha256:26f509450db547e4dfa3ec739419b31edad646d21fb8d0ed0734188b35ff6b27 \
+    --hash=sha256:30a59fb41bb6b8c465ab50d60a1b298d1cd7b85274e71f38af5a75d6c475d2d2 \
+    --hash=sha256:33c623ef9ca5e19e05991f127c1be5aeb1ab5cdf30cb1c5cf3960752e58b599b \
+    --hash=sha256:356f96c9fbec59974a592452ab6a036cd6f180822a60b529a975c9467fcd5f23 \
+    --hash=sha256:3c40c827d36c6d1c3cf413694d7dc843d50997ebffbc7c87d888a203ed6403a7 \
+    --hash=sha256:4d054f013a1983551254e2379385e359884e5af105e3efe00418977d02f634a7 \
+    --hash=sha256:63d971bb211ad3ca37b2adecdd5365f40f3b741a455beecba70fd0dde8b2a4cb \
+    --hash=sha256:658624a11f6e1c252b2cd170d94bf28c8f9410acab9f2fd4369e11e1cd4e1aaf \
+    --hash=sha256:76766cc80d6128750075378d3bb7812cf146415bd29b588616f72c943c00d598 \
+    --hash=sha256:7b57f26e5e6ee2f14f960db46bd58ffdca25ca06dd997729b1b179fddd35f5a3 \
+    --hash=sha256:7b852817800eb02e109ae4a9cef2beda8dd50d98b76b6cfb7b5c0099d27b52d4 \
+    --hash=sha256:8cde829f14bd38f6da7b2954be0f2837043e8b8d7a9110ec5e318ae6bf706610 \
+    --hash=sha256:a2e3a39f43f0ce95204beb8fe0831199542ccab1e0c6e486a0b4947256215632 \
+    --hash=sha256:a86c962e211f37edd61d6e11bb4df7eddc4a519a38a856e20a6498c319efa6b0 \
+    --hash=sha256:a8705c5073fe3fcc297fb8e0b31aa794e05af6a329e81b7ca4ffecab7f2b95ef \
+    --hash=sha256:b6aaeadf1e4866ca0fdf7bb4eed25e521ae21a7947c59f78154b24fc7abbe1dd \
+    --hash=sha256:be62aeff8f2f054eff7725f502f6228298891fd648dc2630e03e44bf63e8cee0 \
+    --hash=sha256:c2edbb783c841e36ca0fa159f0ae97a88ce8137fb3a6cd82eae77349ba4b607b \
+    --hash=sha256:cbe326f6d364375a8e5a8ccb7e9cd73f4b2f6dc3b2ed205633a0db8243e2a96a \
+    --hash=sha256:d34fbb98ad0d6b563b95de852a284074514331e6b9da0a9fc894fb1cdae7a79e \
+    --hash=sha256:d97a86937cf9970453c3b62abb55a6475f173347b4cde7f8dcdb48c8e1b9952d \
+    --hash=sha256:dd53d7c4a69e766e4900f29db5872f5824a06827d594427cf1a4aa542818b796 \
+    --hash=sha256:df1889701e2dfd8ba4dc9b1a010f0a60950077fb5242bb92c8b5c7f1a6f2668a \
+    --hash=sha256:fa1fe75b4a9e18b66ae7f0b122543c42debcf800aaafa0212aaff3ad273c2596 \
    # via opencv-python-headless
-opencv-python-headless==4.4.0.44 \
-    --hash=sha256:01e54dd61fc849f2c4dea9eb62e056f4332612616fc4d0576cb5a9096ae5818b \
-    --hash=sha256:0896413b35b4b64acae42b84f740a458e0520d51f806946adf185e710a2ab300 \
-    --hash=sha256:0c6ab08883e4f026c863a9d785f1ab7546bf2620d873d30fbedebf8e607d8ffc \
-    --hash=sha256:19cd76fcf886033a08556e203c49fdc4bfb4a95325f0b2d18562e6411f7bd475 \
-    --hash=sha256:4bc859120ce9271669cd5e7a01ac2a479b6f21e81900f1b7325d266c6e3a0e5f \
-    --hash=sha256:4ef242b8923c693ad6b2e0ae7023582ebd983e6d487771639d0e9550e01fd120 \
-    --hash=sha256:54dd417aba4bfcc2a6a2110bb6e6fed8a0f8eef2d432f86a1739cfa3e6d6caea \
-    --hash=sha256:6003e57e9824a9f098d85ae833268f51356c6f23ea4669dd3ee2092bcbd2c800 \
-    --hash=sha256:6d3d2efeedd13f452d59caf84f4eb507edf1763edb8e79de2e9aa47c05713b25 \
-    --hash=sha256:6eefcacfb9b2da305277e1a93c7bf074dcd10b7aa154a0c963ded08fc0ffc02e \
-    --hash=sha256:93f251c28739d8e8ade8898ddcbd75dcec60f779d9534644c568e7e65e2b76de \
-    --hash=sha256:9fe62a18ddf18d80271f67c36b019044b33941c11aa2c13ba549c3142bdc3a50 \
-    --hash=sha256:a70c4d986c90d76514098af979344f7f3eeea694beb44ecdebf6a29e3d0c3774 \
-    --hash=sha256:aa8cb3fe425b637879026661c53985fcabb3c1184bb6c17e2c1257e893b2e4c9 \
-    --hash=sha256:b5d38a1100fdf1992170a3190176c3b99321f0e96e32a383f3b60b852e3f599f \
-    --hash=sha256:b9ac818c9b000389cfc6892c3109dd98d1eab63a6038084c6f8a560c8a696f17 \
+opencv-python-headless==4.3.0.36 \
+    --hash=sha256:065c6fc2efc61ebc3dd7de7774895e200b2c050d4e8b499cee717a9db526880e \
+    --hash=sha256:103c705540603f349e714edff93606c66d0e0a6a36d22aca8f4c2a3f8f25823c \
+    --hash=sha256:1b1dcdd4ccf4b71767add0b674f876aad666395471ccdce5455209329f036109 \
+    --hash=sha256:271d7de7655f8d3a55100565b486d9f63da7465722e7a7ab834c853a2ee67b6e \
+    --hash=sha256:2f71a14ccd109948f9c4c1761794e3512e7eff1e3b893619de6443467cec9052 \
+    --hash=sha256:325fc39fcee0d07df07b409cefe3868086ed60f7286798c32765dce393c6951d \
+    --hash=sha256:3cf602a40750cbab284cb9d6f508d9110a3c79d4e18a261cb09957e2ca6f07d6 \
+    --hash=sha256:3d8b3e2b2dc5796cc1f34a6bd5e43d646818843a14554be55bb9e92dcb78ada0 \
+    --hash=sha256:4b303ae6b207ed79071e2ab930a0f39d7e97bc176b730d552accdf7d0ea8ef5a \
+    --hash=sha256:5fabfc789d6b8cffbb01f4e224d3583cce12666bbebafa15e8bca69111a21153 \
+    --hash=sha256:653459f61b44f1d7f20ce36c6112925b351e2abadb4be6f3007440b237bafffd \
+    --hash=sha256:8c496eb24af0ff16844f5b12fcbb28469151822fe19ece7b6cf66279c451981d \
+    --hash=sha256:9b0e9fa11f203c39a51044471f01d5db0dd493b13e6da209cc8945b12e6eef9e \
+    --hash=sha256:baaeef03220c48430768503af990b3ca5582a3c1a1bf03519db122e2ddcd78a3 \
+    --hash=sha256:d269133ebfe8c99b7abe096358c0644212103b4806ae6e8ef5149d4e0d5edb36 \
+    --hash=sha256:e204a75a00bee4c10875a94ccc8e102d9ab7e1259cc0f4ddf64cee777da6bbc9 \
+    --hash=sha256:e217bbbbb7dc06d77c799edac196f2f706601f4f6a8b2d44ae25eda4cda23e08 \
+    --hash=sha256:f5a29918dd8d8c3f4d7710a324fd3c733a91ad269c4863b32b920cb90801e22b \
+    --hash=sha256:fe28cfc3b6285f7e92905c53d42426f4f03e7af134712061329333e8fb8ea3d6 \
    # via thumbor
 pillow==7.2.0 \
    --hash=sha256:0295442429645fa16d05bd567ef5cff178482439c9aad0411d3f0ce9b88b3a6f \
@@ -208,13 +166,11 @@ pillow==7.2.0 \
    --hash=sha256:94cf49723928eb6070a892cb39d6c156f7b5a2db4e8971cb958f7b6b104fb4c4 \
    --hash=sha256:97f9e7953a77d5a70f49b9a48da7776dc51e9b738151b22dacf101641594a626 \
    --hash=sha256:9ad7f865eebde135d526bb3163d0b23ffff365cf87e767c649550964ad72785d \
-    --hash=sha256:9c87ef410a58dd54b92424ffd7e28fd2ec65d2f7fc02b76f5e9b2067e355ebf6 \
    --hash=sha256:a060cf8aa332052df2158e5a119303965be92c3da6f2d93b6878f0ebca80b2f6 \
    --hash=sha256:c79f9c5fb846285f943aafeafda3358992d64f0ef58566e23484132ecd8d7d63 \
    --hash=sha256:c92302a33138409e8f1ad16731568c55c9053eee71bb05b6b744067e1b62380f \
    --hash=sha256:d08b23fdb388c0715990cbc06866db554e1822c4bdcf6d4166cf30ac82df8c41 \
    --hash=sha256:d350f0f2c2421e65fbc62690f26b59b0bcda1b614beb318c81e38647e0f673a1 \
-    --hash=sha256:e901964262a56d9ea3c2693df68bc9860b8bdda2b04768821e4c44ae797de117 \
    --hash=sha256:ec29604081f10f16a7aea809ad42e27764188fc258b02259a03a8ff7ded3808d \
    --hash=sha256:edf31f1150778abd4322444c393ab9c7bd2af271dd4dafb4208fb613b1f3cdc9 \
    --hash=sha256:f7e30c27477dffc3e85c2463b3e649f751789e0f6c8456099eea7ddd53be4a8a \
@@ -228,9 +184,6 @@ pyasn1==0.4.8 \
    --hash=sha256:39c7e2ec30515947ff4e87fb6f456dfc6e84857d34be479c9d4a4ba4bf46aa5d \
    --hash=sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba \
    # via pyasn1-modules, python-ldap
-pycurl==7.43.0.6 \
-    --hash=sha256:8301518689daefa53726b59ded6b48f33751c383cf987b0ccfbbc4ed40281325 \
-    # via -r requirements/thumbor.in
 python-dateutil==2.8.1 \
    --hash=sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c \
    --hash=sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a \
@@ -246,16 +199,16 @@ six==1.15.0 \
    --hash=sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259 \
    --hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced \
    # via derpconf, libthumbor, python-dateutil
-sqlparse==0.4.1 \
-    --hash=sha256:017cde379adbd6a1f15a61873f43e8274179378e95ef3fede90b5aa64d304ed0 \
-    --hash=sha256:0f91fd2e829c44362cbcfab3e9ae12e22badaa8a29ad5ff599f9ec109f0454e8 \
+sqlparse==0.3.1 \
+    --hash=sha256:022fb9c87b524d1f7862b3037e541f68597a730a8843245c349fc93e1643dc4e \
+    --hash=sha256:e162203737712307dfe78860cc56c8da8a852ab2ee33750e33aeadf38d12c548 \
    # via django
 statsd==3.3.0 \
    --hash=sha256:c610fb80347fca0ef62666d241bce64184bd7cc1efe582f9690e045c25535eaa \
    --hash=sha256:e3e6db4c246f7c59003e51c9720a51a7f39a396541cb9b147ff4b14d15b5dd1f \
    # via thumbor
-https://github.com/kkopachev/aws/archive/b5058e6b9fec7354629acc6d5df423e0310bb0cd.zip#egg=tc_aws==6.3 \
-    --hash=sha256:8a28437b0dfab88c89f280a2d6ec55a6abfa3e26d495dc15e1b3f38744e27f0c \
+https://github.com/kkopachev/aws/archive/0d02528b47273e143be750ba237f71a076e8f251.zip#egg=tc_aws==6.3 \
+    --hash=sha256:866d18ffbfd5a1627ed3973757e4c282745de8f30ed85f5ce8e80ae04932f8f3 \
    # via -r requirements/thumbor.in
 thumbor==7.0.0a5 \
    --hash=sha256:5042c9c8facf0da028a22f1aee717f856d213ec037835ca0edaa0282217654bb \
@@ -271,14 +224,14 @@ tornado==6.0.4 \
    --hash=sha256:c952975c8ba74f546ae6de2e226ab3cc3cc11ae47baf607459a6728585bb542a \
    --hash=sha256:c98232a3ac391f5faea6821b53db8db461157baa788f5d6222a193e9456e1740 \
    # via thumbor
-typing-extensions==3.7.4.3 \
-    --hash=sha256:7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918 \
-    --hash=sha256:99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c \
-    --hash=sha256:dafc7639cde7f1b6e1acc0f457842a83e722ccca8eef5270af2d74792619a89f \
-    # via aiohttp, aioitertools, yarl
-urllib3==1.25.11 \
-    --hash=sha256:8d7eaa5a82a1cac232164990f04874c594c9453ec55eef02eab885aa02fc17a2 \
-    --hash=sha256:f5321fbe4bf3fefa0efd0bfe7fb14e90909eb62a48ccda331726b4319897dd5e \
+typing-extensions==3.7.4.2 \
+    --hash=sha256:6e95524d8a547a91e08f404ae485bbb71962de46967e1b71a0cb89af24e761c5 \
+    --hash=sha256:79ee589a3caca649a9bfd2a8de4709837400dfa00b6cc81962a1e6a1815969ae \
+    --hash=sha256:f8d2bd89d25bc39dabe7d23df520442fa1d8969b82544370e03d88b5a591c392 \
+    # via aiohttp, aioitertools
+urllib3==1.25.9 \
+    --hash=sha256:3018294ebefce6572a474f0604c2021e33b3fd8006ecd11d62107a5d2a963527 \
+    --hash=sha256:88206b0eb87e6d677d424843ac5209e3fb9d0190d0ee169599165ec25e9d9115 \
    # via botocore
 virtualenv-clone==0.5.4 \
    --hash=sha256:07e74418b7cc64f4fda987bf5bc71ebd59af27a7bc9e8a8ee9fd54b1f2390a27 \
@@ -288,55 +241,39 @@ webcolors==1.11.1 \
    --hash=sha256:76f360636957d1c976db7466bc71dcb713bb95ac8911944dffc55c01cb516de6 \
    --hash=sha256:b8cd5d865a25c51ff1218f0c90d0c0781fc64312a49b746b320cf50de1648f6e \
    # via thumbor
-wheel==0.35.1 \
-    --hash=sha256:497add53525d16c173c2c1c733b8f655510e909ea78cc0e29d374243544b77a2 \
-    --hash=sha256:99a22d87add3f634ff917310a3d87e499f19e663413a52eb9232c447aa646c9f \
+wheel==0.34.2 \
+    --hash=sha256:8788e9155fe14f54164c1b9eb0a319d98ef02c160725587ad60f14ddc57b6f96 \
+    --hash=sha256:df277cb51e61359aba502208d680f90c0493adec6f0e848af94948778aed386e \
    # via -r requirements/pip.in
 wrapt==1.12.1 \
    --hash=sha256:b62ffa81fb85f4332a4f609cab4ac40709470da05643a082ec1eb88e6d9b97d7 \
    # via aiobotocore
-yarl==1.6.2 \
-    --hash=sha256:03b7a44384ad60be1b7be93c2a24dc74895f8d767ea0bce15b2f6fc7695a3843 \
-    --hash=sha256:076157404db9db4bb3fa9db22db319bbb36d075eeab19ba018ce20ae0cacf037 \
-    --hash=sha256:1c05ae3d5ea4287470046a2c2754f0a4c171b84ea72c8a691f776eb1753dfb91 \
-    --hash=sha256:2467baf8233f7c64048df37e11879c553943ffe7f373e689711ec2807ea13805 \
-    --hash=sha256:2bb2e21cf062dfbe985c3cd4618bae9f25271efcad9e7be1277861247eee9839 \
-    --hash=sha256:311effab3b3828ab34f0e661bb57ff422f67d5c33056298bda4c12195251f8dd \
-    --hash=sha256:3526cb5905907f0e42bee7ef57ae4a5f02bc27dcac27859269e2bba0caa4c2b6 \
-    --hash=sha256:39b1e586f34b1d2512c9b39aa3cf24c870c972d525e36edc9ee19065db4737bb \
-    --hash=sha256:4bed5cd7c8e69551eb19df15295ba90e62b9a6a1149c76eb4a9bab194402a156 \
-    --hash=sha256:51c6d3cf7a1f1fbe134bb92f33b7affd94d6de24cd64b466eb12de52120fb8c6 \
-    --hash=sha256:59f78b5da34ddcffb663b772f7619e296518712e022e57fc5d9f921818e2ab7c \
-    --hash=sha256:6f29115b0c330da25a04f48612d75333bca04521181a666ca0b8761005a99150 \
-    --hash=sha256:73d4e1e1ef5e52d526c92f07d16329e1678612c6a81dd8101fdcae11a72de15c \
-    --hash=sha256:9b48d31f8d881713fd461abfe7acbb4dcfeb47cec3056aa83f2fbcd2244577f7 \
-    --hash=sha256:a1fd575dd058e10ad4c35065e7c3007cc74d142f622b14e168d8a273a2fa8713 \
-    --hash=sha256:b3dd1052afd436ba737e61f5d3bed1f43a7f9a33fc58fbe4226eb919a7006019 \
-    --hash=sha256:b99c25ed5c355b35d1e6dae87ac7297a4844a57dc5766b173b88b6163a36eb0d \
-    --hash=sha256:c056e86bff5a0b566e0d9fab4f67e83b12ae9cbcd250d334cbe2005bbe8c96f2 \
-    --hash=sha256:c45b49b59a5724869899798e1bbd447ac486215269511d3b76b4c235a1b766b6 \
-    --hash=sha256:cd623170c729a865037828e3f99f8ebdb22a467177a539680dfc5670b74c84e2 \
-    --hash=sha256:d25d3311794e6c71b608d7c47651c8f65eea5ab15358a27f29330b3475e8f8e5 \
-    --hash=sha256:d695439c201ed340745250f9eb4dfe8d32bf1e680c16477107b8f3ce4bff4fdb \
-    --hash=sha256:d77f6c9133d2aabb290a7846aaa74ec14d7b5ab35b01591fac5a70c4a8c959a2 \
-    --hash=sha256:d894a2442d2cd20a3b0b0dce5a353d316c57d25a2b445e03f7eac90eee27b8af \
-    --hash=sha256:db643ce2b58a4bd11a82348225c53c76ecdd82bb37cf4c085e6df1b676f4038c \
-    --hash=sha256:e3a0c43a26dfed955b2a06fdc4d51d2c51bc2200aff8ce8faf14e676ea8c8862 \
-    --hash=sha256:e77bf79ad1ccae672eab22453838382fe9029fc27c8029e84913855512a587d8 \
-    --hash=sha256:f2f0174cb15435957d3b751093f89aede77df59a499ab7516bbb633b77ead13a \
-    --hash=sha256:f3031c78edf10315abe232254e6a36b65afe65fded41ee54ed7976d0b2cdf0da \
-    --hash=sha256:f4c007156732866aa4507d619fe6f8f2748caabed4f66b276ccd97c82572620c \
-    --hash=sha256:f4f27ff3dd80bc7c402def211a47291ea123d59a23f59fe18fc0e81e3e71f385 \
-    --hash=sha256:f57744fc61e118b5d114ae8077d8eb9df4d2d2c11e2af194e21f0c11ed9dcf6c \
-    --hash=sha256:f835015a825980b65356e9520979a1564c56efea7da7d4b68a14d4a07a3a7336 \
+yarl==1.4.2 \
+    --hash=sha256:0c2ab325d33f1b824734b3ef51d4d54a54e0e7a23d13b86974507602334c2cce \
+    --hash=sha256:0ca2f395591bbd85ddd50a82eb1fde9c1066fafe888c5c7cc1d810cf03fd3cc6 \
+    --hash=sha256:2098a4b4b9d75ee352807a95cdf5f10180db903bc5b7270715c6bbe2551f64ce \
+    --hash=sha256:25e66e5e2007c7a39541ca13b559cd8ebc2ad8fe00ea94a2aad28a9b1e44e5ae \
+    --hash=sha256:26d7c90cb04dee1665282a5d1a998defc1a9e012fdca0f33396f81508f49696d \
+    --hash=sha256:308b98b0c8cd1dfef1a0311dc5e38ae8f9b58349226aa0533f15a16717ad702f \
+    --hash=sha256:3ce3d4f7c6b69c4e4f0704b32eca8123b9c58ae91af740481aa57d7857b5e41b \
+    --hash=sha256:58cd9c469eced558cd81aa3f484b2924e8897049e06889e8ff2510435b7ef74b \
+    --hash=sha256:5b10eb0e7f044cf0b035112446b26a3a2946bca9d7d7edb5e54a2ad2f6652abb \
+    --hash=sha256:6faa19d3824c21bcbfdfce5171e193c8b4ddafdf0ac3f129ccf0cdfcb083e462 \
+    --hash=sha256:944494be42fa630134bf907714d40207e646fd5a94423c90d5b514f7b0713fea \
+    --hash=sha256:a161de7e50224e8e3de6e184707476b5a989037dcb24292b391a3d66ff158e70 \
+    --hash=sha256:a4844ebb2be14768f7994f2017f70aca39d658a96c786211be5ddbe1c68794c1 \
+    --hash=sha256:c2b509ac3d4b988ae8769901c66345425e361d518aecbe4acbfc2567e416626a \
+    --hash=sha256:c9959d49a77b0e07559e579f38b2f3711c2b8716b8410b320bf9713013215a1b \
+    --hash=sha256:d8cdee92bc930d8b09d8bd2043cedd544d9c8bd7436a77678dd602467a993080 \
+    --hash=sha256:e15199cdb423316e15f108f51249e44eb156ae5dba232cb73be555324a1d49c2 \
    # via aiohttp

 # The following packages are considered to be unsafe in a requirements file:
-pip==20.2.4 \
-    --hash=sha256:51f1c7514530bd5c145d8f13ed936ad6b8bfcb8cf74e10403d0890bc986f0033 \
-    --hash=sha256:85c99a857ea0fb0aedf23833d9be5c40cf253fe24443f0829c7b472e23c364a1 \
+pip==20.1.1 \
+    --hash=sha256:27f8dc29387dd83249e06e681ce087e6061826582198a425085e0bf4c1cf3a55 \
+    --hash=sha256:b27c4dedae8c41aa59108f2fa38bf78e0890e590545bc8ece7cdceb4ba60f6e4 \
    # via -r requirements/pip.in
-setuptools==50.3.2 \
-    --hash=sha256:2c242a0856fbad7efbe560df4a7add9324f340cf48df43651e9604924466794a \
-    --hash=sha256:ed0519d27a243843b05d82a5e9d01b0b083d9934eaa3d02779a23da18077bd3c \
+setuptools==49.1.0 \
+    --hash=sha256:60351853f8c093ef57224695ee989d5d074168f6b93dae000fa9996072adaba3 \
+    --hash=sha256:daf2e1c215f805b0ddc3b4262886bb6667ae0d4563887a8374fb766adc47c324 \
    # via -r requirements/pip.in
--- a/requirements/thumbor.in
+++ b/requirements/thumbor.in
@@ -1,9 +1,6 @@
-https://github.com/kkopachev/aws/archive/b5058e6b9fec7354629acc6d5df423e0310bb0cd.zip#egg=tc_aws==6.3
+https://github.com/kkopachev/aws/archive/0d02528b47273e143be750ba237f71a076e8f251.zip#egg=tc_aws==6.3
 thumbor>=7.dev

-# Not required by Thumbor, but recommended
-pycurl
-
 # Required for just importing settings from our main django app.
 django-auth-ldap
 Django==2.2.*
--- a/requirements/thumbor.txt
+++ b/requirements/thumbor.txt
@@ -7,44 +7,23 @@
 #
 # For details, see requirements/README.md .
 #
-aiobotocore==1.1.2 \
-    --hash=sha256:457549acaf3a3d10ad8a6256ec5b791ea885e4d2fa11783d22bb8f411a058141 \
-    --hash=sha256:54b23e3ac82955caa90ea320301255a4c738ff0a827599f57129e3f1d883c9ba \
+aiobotocore==1.0.7 \
+    --hash=sha256:9589d812714a5b78f0b8249916c17374e507dd7edfd5038a85cd6f25028506f3 \
+    --hash=sha256:d3183a22a376a97ed0a739854408fcf4ee9f24a629b38f84451b7e2111622ae3 \
    # via tc-aws
-aiohttp==3.7.2 \
-    --hash=sha256:027be45c4b37e21be81d07ae5242361d73eebad1562c033f80032f955f34df82 \
-    --hash=sha256:06efdb01ab71ec20786b592d510d1d354fbe0b2e4449ee47067b9ca65d45a006 \
-    --hash=sha256:0989ff15834a4503056d103077ec3652f9ea5699835e1ceaee46b91cf59830bf \
-    --hash=sha256:11e087c316e933f1f52f3d4a09ce13f15ad966fc43df47f44ca4e8067b6a2e0d \
-    --hash=sha256:184ead67248274f0e20b0cd6bb5f25209b2fad56e5373101cc0137c32c825c87 \
-    --hash=sha256:1c36b7ef47cfbc150314c2204cd73613d96d6d0982d41c7679b7cdcf43c0e979 \
-    --hash=sha256:2aea79734ac5ceeac1ec22b4af4efb4efd6a5ca3d73d77ec74ed782cf318f238 \
-    --hash=sha256:2e886611b100c8c93b753b457e645c5e4b8008ec443434d2a480e5a2bb3e6514 \
-    --hash=sha256:476b1f8216e59a3c2ffb71b8d7e1da60304da19f6000d422bacc371abb0fc43d \
-    --hash=sha256:48104c883099c0e614c5c38f98c1d174a2c68f52f58b2a6e5a07b59df78262ab \
-    --hash=sha256:4afd8002d9238e5e93acf1a8baa38b3ddf1f7f0ebef174374131ff0c6c2d7973 \
-    --hash=sha256:547b196a7177511da4f475fc81d0bb88a51a8d535c7444bbf2338b6dc82cb996 \
-    --hash=sha256:67f8564c534d75c1d613186939cee45a124d7d37e7aece83b17d18af665b0d7a \
-    --hash=sha256:6e0d1231a626d07b23f6fe904caa44efb249da4222d8a16ab039fb2348722292 \
-    --hash=sha256:7e26712871ebaf55497a60f55483dc5e74326d1fb0bfceab86ebaeaa3a266733 \
-    --hash=sha256:7f1aeb72f14b9254296cdefa029c00d3c4550a26e1059084f2ee10d22086c2d0 \
-    --hash=sha256:8319a55de469d5af3517dfe1f6a77f248f6668c5a552396635ef900f058882ef \
-    --hash=sha256:835bd35e14e4f36414e47c195e6645449a0a1c3fd5eeae4b7f22cb4c5e4f503a \
-    --hash=sha256:89c1aa729953b5ac6ca3c82dcbd83e7cdecfa5cf9792c78c154a642e6e29303d \
-    --hash=sha256:8a8addd41320637c1445fea0bae1fd9fe4888acc2cd79217ee33e5d1c83cfe01 \
-    --hash=sha256:8fbeeb2296bb9fe16071a674eadade7391be785ae0049610e64b60ead6abcdd7 \
-    --hash=sha256:a1f1cc11c9856bfa7f1ca55002c39070bde2a97ce48ef631468e99e2ac8e3fe6 \
-    --hash=sha256:ad5c3559e3cd64f746df43fa498038c91aa14f5d7615941ea5b106e435f3b892 \
-    --hash=sha256:b822bf7b764283b5015e3c49b7bb93f37fc03545f4abe26383771c6b1c813436 \
-    --hash=sha256:b84cef790cb93cec82a468b7d2447bf16e3056d2237b652e80f57d653b61da88 \
-    --hash=sha256:be9fa3fe94fc95e9bf84e84117a577c892906dd3cb0a95a7ae21e12a84777567 \
-    --hash=sha256:c53f1d2bd48f5f407b534732f5b3c6b800a58e70b53808637848d8a9ee127fe7 \
-    --hash=sha256:c588a0f824dc7158be9eec1ff465d1c868ad69a4dc518cd098cc11e4f7da09d9 \
-    --hash=sha256:c6da1af59841e6d43255d386a2c4bfb59c0a3b262bdb24325cc969d211be6070 \
-    --hash=sha256:c9a415f4f2764ab6c7d63ee6b86f02a46b4df9bc11b0de7ffef206908b7bf0b4 \
-    --hash=sha256:cdbb65c361ff790c424365a83a496fc8dd1983689a5fb7c6852a9a3ff1710c61 \
-    --hash=sha256:f04dcbf6af1868048a9b4754b1684c669252aa2419aa67266efbcaaead42ced7 \
-    --hash=sha256:f8c583c31c6e790dc003d9d574e3ed2c5b337947722965096c4d684e4f183570 \
+aiohttp==3.6.2 \
+    --hash=sha256:1e984191d1ec186881ffaed4581092ba04f7c61582a177b187d3a2f07ed9719e \
+    --hash=sha256:259ab809ff0727d0e834ac5e8a283dc5e3e0ecc30c4d80b3cd17a4139ce1f326 \
+    --hash=sha256:2f4d1a4fdce595c947162333353d4a44952a724fba9ca3205a3df99a33d1307a \
+    --hash=sha256:32e5f3b7e511aa850829fbe5aa32eb455e5534eaa4b1ce93231d00e2f76e5654 \
+    --hash=sha256:344c780466b73095a72c616fac5ea9c4665add7fc129f285fbdbca3cccf4612a \
+    --hash=sha256:460bd4237d2dbecc3b5ed57e122992f60188afe46e7319116da5eb8a9dfedba4 \
+    --hash=sha256:4c6efd824d44ae697814a2a85604d8e992b875462c6655da161ff18fd4f29f17 \
+    --hash=sha256:50aaad128e6ac62e7bf7bd1f0c0a24bc968a0c0590a726d5a955af193544bcec \
+    --hash=sha256:6206a135d072f88da3e71cc501c59d5abffa9d0bb43269a6dcd28d66bfafdbdd \
+    --hash=sha256:65f31b622af739a802ca6fd1a3076fd0ae523f8485c52924a89561ba10c49b48 \
+    --hash=sha256:ae55bac364c405caa23a4f2d6cfecc6a0daada500274ffca4a9230e7129eac59 \
+    --hash=sha256:b778ce0c909a2653741cb4b1ac7015b5c130ab9c897611df43ae6a58523cb965 \
    # via aiobotocore
 aioitertools==0.7.0 \
    --hash=sha256:341cb05a0903177ef1b73d4cc12c92aee18e81c364e0138f4efc7ec3c47b8177 \
@@ -54,13 +33,13 @@ async-timeout==3.0.1 \
    --hash=sha256:0c3c816a028d47f659d6ff5c745cb2acf1f966da1fe5c19c77a70282b25f4c5f \
    --hash=sha256:4291ca197d287d274d0b6cb5d6f8f8f82d434ed288f962539ff18cc9012f9ea3 \
    # via aiohttp
-attrs==20.2.0 \
-    --hash=sha256:26b54ddbbb9ee1d34d5d3668dd37d6cf74990ab23c828c2888dccdceee395594 \
-    --hash=sha256:fce7fc47dfc976152e82d53ff92fa0407700c21acd20886a13777a0d20e655dc \
+attrs==19.3.0 \
+    --hash=sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c \
+    --hash=sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72 \
    # via aiohttp
-botocore==1.17.44 \
-    --hash=sha256:1b46ffe1d13922066c873323186cbf97e77c137e08e27039d9d684552ccc4892 \
-    --hash=sha256:1f6175bf59ffa068055b65f7d703eb1f748c338594a40dfdc645a6130280d8bb \
+botocore==1.15.32 \
+    --hash=sha256:3ea89601ee452b65084005278bd832be854cfde5166685dcb14b6c8f19d3fc6d \
+    --hash=sha256:a963af564d94107787ff3d2c534e8b7aed7f12e014cdd609f8fcb17bf9d9b19a \
    # via aiobotocore
 chardet==3.0.4 \
    --hash=sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae \
@@ -77,9 +56,9 @@ django-auth-ldap==2.2.0 \
    --hash=sha256:0ed2d88d81c39be915a9ab53b97ec0a33a3d16055518ab4c9bcffe8236d40370 \
    --hash=sha256:11af1773b08613339d2c3a0cec1308a4d563518f17b1719c3759994d0b4d04bf \
    # via -r requirements/thumbor.in
-django==2.2.16 \
-    --hash=sha256:62cf45e5ee425c52e411c0742e641a6588b7e8af0d2c274a27940931b2786594 \
-    --hash=sha256:83ced795a0f239f41d8ecabf51cc5fad4b97462a6008dc12e5af3cb9288724ec \
+django==2.2.14 \
+    --hash=sha256:edf0ecf6657713b0435b6757e6069466925cae70d634a3283c96b80c01e06191 \
+    --hash=sha256:f2250bd35d0f6c23e930c544629934144e5dd39a4c06092e1050c731c1712ba8 \
    # via -r requirements/thumbor.in, django-auth-ldap
 docutils==0.15.2 \
    --hash=sha256:6c4f696463b79f1fb8ba0c594b63840ebd41f059e92b31957c46b74a4599b6d0 \
@@ -101,94 +80,73 @@ libthumbor==2.0.1 \
    --hash=sha256:3c4e1a59c019d22f868d225315c06f97fad30fb5e78112d6a230b978e7d24e38 \
    --hash=sha256:ed4fe5f27f8f90e7285b7e6dce99c1b67d43a140bf370e989080b43d80ce25f0 \
    # via thumbor
-multidict==5.0.0 \
-    --hash=sha256:02b2ea2bb1277a970d238c5c783023790ca94d386c657aeeb165259950951cc6 \
-    --hash=sha256:0ce1d956ecbf112d49915ebc2f29c03e35fe451fb5e9f491edf9a2f4395ee0af \
-    --hash=sha256:0ffdb4b897b15df798c0a5939a0323ccf703f2bae551dfab4eb1af7fbab38ead \
-    --hash=sha256:11dcf2366da487d5b9de1d4b2055308c7ed9bde1a52973d07a89b42252af9ebe \
-    --hash=sha256:167bd8e6351b57525bbf2d524ca5a133834699a2fcb090aad0c330c6017f3f3e \
-    --hash=sha256:1b324444299c3a49b601b1bf621fc21704e29066f6ac2b7d7e4034a4a18662a1 \
-    --hash=sha256:20eaf1c279c543e07c164e4ac02151488829177da06607efa7ccfecd71b21e79 \
-    --hash=sha256:2739d1d9237835122b27d88990849ecf41ef670e0fcb876159edd236ca9ef40f \
-    --hash=sha256:28b5913e5b6fef273e5d4230b61f33c8a51c3ce5f44a88582dee6b5ca5c9977b \
-    --hash=sha256:2b0cfc33f53e5c8226f7d7c4e126fa0780f970ef1e96f7c6353da7d01eafe490 \
-    --hash=sha256:32f0a904859a6274d7edcbb01752c8ae9c633fb7d1c131771ff5afd32eceee42 \
-    --hash=sha256:39713fa2c687e0d0e709ad751a8a709ac051fcdc7f2048f6fd09365dd03c83eb \
-    --hash=sha256:4ef76ce695da72e176f6a51867afb3bf300ce16ba2597824caaef625af5906a9 \
-    --hash=sha256:5263359a03368985b5296b7a73363d761a269848081879ba04a6e4bfd0cf4a78 \
-    --hash=sha256:52b5b51281d760197ce3db063c166fdb626e01c8e428a325aa37198ce31c9565 \
-    --hash=sha256:5dd303b545b62f9d2b14f99fbdb84c109a20e64a57f6a192fe6aebcb6263b59d \
-    --hash=sha256:60af726c19a899ed49bbb276e062f08b80222cb6b9feda44b59a128b5ff52966 \
-    --hash=sha256:60b12d14bc122ba2dae1e4460a891b3a96e73d815b4365675f6ec0a1725416a5 \
-    --hash=sha256:620c39b1270b68e194023ad471b6a54bdb517bb48515939c9829b56c783504a3 \
-    --hash=sha256:62f6e66931fb87e9016e7c1cc806ab4f3e39392fd502362df3cac888078b27cb \
-    --hash=sha256:711289412b78cf41a21457f4c806890466013d62bf4296bd3d71fad73ff8a581 \
-    --hash=sha256:7561a804093ea4c879e06b5d3d18a64a0bc21004bade3540a4b31342b528d326 \
-    --hash=sha256:786ad04ad954afe9927a1b3049aa58722e182160fe2fcac7ad7f35c93595d4f6 \
-    --hash=sha256:79dc3e6e7ce853fb7ed17c134e01fcb0d0c826b33201aa2a910fb27ed75c2eb9 \
-    --hash=sha256:84e4943d8725659942e7401bdf31780acde9cfdaf6fe977ff1449fffafcd93a9 \
-    --hash=sha256:932964cf57c0e59d1f3fb63ff342440cf8aaa75bf0dbcbad902c084024975380 \
-    --hash=sha256:a5eca9ee72b372199c2b76672145e47d3c829889eefa2037b1f3018f54e5f67d \
-    --hash=sha256:aad240c1429e386af38a2d6761032f0bec5177fed7c5f582c835c99fff135b5c \
-    --hash=sha256:bbec545b8f82536bc50afa9abce832176ed250aa22bfff3e20b3463fb90b0b35 \
-    --hash=sha256:c339b7d73c0ea5c551025617bb8aa1c00a0111187b6545f48836343e6cfbe6a0 \
-    --hash=sha256:c692087913e12b801a759e25a626c3d311f416252dfba2ecdfd254583427949f \
-    --hash=sha256:cda06c99cd6f4a36571bb38e560a6fcfb1f136521e57f612e0bc31957b1cd4bd \
-    --hash=sha256:ec8bc0ab00c76c4260a201eaa58812ea8b1b7fde0ecf5f9c9365a182bd4691ed \
+multidict==4.7.6 \
+    --hash=sha256:1ece5a3369835c20ed57adadc663400b5525904e53bae59ec854a5d36b39b21a \
+    --hash=sha256:275ca32383bc5d1894b6975bb4ca6a7ff16ab76fa622967625baeebcf8079000 \
+    --hash=sha256:3750f2205b800aac4bb03b5ae48025a64e474d2c6cc79547988ba1d4122a09e2 \
+    --hash=sha256:4538273208e7294b2659b1602490f4ed3ab1c8cf9dbdd817e0e9db8e64be2507 \
+    --hash=sha256:5141c13374e6b25fe6bf092052ab55c0c03d21bd66c94a0e3ae371d3e4d865a5 \
+    --hash=sha256:51a4d210404ac61d32dada00a50ea7ba412e6ea945bbe992e4d7a595276d2ec7 \
+    --hash=sha256:5cf311a0f5ef80fe73e4f4c0f0998ec08f954a6ec72b746f3c179e37de1d210d \
+    --hash=sha256:6513728873f4326999429a8b00fc7ceddb2509b01d5fd3f3be7881a257b8d463 \
+    --hash=sha256:7388d2ef3c55a8ba80da62ecfafa06a1c097c18032a501ffd4cabbc52d7f2b19 \
+    --hash=sha256:9456e90649005ad40558f4cf51dbb842e32807df75146c6d940b6f5abb4a78f3 \
+    --hash=sha256:c026fe9a05130e44157b98fea3ab12969e5b60691a276150db9eda71710cd10b \
+    --hash=sha256:d14842362ed4cf63751648e7672f7174c9818459d169231d03c56e84daf90b7c \
+    --hash=sha256:e0d072ae0f2a179c375f67e3da300b47e1a83293c554450b29c900e50afaae87 \
+    --hash=sha256:f07acae137b71af3bb548bd8da720956a3bc9f9a0b87733e0899226a2317aeb7 \
+    --hash=sha256:fbb77a75e529021e7c4a8d4e823d88ef4d23674a202be4f5addffc72cbb91430 \
+    --hash=sha256:fcfbb44c59af3f8ea984de67ec7c306f618a3ec771c2843804069917a8f2e255 \
+    --hash=sha256:feed85993dbdb1dbc29102f50bca65bdc68f2c0c8d352468c25b54874f23c39d \
    # via aiohttp, yarl
-numpy==1.19.3 \
-    --hash=sha256:0ee77786eebbfa37f2141fd106b549d37c89207a0d01d8852fde1c82e9bfc0e7 \
-    --hash=sha256:199bebc296bd8a5fc31c16f256ac873dd4d5b4928dfd50e6c4995570fc71a8f3 \
-    --hash=sha256:1a307bdd3dd444b1d0daa356b5f4c7de2e24d63bdc33ea13ff718b8ec4c6a268 \
-    --hash=sha256:1ea7e859f16e72ab81ef20aae69216cfea870676347510da9244805ff9670170 \
-    --hash=sha256:271139653e8b7a046d11a78c0d33bafbddd5c443a5b9119618d0652a4eb3a09f \
-    --hash=sha256:35bf5316af8dc7c7db1ad45bec603e5fb28671beb98ebd1d65e8059efcfd3b72 \
-    --hash=sha256:463792a249a81b9eb2b63676347f996d3f0082c2666fd0604f4180d2e5445996 \
-    --hash=sha256:50d3513469acf5b2c0406e822d3f314d7ac5788c2b438c24e5dd54d5a81ef522 \
-    --hash=sha256:50f68ebc439821b826823a8da6caa79cd080dee2a6d5ab9f1163465a060495ed \
-    --hash=sha256:51e8d2ae7c7e985c7bebf218e56f72fa93c900ad0c8a7d9fbbbf362f45710f69 \
-    --hash=sha256:522053b731e11329dd52d258ddf7de5288cae7418b55e4b7d32f0b7e31787e9d \
-    --hash=sha256:5ea4401ada0d3988c263df85feb33818dc995abc85b8125f6ccb762009e7bc68 \
-    --hash=sha256:604d2e5a31482a3ad2c88206efd43d6fcf666ada1f3188fd779b4917e49b7a98 \
-    --hash=sha256:6ff88bcf1872b79002569c63fe26cd2cda614e573c553c4d5b814fb5eb3d2822 \
-    --hash=sha256:7197ee0a25629ed782c7bd01871ee40702ffeef35bc48004bc2fdcc71e29ba9d \
-    --hash=sha256:741d95eb2b505bb7a99fbf4be05fa69f466e240c2b4f2d3ddead4f1b5f82a5a5 \
-    --hash=sha256:83af653bb92d1e248ccf5fdb05ccc934c14b936bcfe9b917dc180d3f00250ac6 \
-    --hash=sha256:8802d23e4895e0c65e418abe67cdf518aa5cbb976d97f42fd591f921d6dffad0 \
-    --hash=sha256:8edc4d687a74d0a5f8b9b26532e860f4f85f56c400b3a98899fc44acb5e27add \
-    --hash=sha256:942d2cdcb362739908c26ce8dd88db6e139d3fa829dd7452dd9ff02cba6b58b2 \
-    --hash=sha256:9a0669787ba8c9d3bb5de5d9429208882fb47764aa79123af25c5edc4f5966b9 \
-    --hash=sha256:9d08d84bb4128abb9fbd9f073e5c69f70e5dab991a9c42e5b4081ea5b01b5db0 \
-    --hash=sha256:9f7f56b5e85b08774939622b7d45a5d00ff511466522c44fc0756ac7692c00f2 \
-    --hash=sha256:a2daea1cba83210c620e359de2861316f49cc7aea8e9a6979d6cb2ddab6dda8c \
-    --hash=sha256:b9074d062d30c2779d8af587924f178a539edde5285d961d2dfbecbac9c4c931 \
-    --hash=sha256:c4aa79993f5d856765819a3651117520e41ac3f89c3fc1cb6dee11aa562df6da \
-    --hash=sha256:d78294f1c20f366cde8a75167f822538a7252b6e8b9d6dbfb3bdab34e7c1929e \
-    --hash=sha256:dfdc8b53aa9838b9d44ed785431ca47aa3efaa51d0d5dd9c412ab5247151a7c4 \
-    --hash=sha256:dffed17848e8b968d8d3692604e61881aa6ef1f8074c99e81647ac84f6038535 \
-    --hash=sha256:e080087148fd70469aade2abfeadee194357defd759f9b59b349c6192aba994c \
-    --hash=sha256:e983cbabe10a8989333684c98fdc5dd2f28b236216981e0c26ed359aaa676772 \
-    --hash=sha256:ea6171d2d8d648dee717457d0f75db49ad8c2f13100680e284d7becf3dc311a6 \
-    --hash=sha256:eefc13863bf01583a85e8c1121a901cc7cb8f059b960c4eba30901e2e6aba95f \
-    --hash=sha256:efd656893171bbf1331beca4ec9f2e74358fc732a2084f664fd149cc4b3441d2 \
+numpy==1.19.0 \
+    --hash=sha256:13af0184177469192d80db9bd02619f6fa8b922f9f327e077d6f2a6acb1ce1c0 \
+    --hash=sha256:26a45798ca2a4e168d00de75d4a524abf5907949231512f372b217ede3429e98 \
+    --hash=sha256:26f509450db547e4dfa3ec739419b31edad646d21fb8d0ed0734188b35ff6b27 \
+    --hash=sha256:30a59fb41bb6b8c465ab50d60a1b298d1cd7b85274e71f38af5a75d6c475d2d2 \
+    --hash=sha256:33c623ef9ca5e19e05991f127c1be5aeb1ab5cdf30cb1c5cf3960752e58b599b \
+    --hash=sha256:356f96c9fbec59974a592452ab6a036cd6f180822a60b529a975c9467fcd5f23 \
+    --hash=sha256:3c40c827d36c6d1c3cf413694d7dc843d50997ebffbc7c87d888a203ed6403a7 \
+    --hash=sha256:4d054f013a1983551254e2379385e359884e5af105e3efe00418977d02f634a7 \
+    --hash=sha256:63d971bb211ad3ca37b2adecdd5365f40f3b741a455beecba70fd0dde8b2a4cb \
+    --hash=sha256:658624a11f6e1c252b2cd170d94bf28c8f9410acab9f2fd4369e11e1cd4e1aaf \
+    --hash=sha256:76766cc80d6128750075378d3bb7812cf146415bd29b588616f72c943c00d598 \
+    --hash=sha256:7b57f26e5e6ee2f14f960db46bd58ffdca25ca06dd997729b1b179fddd35f5a3 \
+    --hash=sha256:7b852817800eb02e109ae4a9cef2beda8dd50d98b76b6cfb7b5c0099d27b52d4 \
+    --hash=sha256:8cde829f14bd38f6da7b2954be0f2837043e8b8d7a9110ec5e318ae6bf706610 \
+    --hash=sha256:a2e3a39f43f0ce95204beb8fe0831199542ccab1e0c6e486a0b4947256215632 \
+    --hash=sha256:a86c962e211f37edd61d6e11bb4df7eddc4a519a38a856e20a6498c319efa6b0 \
+    --hash=sha256:a8705c5073fe3fcc297fb8e0b31aa794e05af6a329e81b7ca4ffecab7f2b95ef \
+    --hash=sha256:b6aaeadf1e4866ca0fdf7bb4eed25e521ae21a7947c59f78154b24fc7abbe1dd \
+    --hash=sha256:be62aeff8f2f054eff7725f502f6228298891fd648dc2630e03e44bf63e8cee0 \
+    --hash=sha256:c2edbb783c841e36ca0fa159f0ae97a88ce8137fb3a6cd82eae77349ba4b607b \
+    --hash=sha256:cbe326f6d364375a8e5a8ccb7e9cd73f4b2f6dc3b2ed205633a0db8243e2a96a \
+    --hash=sha256:d34fbb98ad0d6b563b95de852a284074514331e6b9da0a9fc894fb1cdae7a79e \
+    --hash=sha256:d97a86937cf9970453c3b62abb55a6475f173347b4cde7f8dcdb48c8e1b9952d \
+    --hash=sha256:dd53d7c4a69e766e4900f29db5872f5824a06827d594427cf1a4aa542818b796 \
+    --hash=sha256:df1889701e2dfd8ba4dc9b1a010f0a60950077fb5242bb92c8b5c7f1a6f2668a \
+    --hash=sha256:fa1fe75b4a9e18b66ae7f0b122543c42debcf800aaafa0212aaff3ad273c2596 \
    # via opencv-python-headless
-opencv-python-headless==4.4.0.44 \
-    --hash=sha256:01e54dd61fc849f2c4dea9eb62e056f4332612616fc4d0576cb5a9096ae5818b \
-    --hash=sha256:0896413b35b4b64acae42b84f740a458e0520d51f806946adf185e710a2ab300 \
-    --hash=sha256:0c6ab08883e4f026c863a9d785f1ab7546bf2620d873d30fbedebf8e607d8ffc \
-    --hash=sha256:19cd76fcf886033a08556e203c49fdc4bfb4a95325f0b2d18562e6411f7bd475 \
-    --hash=sha256:4bc859120ce9271669cd5e7a01ac2a479b6f21e81900f1b7325d266c6e3a0e5f \
-    --hash=sha256:4ef242b8923c693ad6b2e0ae7023582ebd983e6d487771639d0e9550e01fd120 \
-    --hash=sha256:54dd417aba4bfcc2a6a2110bb6e6fed8a0f8eef2d432f86a1739cfa3e6d6caea \
-    --hash=sha256:6003e57e9824a9f098d85ae833268f51356c6f23ea4669dd3ee2092bcbd2c800 \
-    --hash=sha256:6d3d2efeedd13f452d59caf84f4eb507edf1763edb8e79de2e9aa47c05713b25 \
-    --hash=sha256:6eefcacfb9b2da305277e1a93c7bf074dcd10b7aa154a0c963ded08fc0ffc02e \
-    --hash=sha256:93f251c28739d8e8ade8898ddcbd75dcec60f779d9534644c568e7e65e2b76de \
-    --hash=sha256:9fe62a18ddf18d80271f67c36b019044b33941c11aa2c13ba549c3142bdc3a50 \
-    --hash=sha256:a70c4d986c90d76514098af979344f7f3eeea694beb44ecdebf6a29e3d0c3774 \
-    --hash=sha256:aa8cb3fe425b637879026661c53985fcabb3c1184bb6c17e2c1257e893b2e4c9 \
-    --hash=sha256:b5d38a1100fdf1992170a3190176c3b99321f0e96e32a383f3b60b852e3f599f \
-    --hash=sha256:b9ac818c9b000389cfc6892c3109dd98d1eab63a6038084c6f8a560c8a696f17 \
+opencv-python-headless==4.3.0.36 \
+    --hash=sha256:065c6fc2efc61ebc3dd7de7774895e200b2c050d4e8b499cee717a9db526880e \
+    --hash=sha256:103c705540603f349e714edff93606c66d0e0a6a36d22aca8f4c2a3f8f25823c \
+    --hash=sha256:1b1dcdd4ccf4b71767add0b674f876aad666395471ccdce5455209329f036109 \
+    --hash=sha256:271d7de7655f8d3a55100565b486d9f63da7465722e7a7ab834c853a2ee67b6e \
+    --hash=sha256:2f71a14ccd109948f9c4c1761794e3512e7eff1e3b893619de6443467cec9052 \
+    --hash=sha256:325fc39fcee0d07df07b409cefe3868086ed60f7286798c32765dce393c6951d \
+    --hash=sha256:3cf602a40750cbab284cb9d6f508d9110a3c79d4e18a261cb09957e2ca6f07d6 \
+    --hash=sha256:3d8b3e2b2dc5796cc1f34a6bd5e43d646818843a14554be55bb9e92dcb78ada0 \
+    --hash=sha256:4b303ae6b207ed79071e2ab930a0f39d7e97bc176b730d552accdf7d0ea8ef5a \
+    --hash=sha256:5fabfc789d6b8cffbb01f4e224d3583cce12666bbebafa15e8bca69111a21153 \
+    --hash=sha256:653459f61b44f1d7f20ce36c6112925b351e2abadb4be6f3007440b237bafffd \
+    --hash=sha256:8c496eb24af0ff16844f5b12fcbb28469151822fe19ece7b6cf66279c451981d \
+    --hash=sha256:9b0e9fa11f203c39a51044471f01d5db0dd493b13e6da209cc8945b12e6eef9e \
+    --hash=sha256:baaeef03220c48430768503af990b3ca5582a3c1a1bf03519db122e2ddcd78a3 \
+    --hash=sha256:d269133ebfe8c99b7abe096358c0644212103b4806ae6e8ef5149d4e0d5edb36 \
+    --hash=sha256:e204a75a00bee4c10875a94ccc8e102d9ab7e1259cc0f4ddf64cee777da6bbc9 \
+    --hash=sha256:e217bbbbb7dc06d77c799edac196f2f706601f4f6a8b2d44ae25eda4cda23e08 \
+    --hash=sha256:f5a29918dd8d8c3f4d7710a324fd3c733a91ad269c4863b32b920cb90801e22b \
+    --hash=sha256:fe28cfc3b6285f7e92905c53d42426f4f03e7af134712061329333e8fb8ea3d6 \
    # via thumbor
 pillow==7.2.0 \
    --hash=sha256:0295442429645fa16d05bd567ef5cff178482439c9aad0411d3f0ce9b88b3a6f \
@@ -208,13 +166,11 @@ pillow==7.2.0 \
    --hash=sha256:94cf49723928eb6070a892cb39d6c156f7b5a2db4e8971cb958f7b6b104fb4c4 \
    --hash=sha256:97f9e7953a77d5a70f49b9a48da7776dc51e9b738151b22dacf101641594a626 \
    --hash=sha256:9ad7f865eebde135d526bb3163d0b23ffff365cf87e767c649550964ad72785d \
-    --hash=sha256:9c87ef410a58dd54b92424ffd7e28fd2ec65d2f7fc02b76f5e9b2067e355ebf6 \
    --hash=sha256:a060cf8aa332052df2158e5a119303965be92c3da6f2d93b6878f0ebca80b2f6 \
    --hash=sha256:c79f9c5fb846285f943aafeafda3358992d64f0ef58566e23484132ecd8d7d63 \
    --hash=sha256:c92302a33138409e8f1ad16731568c55c9053eee71bb05b6b744067e1b62380f \
    --hash=sha256:d08b23fdb388c0715990cbc06866db554e1822c4bdcf6d4166cf30ac82df8c41 \
    --hash=sha256:d350f0f2c2421e65fbc62690f26b59b0bcda1b614beb318c81e38647e0f673a1 \
-    --hash=sha256:e901964262a56d9ea3c2693df68bc9860b8bdda2b04768821e4c44ae797de117 \
    --hash=sha256:ec29604081f10f16a7aea809ad42e27764188fc258b02259a03a8ff7ded3808d \
    --hash=sha256:edf31f1150778abd4322444c393ab9c7bd2af271dd4dafb4208fb613b1f3cdc9 \
    --hash=sha256:f7e30c27477dffc3e85c2463b3e649f751789e0f6c8456099eea7ddd53be4a8a \
@@ -228,9 +184,6 @@ pyasn1==0.4.8 \
    --hash=sha256:39c7e2ec30515947ff4e87fb6f456dfc6e84857d34be479c9d4a4ba4bf46aa5d \
    --hash=sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba \
    # via pyasn1-modules, python-ldap
-pycurl==7.43.0.6 \
-    --hash=sha256:8301518689daefa53726b59ded6b48f33751c383cf987b0ccfbbc4ed40281325 \
-    # via -r requirements/thumbor.in
 python-dateutil==2.8.1 \
    --hash=sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c \
    --hash=sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a \
@@ -246,16 +199,16 @@ six==1.15.0 \
    --hash=sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259 \
    --hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced \
    # via derpconf, libthumbor, python-dateutil
-sqlparse==0.4.1 \
-    --hash=sha256:017cde379adbd6a1f15a61873f43e8274179378e95ef3fede90b5aa64d304ed0 \
-    --hash=sha256:0f91fd2e829c44362cbcfab3e9ae12e22badaa8a29ad5ff599f9ec109f0454e8 \
+sqlparse==0.3.1 \
+    --hash=sha256:022fb9c87b524d1f7862b3037e541f68597a730a8843245c349fc93e1643dc4e \
+    --hash=sha256:e162203737712307dfe78860cc56c8da8a852ab2ee33750e33aeadf38d12c548 \
    # via django
 statsd==3.3.0 \
    --hash=sha256:c610fb80347fca0ef62666d241bce64184bd7cc1efe582f9690e045c25535eaa \
    --hash=sha256:e3e6db4c246f7c59003e51c9720a51a7f39a396541cb9b147ff4b14d15b5dd1f \
    # via thumbor
-https://github.com/kkopachev/aws/archive/b5058e6b9fec7354629acc6d5df423e0310bb0cd.zip#egg=tc_aws==6.3 \
-    --hash=sha256:8a28437b0dfab88c89f280a2d6ec55a6abfa3e26d495dc15e1b3f38744e27f0c \
+https://github.com/kkopachev/aws/archive/0d02528b47273e143be750ba237f71a076e8f251.zip#egg=tc_aws==6.3 \
+    --hash=sha256:866d18ffbfd5a1627ed3973757e4c282745de8f30ed85f5ce8e80ae04932f8f3 \
    # via -r requirements/thumbor.in
 thumbor==7.0.0a5 \
    --hash=sha256:5042c9c8facf0da028a22f1aee717f856d213ec037835ca0edaa0282217654bb \
@@ -271,14 +224,14 @@ tornado==6.0.4 \
    --hash=sha256:c952975c8ba74f546ae6de2e226ab3cc3cc11ae47baf607459a6728585bb542a \
    --hash=sha256:c98232a3ac391f5faea6821b53db8db461157baa788f5d6222a193e9456e1740 \
    # via thumbor
-typing-extensions==3.7.4.3 \
-    --hash=sha256:7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918 \
-    --hash=sha256:99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c \
-    --hash=sha256:dafc7639cde7f1b6e1acc0f457842a83e722ccca8eef5270af2d74792619a89f \
-    # via aiohttp, aioitertools, yarl
-urllib3==1.25.11 \
-    --hash=sha256:8d7eaa5a82a1cac232164990f04874c594c9453ec55eef02eab885aa02fc17a2 \
-    --hash=sha256:f5321fbe4bf3fefa0efd0bfe7fb14e90909eb62a48ccda331726b4319897dd5e \
+typing-extensions==3.7.4.2 \
+    --hash=sha256:6e95524d8a547a91e08f404ae485bbb71962de46967e1b71a0cb89af24e761c5 \
+    --hash=sha256:79ee589a3caca649a9bfd2a8de4709837400dfa00b6cc81962a1e6a1815969ae \
+    --hash=sha256:f8d2bd89d25bc39dabe7d23df520442fa1d8969b82544370e03d88b5a591c392 \
+    # via aiohttp, aioitertools
+urllib3==1.25.9 \
+    --hash=sha256:3018294ebefce6572a474f0604c2021e33b3fd8006ecd11d62107a5d2a963527 \
+    --hash=sha256:88206b0eb87e6d677d424843ac5209e3fb9d0190d0ee169599165ec25e9d9115 \
    # via botocore
 virtualenv-clone==0.5.4 \
    --hash=sha256:07e74418b7cc64f4fda987bf5bc71ebd59af27a7bc9e8a8ee9fd54b1f2390a27 \
@@ -291,38 +244,22 @@ webcolors==1.11.1 \
 wrapt==1.12.1 \
    --hash=sha256:b62ffa81fb85f4332a4f609cab4ac40709470da05643a082ec1eb88e6d9b97d7 \
    # via aiobotocore
-yarl==1.6.2 \
-    --hash=sha256:03b7a44384ad60be1b7be93c2a24dc74895f8d767ea0bce15b2f6fc7695a3843 \
-    --hash=sha256:076157404db9db4bb3fa9db22db319bbb36d075eeab19ba018ce20ae0cacf037 \
-    --hash=sha256:1c05ae3d5ea4287470046a2c2754f0a4c171b84ea72c8a691f776eb1753dfb91 \
-    --hash=sha256:2467baf8233f7c64048df37e11879c553943ffe7f373e689711ec2807ea13805 \
-    --hash=sha256:2bb2e21cf062dfbe985c3cd4618bae9f25271efcad9e7be1277861247eee9839 \
-    --hash=sha256:311effab3b3828ab34f0e661bb57ff422f67d5c33056298bda4c12195251f8dd \
-    --hash=sha256:3526cb5905907f0e42bee7ef57ae4a5f02bc27dcac27859269e2bba0caa4c2b6 \
-    --hash=sha256:39b1e586f34b1d2512c9b39aa3cf24c870c972d525e36edc9ee19065db4737bb \
-    --hash=sha256:4bed5cd7c8e69551eb19df15295ba90e62b9a6a1149c76eb4a9bab194402a156 \
-    --hash=sha256:51c6d3cf7a1f1fbe134bb92f33b7affd94d6de24cd64b466eb12de52120fb8c6 \
-    --hash=sha256:59f78b5da34ddcffb663b772f7619e296518712e022e57fc5d9f921818e2ab7c \
-    --hash=sha256:6f29115b0c330da25a04f48612d75333bca04521181a666ca0b8761005a99150 \
-    --hash=sha256:73d4e1e1ef5e52d526c92f07d16329e1678612c6a81dd8101fdcae11a72de15c \
-    --hash=sha256:9b48d31f8d881713fd461abfe7acbb4dcfeb47cec3056aa83f2fbcd2244577f7 \
-    --hash=sha256:a1fd575dd058e10ad4c35065e7c3007cc74d142f622b14e168d8a273a2fa8713 \
-    --hash=sha256:b3dd1052afd436ba737e61f5d3bed1f43a7f9a33fc58fbe4226eb919a7006019 \
-    --hash=sha256:b99c25ed5c355b35d1e6dae87ac7297a4844a57dc5766b173b88b6163a36eb0d \
-    --hash=sha256:c056e86bff5a0b566e0d9fab4f67e83b12ae9cbcd250d334cbe2005bbe8c96f2 \
-    --hash=sha256:c45b49b59a5724869899798e1bbd447ac486215269511d3b76b4c235a1b766b6 \
-    --hash=sha256:cd623170c729a865037828e3f99f8ebdb22a467177a539680dfc5670b74c84e2 \
-    --hash=sha256:d25d3311794e6c71b608d7c47651c8f65eea5ab15358a27f29330b3475e8f8e5 \
-    --hash=sha256:d695439c201ed340745250f9eb4dfe8d32bf1e680c16477107b8f3ce4bff4fdb \
-    --hash=sha256:d77f6c9133d2aabb290a7846aaa74ec14d7b5ab35b01591fac5a70c4a8c959a2 \
-    --hash=sha256:d894a2442d2cd20a3b0b0dce5a353d316c57d25a2b445e03f7eac90eee27b8af \
-    --hash=sha256:db643ce2b58a4bd11a82348225c53c76ecdd82bb37cf4c085e6df1b676f4038c \
-    --hash=sha256:e3a0c43a26dfed955b2a06fdc4d51d2c51bc2200aff8ce8faf14e676ea8c8862 \
-    --hash=sha256:e77bf79ad1ccae672eab22453838382fe9029fc27c8029e84913855512a587d8 \
-    --hash=sha256:f2f0174cb15435957d3b751093f89aede77df59a499ab7516bbb633b77ead13a \
-    --hash=sha256:f3031c78edf10315abe232254e6a36b65afe65fded41ee54ed7976d0b2cdf0da \
-    --hash=sha256:f4c007156732866aa4507d619fe6f8f2748caabed4f66b276ccd97c82572620c \
-    --hash=sha256:f4f27ff3dd80bc7c402def211a47291ea123d59a23f59fe18fc0e81e3e71f385 \
-    --hash=sha256:f57744fc61e118b5d114ae8077d8eb9df4d2d2c11e2af194e21f0c11ed9dcf6c \
-    --hash=sha256:f835015a825980b65356e9520979a1564c56efea7da7d4b68a14d4a07a3a7336 \
+yarl==1.4.2 \
+    --hash=sha256:0c2ab325d33f1b824734b3ef51d4d54a54e0e7a23d13b86974507602334c2cce \
+    --hash=sha256:0ca2f395591bbd85ddd50a82eb1fde9c1066fafe888c5c7cc1d810cf03fd3cc6 \
+    --hash=sha256:2098a4b4b9d75ee352807a95cdf5f10180db903bc5b7270715c6bbe2551f64ce \
+    --hash=sha256:25e66e5e2007c7a39541ca13b559cd8ebc2ad8fe00ea94a2aad28a9b1e44e5ae \
+    --hash=sha256:26d7c90cb04dee1665282a5d1a998defc1a9e012fdca0f33396f81508f49696d \
+    --hash=sha256:308b98b0c8cd1dfef1a0311dc5e38ae8f9b58349226aa0533f15a16717ad702f \
+    --hash=sha256:3ce3d4f7c6b69c4e4f0704b32eca8123b9c58ae91af740481aa57d7857b5e41b \
+    --hash=sha256:58cd9c469eced558cd81aa3f484b2924e8897049e06889e8ff2510435b7ef74b \
+    --hash=sha256:5b10eb0e7f044cf0b035112446b26a3a2946bca9d7d7edb5e54a2ad2f6652abb \
+    --hash=sha256:6faa19d3824c21bcbfdfce5171e193c8b4ddafdf0ac3f129ccf0cdfcb083e462 \
+    --hash=sha256:944494be42fa630134bf907714d40207e646fd5a94423c90d5b514f7b0713fea \
+    --hash=sha256:a161de7e50224e8e3de6e184707476b5a989037dcb24292b391a3d66ff158e70 \
+    --hash=sha256:a4844ebb2be14768f7994f2017f70aca39d658a96c786211be5ddbe1c68794c1 \
+    --hash=sha256:c2b509ac3d4b988ae8769901c66345425e361d518aecbe4acbfc2567e416626a \
+    --hash=sha256:c9959d49a77b0e07559e579f38b2f3711c2b8716b8410b320bf9713013215a1b \
+    --hash=sha256:d8cdee92bc930d8b09d8bd2043cedd544d9c8bd7436a77678dd602467a993080 \
+    --hash=sha256:e15199cdb423316e15f108f51249e44eb156ae5dba232cb73be555324a1d49c2 \
    # via aiohttp
--- a/scripts/lib/certbot-maybe-renew
+++ b/scripts/lib/certbot-maybe-renew
@@ -6,7 +6,7 @@ zulip_conf_get_boolean() {
    # Treat absent and invalid values as false.
    value=$(crudini --get /etc/zulip/zulip.conf "$1" "$2" 2>/dev/null)
    case "$(echo "$value" | tr '[:upper:]' '[:lower:]')" in
-        1 | yes | true | on) return 0 ;;
+        1|yes|true|on) return 0 ;;
        *) return 1 ;;
    esac
 }
@@ -18,5 +18,5 @@ fi
 deploy_hook="${ZULIP_CERTBOT_DEPLOY_HOOK:-service nginx reload}"

 certbot renew --quiet \
-    --webroot --webroot-path=/var/lib/zulip/certbot-webroot/ \
-    --deploy-hook "$deploy_hook"
+  --webroot --webroot-path=/var/lib/zulip/certbot-webroot/ \
+  --deploy-hook "$deploy_hook"
--- a/scripts/lib/install
+++ b/scripts/lib/install
@@ -43,7 +43,7 @@ Options:
      Skip the initial `apt-get dist-upgrade`.

 EOF
-}
+};

 # Shell option parsing.  Over time, we'll want to move some of the
 # environment variables below into this self-documenting system.
@@ -51,62 +51,22 @@ args="$(getopt -o '' --long help,hostname:,email:,certbot,self-signed-cert,cacer
 eval "set -- $args"
 while true; do
    case "$1" in
-        --help)
-            usage
-            exit 0
-            ;;
+        --help) usage; exit 0;;

-        --hostname)
-            EXTERNAL_HOST="$2"
-            shift
-            shift
-            ;;
-        --email)
-            ZULIP_ADMINISTRATOR="$2"
-            shift
-            shift
-            ;;
+        --hostname) EXTERNAL_HOST="$2"; shift; shift;;
+        --email) ZULIP_ADMINISTRATOR="$2"; shift; shift;;

-        --certbot)
-            USE_CERTBOT=1
-            shift
-            ;;
-        --cacert)
-            export CUSTOM_CA_CERTIFICATES="$2"
-            shift
-            shift
-            ;;
-        --self-signed-cert)
-            SELF_SIGNED_CERT=1
-            shift
-            ;;
+        --certbot) USE_CERTBOT=1; shift;;
+        --cacert) export CUSTOM_CA_CERTIFICATES="$2"; shift; shift;;
+        --self-signed-cert) SELF_SIGNED_CERT=1; shift;;

-        --postgres-version)
-            POSTGRES_VERSION="$2"
-            shift
-            shift
-            ;;
-        --postgres-missing-dictionaries)
-            POSTGRES_MISSING_DICTIONARIES=1
-            shift
-            ;;
-        --no-init-db)
-            NO_INIT_DB=1
-            shift
-            ;;
+        --postgres-version) POSTGRES_VERSION="$2"; shift; shift;;
+        --postgres-missing-dictionaries) POSTGRES_MISSING_DICTIONARIES=1; shift;;
+        --no-init-db) NO_INIT_DB=1; shift;;

-        --no-overwrite-settings)
-            NO_OVERWRITE_SETTINGS=1
-            shift
-            ;;
-        --no-dist-upgrade)
-            NO_DIST_UPGRADE=1
-            shift
-            ;;
-        --)
-            shift
-            break
-            ;;
+        --no-overwrite-settings) NO_OVERWRITE_SETTINGS=1; shift;;
+        --no-dist-upgrade) NO_DIST_UPGRADE=1; shift;;
+        --) shift; break;;
    esac
 done

@@ -118,9 +78,9 @@ fi
 ## Options from environment variables.
 #
 # Specify options for apt.
-read -r -a APT_OPTIONS <<<"${APT_OPTIONS:-}"
+read -r -a APT_OPTIONS <<< "${APT_OPTIONS:-}"
 # Install additional packages.
-read -r -a ADDITIONAL_PACKAGES <<<"${ADDITIONAL_PACKAGES:-}"
+read -r -a ADDITIONAL_PACKAGES <<< "${ADDITIONAL_PACKAGES:-}"
 # Comma-separated list of puppet manifests to install.  default is
 # zulip::voyager for an all-in-one system or zulip::dockervoyager for
 # Docker.  Use e.g. zulip::app_frontend for a Zulip frontend server.
@@ -151,8 +111,8 @@ if [ -z "$EXTERNAL_HOST" ] || [ -z "$ZULIP_ADMINISTRATOR" ]; then
    fi
 fi

-if [ "$EXTERNAL_HOST" = zulip.example.com ] \
-    || [ "$ZULIP_ADMINISTRATOR" = zulip-admin@example.com ]; then
+if [ "$EXTERNAL_HOST" = zulip.example.com ] ||
+   [ "$ZULIP_ADMINISTRATOR" = zulip-admin@example.com ]; then
    # These example values are specifically checked for and would fail
    # later; see check_config in zerver/lib/management.py.
    echo 'error: The example hostname and email must be replaced with real values.' >&2
@@ -174,16 +134,8 @@ export LANGUAGE="en_US.UTF-8"

 # Check for a supported OS release.
 if [ -f /etc/os-release ]; then
-    os_info="$(
-        . /etc/os-release
-        printf '%s\n' "$ID" "$ID_LIKE" "$VERSION_ID" "$VERSION_CODENAME"
-    )"
-    {
-        read -r os_id
-        read -r os_id_like
-        read -r os_version_id
-        read -r os_version_codename || true
-    } <<<"$os_info"
+    os_info="$(. /etc/os-release; printf '%s\n' "$ID" "$ID_LIKE" "$VERSION_ID" "$VERSION_CODENAME")"
+    { read -r os_id; read -r os_id_like; read -r os_version_id; read -r os_version_codename || true; } <<< "$os_info"
    case " $os_id $os_id_like " in
        *' debian '*)
            package_system="apt"
@@ -195,7 +147,7 @@ if [ -f /etc/os-release ]; then
 fi

 case "$os_id$os_version_id" in
-    debian10 | ubuntu18.04 | ubuntu20.04) ;;
+    debian10|ubuntu18.04|ubuntu20.04) ;;
    *)
        set +x
        cat <<EOF
@@ -211,11 +163,10 @@ For more information, see:
  https://zulip.readthedocs.io/en/latest/production/requirements.html
 EOF
        exit 1
-        ;;
 esac

-if [ "$os_id" = ubuntu ] && ! apt-cache policy \
-    | grep -q "^     release v=$os_version_id,o=Ubuntu,a=$os_version_codename,n=$os_version_codename,l=Ubuntu,c=universe"; then
+if [ "$os_id" = ubuntu ] && ! apt-cache policy |
+           grep -q "^     release v=$os_version_id,o=Ubuntu,a=$os_version_codename,n=$os_version_codename,l=Ubuntu,c=universe"; then
    set +x
    cat <<'EOF'

@@ -236,10 +187,10 @@ case ",$PUPPET_CLASSES," in
        if [ "$package_system" = apt ]; then
            # We're going to install Postgres from the postgres apt
            # repository; this may conflict with the existing postgres.
-            OTHER_PG="$(dpkg --get-selections \
-                | grep -E '^postgresql-[0-9]+\s+install$' \
-                | grep -v "^postgresql-$POSTGRES_VERSION\b" \
-                | cut -f 1)" || true
+            OTHER_PG="$(dpkg --get-selections |
+                             grep -E '^postgresql-[0-9]+\s+install$' |
+                             grep -v "^postgresql-$POSTGRES_VERSION\b" |
+                             cut -f 1)" || true
            if [ -n "$OTHER_PG" ]; then
                INDENTED="${OTHER_PG//$'\n'/$'\n'    }"
                SPACED="${OTHER_PG//$'\n'/ }"
@@ -323,9 +274,9 @@ fi

 if [ "$package_system" = apt ]; then
    if ! apt-get install -y \
-        puppet git curl wget jq \
-        python3 crudini \
-        "${ADDITIONAL_PACKAGES[@]}"; then
+         puppet git curl wget jq \
+         python3 crudini \
+         "${ADDITIONAL_PACKAGES[@]}"; then
        set +x
        echo -e '\033[0;31m' >&2
        echo "Installing packages failed; is network working and (on Ubuntu) the universe repository enabled?" >&2
@@ -335,9 +286,9 @@ if [ "$package_system" = apt ]; then
    fi
 elif [ "$package_system" = yum ]; then
    if ! yum install -y \
-        puppet git curl wget jq \
-        python3 crudini \
-        "${ADDITIONAL_PACKAGES[@]}"; then
+         puppet git curl wget jq \
+         python3 crudini \
+         "${ADDITIONAL_PACKAGES[@]}"; then
        set +x
        echo -e '\033[0;31m' >&2
        echo "Installing packages failed; is network working?" >&2
@@ -377,13 +328,13 @@ has_class() {
 id -u zulip &>/dev/null || useradd -m zulip --home-dir /home/zulip
 if [ -n "$NO_OVERWRITE_SETTINGS" ] && [ -e "/etc/zulip/zulip.conf" ]; then
    "$ZULIP_PATH"/scripts/zulip-puppet-apply --force --noop \
-        --write-catalog-summary \
-        --classfile=/var/lib/puppet/classes.txt \
-        >/dev/null
+                 --write-catalog-summary \
+                 --classfile=/var/lib/puppet/classes.txt \
+                 >/dev/null
 else
    # Write out more than we need, and remove sections that are not
    # applicable to the classes that are actually necessary.
-    cat <<EOF >/etc/zulip/zulip.conf
+    cat <<EOF > /etc/zulip/zulip.conf
 [machine]
 puppet_classes = $PUPPET_CLASSES
 deploy_type = production
@@ -401,9 +352,9 @@ EOF
    fi

    "$ZULIP_PATH"/scripts/zulip-puppet-apply --force --noop \
-        --write-catalog-summary \
-        --classfile=/var/lib/puppet/classes.txt \
-        >/dev/null
+                 --write-catalog-summary \
+                 --classfile=/var/lib/puppet/classes.txt \
+                 >/dev/null

    # We only need the postgres version setting on database hosts; but
    # we don't know if this is a database host until we have the catalog summary.
--- a/scripts/lib/install-node
+++ b/scripts/lib/install-node
@@ -31,10 +31,7 @@ fi
 if [ "$current_node_version" != "v$node_version" ] || ! [ -L "$node_wrapper_path" ]; then
    export NVM_DIR=/usr/local/nvm
    # shellcheck source=/dev/null
-    if ! [ -e "$NVM_DIR/nvm.sh" ] || {
-        . "$NVM_DIR/nvm.sh"
-        [ "$(nvm --version)" != "$nvm_version" ]
-    }; then
+    if ! [ -e "$NVM_DIR/nvm.sh" ] || { . "$NVM_DIR/nvm.sh"; [ "$(nvm --version)" != "$nvm_version" ]; }; then
        mkdir -p "$NVM_DIR"
        wget_opts=(-nv)
        if [ -n "${CUSTOM_CA_CERTIFICATES:-}" ]; then
--- a/scripts/lib/setup-apt-repo
+++ b/scripts/lib/setup-apt-repo
@@ -36,7 +36,7 @@ apt-get -y install "${pre_setup_deps[@]}"
 SCRIPTS_PATH="$(dirname "$(dirname "$0")")"

 release=$(lsb_release -sc)
-if [[ "$release" =~ ^(bionic|cosmic|disco|eoan|focal)$ ]]; then
+if [[ "$release" =~ ^(bionic|cosmic|disco|eoan|focal)$ ]] ; then
    apt-key add "$SCRIPTS_PATH"/setup/pgdg.asc
    apt-key add "$SCRIPTS_PATH"/setup/pgroonga-ppa.asc
    cat >$SOURCES_FILE <<EOF
@@ -46,7 +46,7 @@ deb-src http://apt.postgresql.org/pub/repos/apt/ $release-pgdg main
 deb http://ppa.launchpad.net/groonga/ppa/ubuntu $release main
 deb-src http://ppa.launchpad.net/groonga/ppa/ubuntu $release main
 EOF
-elif [[ "$release" =~ ^(buster)$ ]]; then
+elif [[ "$release" =~ ^(buster)$ ]] ; then
    apt-key add "$SCRIPTS_PATH"/setup/pgdg.asc
    apt-key add "$SCRIPTS_PATH"/setup/pgroonga-debian.asc
    cat >$SOURCES_FILE <<EOF
@@ -71,4 +71,4 @@ else
    apt-get update && rm -f "$STAMP_FILE"
 fi

-echo "$DEPENDENCIES_HASH" >"$DEPENDENCIES_HASH_FILE"
+echo "$DEPENDENCIES_HASH" > "$DEPENDENCIES_HASH_FILE"
--- a/scripts/lib/setup-apt-repo-debathena
+++ b/scripts/lib/setup-apt-repo-debathena
@@ -54,4 +54,4 @@ else
    apt-get update && rm -f "$STAMP_FILE"
 fi

-echo "$DEPENDENCIES_HASH" >"$DEPENDENCIES_HASH_FILE"
+echo "$DEPENDENCIES_HASH" > "$DEPENDENCIES_HASH_FILE"
--- a/scripts/lib/setup-yum-repo
+++ b/scripts/lib/setup-yum-repo
@@ -7,14 +7,8 @@ args="$(getopt -o '' --long prod -- "$@")"
 eval "set -- $args"
 while true; do
    case "$1" in
-        --prod)
-            is_prod=true
-            shift
-            ;;
-        --)
-            shift
-            break
-            ;;
+        --prod) is_prod=true; shift;;
+        --) shift; break;;
    esac
 done

--- a/scripts/lib/setup_venv.py
+++ b/scripts/lib/setup_venv.py
@@ -34,8 +34,6 @@ VENV_DEPENDENCIES = [
    # on upgrade of a production server, and it's not worth adding
    # another call to `apt install` for.
    "jq",                   # Used by scripts/lib/install-node to check yarn version
-
-    "libsasl2-dev",         # For building python-ldap from source
 ]

 COMMON_YUM_VENV_DEPENDENCIES = [
--- a/scripts/setup/generate-self-signed-cert
+++ b/scripts/setup/generate-self-signed-cert
@@ -10,20 +10,11 @@ args="$(getopt -o '' --long help,force,exists-ok -- "$@")"
 eval "set -- $args"
 while true; do
    case "$1" in
-        --help) usage ;;
-        --force)
-            FORCE=1
-            shift
-            ;;
-        --exists-ok)
-            EXISTS_OK=1
-            shift
-            ;;
-        --)
-            shift
-            break
-            ;;
-        *) usage ;;
+        --help) usage;;
+        --force) FORCE=1; shift;;
+        --exists-ok) EXISTS_OK=1; shift;;
+        --) shift; break;;
+        *) usage;;
    esac
 done
 EXTERNAL_HOST="$1"
@@ -60,9 +51,9 @@ fi
 rm -f "$KEYFILE" "$CERTFILE"

 if [[ "$EXTERNAL_HOST" =~ ^(([0-9]+\.){3}[0-9]+)(:[0-9]+)?$ ]]; then
-    subjectAltName="IP:${BASH_REMATCH[1]}" # IPv4 address
+    subjectAltName="IP:${BASH_REMATCH[1]}"  # IPv4 address
 elif [[ "$EXTERNAL_HOST" =~ ^\[([^][]*)\](:[0-9]+)?$ ]]; then
-    subjectAltName="IP:${BASH_REMATCH[1]}" # IPv6 address
+    subjectAltName="IP:${BASH_REMATCH[1]}"  # IPv6 address
 elif [[ "$EXTERNAL_HOST" =~ ^([^:]+)(:[0-9]+)?$ ]]; then
    subjectAltName="DNS:${BASH_REMATCH[1]}"
 else
@@ -103,8 +94,8 @@ fi

 # Based on /usr/sbin/make-ssl-cert from Debian's `ssl-cert` package.
 openssl req -new -x509 \
-    -config "$config" -days 3650 -nodes -sha256 \
-    -out "$CERTFILE" -keyout "$KEYFILE"
+        -config "$config" -days 3650 -nodes -sha256 \
+        -out "$CERTFILE" -keyout "$KEYFILE"

 chmod 644 "$CERTFILE"
 chmod 640 "$KEYFILE"
--- a/scripts/setup/initialize-database
+++ b/scripts/setup/initialize-database
@@ -10,16 +10,10 @@ args="$(getopt -o '' --long help,quiet -- "$@")"
 eval "set -- $args"
 while true; do
    case "$1" in
-        --help) usage ;;
-        --quiet)
-            QUIET=1
-            shift
-            ;;
-        --)
-            shift
-            break
-            ;;
-        *) usage ;;
+        --help) usage;;
+        --quiet) QUIET=1; shift;;
+        --) shift; break;;
+        *) usage;;
    esac
 done

--- a/scripts/setup/install-wal-g.sh
+++ b/scripts/setup/install-wal-g.sh
@@ -8,11 +8,11 @@ HASH="$2"

 cd /tmp
 wget -qO "wal-g-$VERSION.tar.gz" \
-    "https://github.com/wal-g/wal-g/releases/download/v$VERSION/wal-g.linux-amd64.tar.gz"
+     "https://github.com/wal-g/wal-g/releases/download/v$VERSION/wal-g.linux-amd64.tar.gz"

 # Check not against the arbitrary provided sha256 on Github, but
 # against the (same) sha256 that we hardcode as "known good".
-echo "$HASH  wal-g-$VERSION.tar.gz" >"wal-g-$VERSION.tar.gz.sha256"
+echo "$HASH  wal-g-$VERSION.tar.gz" > "wal-g-$VERSION.tar.gz.sha256"
 sha256sum -c "wal-g-$VERSION.tar.gz.sha256"

 tar xzf "wal-g-$VERSION.tar.gz"
--- a/scripts/setup/postgres-init-db
+++ b/scripts/setup/postgres-init-db
@@ -13,14 +13,15 @@ POSTGRES_USER="${POSTGRES_USER:-postgres}"
 # This psql command may fail because the zulip database doesn’t exist,
 # hence the &&.
 if records="$(
-    cd / # Make sure the current working directory is readable by postgres
+    cd /  # Make sure the current working directory is readable by postgres
    su "$POSTGRES_USER" -c "psql -v ON_ERROR_STOP=1 -Atc 'SELECT COUNT(*) FROM zulip.zerver_message;' zulip"
 )" && [ "$records" -gt 200 ]; then
    set +x
    echo "WARNING: This will delete your Zulip database which currently contains $records messages."
    read -p "Do you want to proceed? [y/N] " -r
    echo
-    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+    if [[ ! $REPLY =~ ^[Yy]$ ]]
+    then
        exit 1
    fi
    set -x
@@ -34,12 +35,12 @@ fi
 # Drop any open connections to any old database.
 # Send the script via stdin in case the postgres user lacks permission to read it.
 su -s /usr/bin/env - -- "$POSTGRES_USER" \
-    bash -s - zulip zulip_base <"$(dirname "$0")/terminate-psql-sessions"
+    bash -s - zulip zulip_base < "$(dirname "$0")/terminate-psql-sessions"

 (
-    cd / # Make sure the current working directory is readable by postgres
+    cd /  # Make sure the current working directory is readable by postgres
    su "$POSTGRES_USER" -c 'psql -v ON_ERROR_STOP=1 -e'
-) <"$(dirname "$0")/create-db.sql"
+) < "$(dirname "$0")/create-db.sql"

 # Clear memcached to avoid contamination from previous database state
 "$(dirname "$0")/flush-memcached"
--- a/scripts/setup/setup-certbot
+++ b/scripts/setup/setup-certbot
@@ -83,14 +83,8 @@ esac

 # Check for a supported OS release.
 if [ -f /etc/os-release ]; then
-    os_info="$(
-        . /etc/os-release
-        printf '%s\n' "$ID" "$ID_LIKE"
-    )"
-    {
-        read -r os_id
-        read -r os_id_like || true
-    } <<<"$os_info"
+    os_info="$(. /etc/os-release; printf '%s\n' "$ID" "$ID_LIKE")"
+    { read -r os_id; read -r os_id_like|| true; } <<< "$os_info"
 fi

 set -x
@@ -109,10 +103,10 @@ esac
 # Passing --force-interactive suppresses a warning, but also brings up
 # an annoying prompt we stifle with --no-eff-email.
 certbot certonly "${method_args[@]}" \
-    "${HOSTNAMES[@]}" -m "$EMAIL" \
-    $agree_tos \
-    "${deploy_hook[@]}" \
-    --force-interactive --no-eff-email
+                "${HOSTNAMES[@]}" -m "$EMAIL" \
+                $agree_tos \
+                "${deploy_hook[@]}" \
+                --force-interactive --no-eff-email

 symlink_with_backup() {
    if [ -e "$2" ]; then
--- a/scripts/setup/upgrade-postgres
+++ b/scripts/setup/upgrade-postgres
@@ -40,7 +40,7 @@ fi

 # Capture the output so we know where the path to the post-upgrade scripts is
 UPGRADE_LOG=$(mktemp "/var/log/zulip/postgres-upgrade-$UPGRADE_FROM-$UPGRADE_TO.XXXXXXXXX.log")
-pg_upgradecluster -v "$UPGRADE_TO" "$UPGRADE_FROM" main --method=upgrade --link | tee "$UPGRADE_LOG"
+pg_upgradecluster "$UPGRADE_FROM" main --method=upgrade --link | tee "$UPGRADE_LOG"
 SCRIPTS_PATH=$(grep -o "/var/log/postgresql/pg_upgradecluster-$UPGRADE_FROM-$UPGRADE_TO-main.*" "$UPGRADE_LOG" || true)

 # If the upgrade completed successfully, lock in the new version in
--- a/static/js/compose.js
+++ b/static/js/compose.js
@@ -535,15 +535,10 @@ function validate_stream_message_post_policy(sub) {
        return false;
    }

-    if (page_params.is_guest && stream_post_policy !== stream_post_permission_type.everyone.code) {
-        compose_error(i18n.t("Guests are not allowed to post to this stream."));
-        return false;
-    }
-
    const person = people.get_by_user_id(page_params.user_id);
    const current_datetime = new Date(Date.now());
    const person_date_joined = new Date(person.date_joined);
-    const days = (current_datetime - person_date_joined) / 1000 / 86400;
+    const days = new Date(current_datetime - person_date_joined).getDate();
    let error_text;
    if (
        stream_post_policy === stream_post_permission_type.non_new_members.code &&
--- a/static/js/message_util.js
+++ b/static/js/message_util.js
@@ -16,25 +16,16 @@ function add_messages(messages, msg_list, opts) {
    return render_info;
 }

-// We need to check if the message content contains the specified HTML
-// elements.  We wrap the message.content in a <div>; this is
-// important because $("Text <a>link</a>").find("a") returns nothing;
-// one needs an outer element wrapping an object to use this
-// construction.
-function is_element_in_message_content(message, element_selector) {
-    return $(`<div>${message.content}</div>`).find(element_selector).length > 0;
-}
-
 exports.message_has_link = function (message) {
-    return is_element_in_message_content(message, "a");
+    return $(message.content).find("a").length > 0;
 };

 exports.message_has_image = function (message) {
-    return is_element_in_message_content(message, ".message_inline_image");
+    return $(message.content).find(".message_inline_image").length > 0;
 };

 exports.message_has_attachment = function (message) {
-    return is_element_in_message_content(message, "a[href^='/user_uploads']");
+    return $(message.content).find("a[href^='/user_uploads']").length > 0;
 };

 exports.add_old_messages = function (messages, msg_list) {
--- a/static/js/reactions.js
+++ b/static/js/reactions.js
@@ -288,12 +288,7 @@ exports.view.insert_new_reaction = function (opts) {

    if (opts.reaction_type !== "unicode_emoji") {
        context.is_realm_emoji = true;
-        const emoji_info = emoji.all_realm_emojis.get(emoji_code);
-        if (!emoji_info) {
-            blueslip.error(`Cannot find/insert realm emoji for code '${emoji_code}'.`);
-            return;
-        }
-        context.url = emoji_info.emoji_url;
+        context.url = emoji.all_realm_emojis.get(emoji_code).emoji_url;
    }

    context.count = 1;
@@ -497,12 +492,7 @@ exports.add_clean_reaction = function (opts) {

    if (r.reaction_type !== "unicode_emoji") {
        r.is_realm_emoji = true;
-        const emoji_info = emoji.all_realm_emojis.get(r.emoji_code);
-        if (!emoji_info) {
-            blueslip.error(`Cannot find/add realm emoji for code '${r.emoji_code}'.`);
-            return;
-        }
-        r.url = emoji_info.emoji_url;
+        r.url = emoji.all_realm_emojis.get(r.emoji_code).emoji_url;
    }

    opts.message.clean_reactions.set(opts.local_id, r);
--- a/static/js/stream_edit.js
+++ b/static/js/stream_edit.js
@@ -480,22 +480,11 @@ exports.set_stream_property = function (sub, property, value, status_element) {
    exports.bulk_set_stream_property([sub_data], status_element);
 };

-function get_message_retention_days_from_sub(sub) {
-    if (sub.message_retention_days === null) {
-        return "realm_default";
-    }
-    if (sub.message_retention_days === -1) {
-        return "forever";
-    }
-    return sub.message_retention_days;
-}
-
 function change_stream_privacy(e) {
    e.stopPropagation();

    const stream_id = $(e.target).data("stream-id");
    const sub = stream_data.get_sub_by_id(stream_id);
-    const data = {};

    const privacy_setting = $("#stream_privacy_modal input[name=privacy]:checked").val();
    const stream_post_policy = parseInt(
@@ -503,10 +492,6 @@ function change_stream_privacy(e) {
        10,
    );

-    if (sub.stream_post_policy !== stream_post_policy) {
-        data.stream_post_policy = JSON.stringify(stream_post_policy);
-    }
-
    let invite_only;
    let history_public_to_subscribers;

@@ -521,36 +506,26 @@ function change_stream_privacy(e) {
        history_public_to_subscribers = true;
    }

-    if (
-        sub.invite_only !== invite_only ||
-        sub.history_public_to_subscribers !== history_public_to_subscribers
-    ) {
-        data.is_private = JSON.stringify(invite_only);
-        data.history_public_to_subscribers = JSON.stringify(history_public_to_subscribers);
-    }
-
-    let message_retention_days = $(
-        "#stream_privacy_modal select[name=stream_message_retention_setting]",
-    ).val();
-    if (message_retention_days === "retain_for_period") {
-        message_retention_days = parseInt(
-            $("#stream_privacy_modal input[name=stream-message-retention-days]").val(),
-            10,
-        );
-    }
-
-    const message_retention_days_from_sub = get_message_retention_days_from_sub(sub);
-
-    if (message_retention_days_from_sub !== message_retention_days) {
-        data.message_retention_days = JSON.stringify(message_retention_days);
-    }
-
    $(".stream_change_property_info").hide();
+    const data = {
+        stream_name: sub.name,
+        // toggle the privacy setting
+        is_private: JSON.stringify(invite_only),
+        stream_post_policy: JSON.stringify(stream_post_policy),
+        history_public_to_subscribers: JSON.stringify(history_public_to_subscribers),
+    };

-    if (Object.keys(data).length === 0) {
-        overlays.close_modal("#stream_privacy_modal");
-        $("#stream_privacy_modal").remove();
-        return;
+    if (page_params.is_owner) {
+        let message_retention_days = $(
+            "#stream_privacy_modal select[name=stream_message_retention_setting]",
+        ).val();
+        if (message_retention_days === "retain_for_period") {
+            message_retention_days = parseInt(
+                $("#stream_privacy_modal input[name=stream-message-retention-days]").val(),
+                10,
+            );
+        }
+        data.message_retention_days = JSON.stringify(message_retention_days);
    }

    channel.patch({
--- a/templates/zerver/help/start-a-call.md
+++ b/templates/zerver/help/start-a-call.md
@@ -39,9 +39,9 @@ just set `JITSI_SERVER_URL` in `/etc/zulip/settings.py`.

 {tab|bigbluebutton}

-Using Big Blue Button as a video chat provider is currently only
-possible on self-hosted Zulip installations.  See the [detailed
-configuration instructions][big-blue-button-configuration].
+In order to use Big Blue Button as the video call provider, you need
+to first configure the `BIG_BLUE_BUTTON_URL` setting in
+`/etc/zulip/settings.py`.

 {tab|zoom}

@@ -75,5 +75,4 @@ setting the provider to "None".

 {end_tabs}

-[big-blue-button-configuration]: https://zulip.readthedocs.io/en/latest/production/video-calls.html#big-blue-button
-[zoom-configuration]: https://zulip.readthedocs.io/en/latest/production/video-calls.html#zoom
+[zoom-configuration]: https://zulip.readthedocs.io/en/latest/production/zoom-configuration.html
--- a/tools/build-release-tarball
+++ b/tools/build-release-tarball
@@ -11,11 +11,8 @@ eval "set -- $args"

 while true; do
    case "$1" in
-        --)
-            shift
-            break
-            ;;
-        *) usage ;;
+        --) shift; break;;
+        *) usage;;
    esac
 done

@@ -50,8 +47,8 @@ git archive -o "$TARBALL" "--prefix=$prefix/" HEAD
 cd "$TMPDIR"
 tar -xf "$TARBALL"
 while read -r i; do
-    rm -r --interactive=never "${TMPDIR:?}/$prefix/$i"
-done <"$TMPDIR/$prefix/tools/release-tarball-exclude.txt"
+    rm -r --interactive=never "${TMPDIR:?}/$prefix/$i";
+done < "$TMPDIR/$prefix/tools/release-tarball-exclude.txt"
 tar -cf "$TARBALL" "$prefix"
 rm -rf "$prefix"

@@ -81,10 +78,10 @@ mkdir -p "var/log"
 # TODO: Would be much better to instead run the below tools with some
 # sort of environment hack so that we don't need to create this dummy
 # secrets file.
-cat >>zproject/prod_settings_template.py <<EOF
+cat >> zproject/prod_settings_template.py <<EOF
 DEBUG = False
 EOF
-cat >>zproject/dev-secrets.conf <<EOF
+cat >> zproject/dev-secrets.conf <<EOF
 [secrets]
 local_database_password = ''
 secret_key = 'not_used_here'
@@ -99,8 +96,8 @@ EOF
 # We don't need duplicate copies of emoji with hashed paths, and they would break markdown
 find prod-static/serve/generated/emoji/images/emoji/ -regex '.*\.[0-9a-f]+\.png' -delete

-echo "$GITID" >build_id
-echo "$version" >version
+echo "$GITID" > build_id
+echo "$version" > version

 cd "$TMPDIR"

--- a/tools/cache-zulip-git-version
+++ b/tools/cache-zulip-git-version
@@ -2,4 +2,4 @@
 set -e

 cd "$(dirname "$0")/.."
-git describe --tags --match='[0-9]*' >zulip-git-version || true
+git describe --tags --match='[0-9]*' > zulip-git-version || true
--- a/tools/ci/backend
+++ b/tools/ci/backend
@@ -6,7 +6,7 @@ echo "Test suite is running under $(python --version)."
 set -e
 set -x

-./tools/lint --groups=backend --skip=gitlint,mypy # gitlint disabled because flaky
+./tools/lint --groups=backend --skip=gitlint,mypy  # gitlint disabled because flaky
 ./tools/test-tools
 # We need to pass a parallel level to test-backend because CircleCI's
 # docker setup means the auto-detection logic sees the ~36 processes
--- a/tools/ci/frontend
+++ b/tools/ci/frontend
@@ -5,7 +5,7 @@ source tools/ci/activate-venv
 set -e
 set -x

-./tools/lint --groups=frontend --skip=gitlint # gitlint disabled because flaky
+./tools/lint --groups=frontend --skip=gitlint  # gitlint disabled because flaky

 # Run the node tests first, since they're fast and deterministic
 ./tools/test-js-with-node --coverage
--- a/tools/ci/production-build
+++ b/tools/ci/production-build
@@ -32,10 +32,10 @@ fi
 # .circleci/config.yml
 mv /tmp/tmp.*/zulip-server-test.tar.gz /tmp/
 cp -a \
-    tools/ci/success-http-headers.template.txt \
-    tools/ci/production-install \
-    tools/ci/production-verify \
-    tools/ci/production-upgrade-pg \
-    tools/ci/production-extract-tarball \
-    \
-    /tmp/
+   tools/ci/success-http-headers.template.txt \
+   tools/ci/production-install \
+   tools/ci/production-verify \
+   tools/ci/production-upgrade-pg \
+   tools/ci/production-extract-tarball \
+   \
+   /tmp/
--- a/tools/ci/production-install
+++ b/tools/ci/production-install
@@ -11,11 +11,8 @@ APT_OPTIONS=(-o 'Dpkg::Options::=--force-confdef' -o 'Dpkg::Options::=--force-co
 apt-get update

 if [ -f /etc/os-release ]; then
-    os_info="$(
-        . /etc/os-release
-        printf '%s\n' "$VERSION_CODENAME"
-    )"
-    { read -r os_version_codename || true; } <<<"$os_info"
+    os_info="$(. /etc/os-release; printf '%s\n' "$VERSION_CODENAME")"
+    { read -r os_version_codename || true; } <<< "$os_info"
 fi

 if ! apt-get dist-upgrade -y "${APT_OPTIONS[@]}"; then
--- a/tools/ci/production-verify
+++ b/tools/ci/production-verify
@@ -12,9 +12,7 @@ NOREPLY_EMAIL_ADDRESS = 'noreply@circleci.example.com'
 ALLOWED_HOSTS = []
 EOF

-echo
-echo "Now testing that the supervisord jobs are running properly"
-echo
+echo; echo "Now testing that the supervisord jobs are running properly"; echo
 sleep 15 # Guaranteed to have a working supervisord process get an extra digit
 if supervisorctl status | grep -vq RUNNING || supervisorctl status | sed 's/^.*uptime //' | grep -q 0:00:0; then
    set +x
@@ -35,18 +33,16 @@ if supervisorctl status | grep -vq RUNNING || supervisorctl status | sed 's/^.*u
 fi

 # TODO: Ideally this would test actually logging in, but this is a start.
-echo
-echo "Now testing that the newly installed server's homepage loads"
-echo
+echo; echo "Now testing that the newly installed server's homepage loads"; echo

-wget https://localhost -O /tmp/index.html --no-check-certificate -S 2>/tmp/wget-output || true # || true so we see errors.log if this 500s
-grep -vi '\(Vary\|Content-Language\|expires\|issued by\|modified\|saved\|[.][.][.]\|Date\|[-][-]\)' /tmp/wget-output >/tmp/http-headers-processed
+wget https://localhost -O /tmp/index.html --no-check-certificate -S 2> /tmp/wget-output || true # || true so we see errors.log if this 500s
+grep -vi '\(Vary\|Content-Language\|expires\|issued by\|modified\|saved\|[.][.][.]\|Date\|[-][-]\)' /tmp/wget-output > /tmp/http-headers-processed

 nginx_version="$(nginx -v 2>&1 | awk '{print $3, $4}')"

 # Simplify the diff by getting replacing 4-5 digit length numbers with <Length>.
 sed -i 's|Length: [0-9]\+\( [(][0-9]\+[.][0-9]K[)]\)\?|Length: <Length>|' /tmp/http-headers-processed
-sed -i -e 's|Length: [0-9]\+\( [(][0-9]\+[.][0-9]K[)]\)\?|Length: <Length>|' -e "s|{nginx_version_string}|$nginx_version|g" /tmp/success-http-headers.template.txt
+sed -i -e 's|Length: [0-9]\+\( [(][0-9]\+[.][0-9]K[)]\)\?|Length: <Length>|' -e "s|{nginx_version_string}|$nginx_version|g"  /tmp/success-http-headers.template.txt
 if ! diff -ur /tmp/http-headers-processed /tmp/success-http-headers.template.txt; then
    set +x
    echo
@@ -62,12 +58,10 @@ if ! diff -ur /tmp/http-headers-processed /tmp/success-http-headers.template.txt
 fi

 # Start the RabbitMQ queue worker related section
-echo
-echo "Now confirming all the RabbitMQ queue processors are correctly registered!"
-echo
+echo; echo "Now confirming all the RabbitMQ queue processors are correctly registered!"; echo
 # These hacky shell scripts just extract the sorted list of queue processors, running and expected
-supervisorctl status | cut -f1 -dR | cut -f2- -d: | grep events | cut -f1 -d" " | cut -f3- -d_ | cut -f1 -d- | sort -u >/tmp/running_queue_processors.txt
-su zulip -c /home/zulip/deployments/current/scripts/lib/queue_workers.py | grep -v ^test$ | sort -u >/tmp/expected_queue_processors.txt
+supervisorctl status | cut -f1 -dR | cut -f2- -d: | grep events | cut -f1 -d" " | cut -f3- -d_ | cut -f1 -d- | sort -u > /tmp/running_queue_processors.txt
+su zulip -c /home/zulip/deployments/current/scripts/lib/queue_workers.py | grep -v ^test$ | sort -u > /tmp/expected_queue_processors.txt
 if ! diff /tmp/expected_queue_processors.txt /tmp/running_queue_processors.txt >/dev/null; then
    set +x
    echo "FAILURE: Runnable queue processors declared in zerver/worker/queue_processors.py "
@@ -78,9 +72,7 @@ if ! diff /tmp/expected_queue_processors.txt /tmp/running_queue_processors.txt >
    exit 1
 fi

-echo
-echo "Now running RabbitMQ consumer Nagios tests"
-echo
+echo; echo "Now running RabbitMQ consumer Nagios tests"; echo
 # First run the check that usually runs in cron and populates the state files
 /home/zulip/deployments/current/scripts/nagios/check-rabbitmq-consumers

@@ -101,12 +93,10 @@ done

 # Some of the Nagios tests have been temporarily disabled to work
 # around a Travis CI infrastructure issue.
-echo
-echo "Now running additional Nagios tests"
-echo
-if ! /usr/lib/nagios/plugins/zulip_app_frontend/check_queue_worker_errors \
-    || ! su zulip -c /usr/lib/nagios/plugins/zulip_postgres_appdb/check_fts_update_log; then # || \
-    #   ! su zulip -c "/usr/lib/nagios/plugins/zulip_app_frontend/check_send_receive_time --site=https://127.0.0.1/api --nagios --insecure"; then
+echo; echo "Now running additional Nagios tests"; echo
+if ! /usr/lib/nagios/plugins/zulip_app_frontend/check_queue_worker_errors || \
+   ! su zulip -c /usr/lib/nagios/plugins/zulip_postgres_appdb/check_fts_update_log; then # || \
+#   ! su zulip -c "/usr/lib/nagios/plugins/zulip_app_frontend/check_send_receive_time --site=https://127.0.0.1/api --nagios --insecure"; then
    set +x
    echo
    echo "FAILURE: Nagios checks don't pass:"
--- a/tools/clean-branches
+++ b/tools/clean-branches
@@ -17,11 +17,11 @@ if [ $# -ne 0 ] && [ "$1" == "--reviews" ]; then
 fi
 push_args=()

-function is_merged() {
+function is_merged {
    ! git rev-list -n 1 origin/master.."$1" | grep -q .
 }

-function clean_ref() {
+function clean_ref {
    ref="$1"
    case "$ref" in
        */master | */HEAD)
--- a/tools/commit-msg
+++ b/tools/commit-msg
@@ -8,12 +8,12 @@
 # Do not invoke gitlint if commit message is empty
 if grep -q '^[^#]' "$1"; then
    lint_cmd="cd ~/zulip && python -m gitlint.cli"
-    if
-        if [ -z "$VIRTUAL_ENV" ] && command -v vagrant >/dev/null && [ -e .vagrant ]; then
+    if \
+        if [ -z "$VIRTUAL_ENV" ] && command -v vagrant > /dev/null && [ -e .vagrant ]; then
            ! vagrant ssh -c "$lint_cmd"
        else
            ! eval "$lint_cmd"
-        fi <"$1"
+        fi < "$1"
    then
        echo "WARNING: Your commit message does not match Zulip's style guide."
    fi
--- a/tools/deploy-branch
+++ b/tools/deploy-branch
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash

-function error_out() {
+function error_out {
    echo -en '\e[0;31m'
    echo "$1"
    echo -en '\e[0m'
--- a/tools/lib/provision.py
+++ b/tools/lib/provision.py
@@ -390,8 +390,6 @@ def main(options: argparse.Namespace) -> "NoReturn":

    # Install shellcheck.
    run_as_root(["tools/setup/install-shellcheck"])
-    # Install shfmt.
-    run_as_root(["tools/setup/install-shfmt"])

    # Install semgrep.
    run_as_root(["tools/setup/install-semgrep"])
--- a/tools/lint
+++ b/tools/lint
@@ -77,9 +77,6 @@ def run() -> None:
                                  "(zerver/openapi/zulip.yaml) ")
    linter_config.external_linter('shellcheck', ['shellcheck', '-x', '-P', 'SCRIPTDIR'], ['sh'],
                                  description="Standard shell script linter.")
-    linter_config.external_linter('shfmt', ['shfmt'], ['sh'],
-                                  check_arg='-d', fix_arg='-w',
-                                  description="Formats shell scripts")
    command = ['tools/run-mypy', '--quiet']
    if args.force:
        command.append('--force')
--- a/tools/pre-commit
+++ b/tools/pre-commit
@@ -18,7 +18,7 @@ if [ ${#changed_files} -eq 0 ]; then
    exit 0
 fi

-if [ -z "$VIRTUAL_ENV" ] && command -v vagrant >/dev/null && [ -e .vagrant ]; then
+if [ -z "$VIRTUAL_ENV" ] && command -v vagrant > /dev/null && [ -e .vagrant ]; then
    vcmd="/srv/zulip/tools/lint --skip=gitlint --force $(printf '%q ' "${changed_files[@]}") || true"
    echo "Running lint using vagrant..."
    vagrant ssh -c "$vcmd"
--- a/tools/provision
+++ b/tools/provision
@@ -15,15 +15,12 @@ WARNING='\033[93m'
 ENDC='\033[0m'

 # Make the script independent of the location from where it is executed
-PARENT_PATH=$(
-    cd "$(dirname "${BASH_SOURCE[0]}")"
-    pwd -P
-)
+PARENT_PATH=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
 cd "$PARENT_PATH"
 mkdir -p ../var/log
 LOG_PATH="../var/log/provision.log"

-echo "PROVISIONING STARTING." >>$LOG_PATH
+echo "PROVISIONING STARTING." >> $LOG_PATH

 # PYTHONUNBUFFERED is important to ensure that tracebacks don't get
 # lost far above where they should be in the output.
--- a/tools/push-to-pull-request
+++ b/tools/push-to-pull-request
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -e

-usage() {
+usage () {
    cat >&2 <<EOF
 usage: $0 PULL_REQUEST_ID [REMOTE]

@@ -69,7 +69,7 @@ fi
 pr_url=https://api.github.com/repos/"${repo_fq}"/pulls/"${pr_id}"
 pr_details="$(curl -s "$pr_url")"

-pr_jq() {
+pr_jq () {
    echo "$pr_details" | jq "$@"
 }

--- a/tools/rebuild-test-database
+++ b/tools/rebuild-test-database
@@ -4,15 +4,17 @@ set -x

 export DJANGO_SETTINGS_MODULE=zproject.test_settings

-create_zulip_test() {
-    psql -v ON_ERROR_STOP=1 -h localhost postgres zulip_test <<EOF
+create_zulip_test()
+{
+psql -v ON_ERROR_STOP=1 -h localhost postgres zulip_test <<EOF
 DROP DATABASE IF EXISTS zulip_test;
 CREATE DATABASE zulip_test TEMPLATE zulip_test_base;
 EOF
 }

-create_zulip_test_template() {
-    psql -v ON_ERROR_STOP=1 -h localhost postgres zulip_test <<EOF
+create_zulip_test_template()
+{
+    psql -v ON_ERROR_STOP=1 -h localhost postgres zulip_test << EOF
 DROP DATABASE IF EXISTS zulip_test_template;
 CREATE DATABASE zulip_test_template TEMPLATE zulip_test;
 EOF
@@ -39,7 +41,7 @@ create_zulip_test
    zerver.UserProfile zerver.Stream zerver.Recipient \
    zerver.Subscription zerver.Message zerver.Huddle zerver.Realm \
    zerver.UserMessage zerver.Client \
-    zerver.DefaultStream >zerver/tests/fixtures/messages.json
+    zerver.DefaultStream > zerver/tests/fixtures/messages.json

 # create pristine template database, for fast fixture restoration after tests are run.
 create_zulip_test_template
--- a/tools/reset-to-pull-request
+++ b/tools/reset-to-pull-request
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -e

-usage() {
+usage () {
    cat >&2 <<EOF
 usage: $0 PULL_REQUEST_ID [REMOTE]

--- a/tools/setup-git-repo
+++ b/tools/setup-git-repo
@@ -6,6 +6,7 @@ if ! [ -d ".git/hooks/" ]; then
    exit 1
 fi

-for hook in pre-commit commit-msg; do
+for hook in pre-commit commit-msg
+do
    ln -snf ../../tools/"$hook" .git/hooks/
 done
--- a/tools/setup/generate-fixtures
+++ b/tools/setup/generate-fixtures
@@ -1,10 +1,11 @@
 #!/usr/bin/env bash
 set -e

-run() {
+run()
+{
    PGHOST=localhost PGUSER=zulip \
        "$(dirname "$0")/../../scripts/setup/terminate-psql-sessions" zulip_test zulip_test_base zulip_test_template
-    psql -v ON_ERROR_STOP=1 -h localhost postgres zulip_test <<EOF
+    psql -v ON_ERROR_STOP=1 -h localhost postgres zulip_test << EOF
 DROP DATABASE IF EXISTS zulip_test;
 CREATE DATABASE zulip_test TEMPLATE zulip_test_template;
 EOF
--- a/tools/setup/generate-test-credentials
+++ b/tools/setup/generate-test-credentials
@@ -8,7 +8,7 @@ email=iago@zulip.com
 mkdir -p var/casper

 password=$(./manage.py print_initial_password "$email" | grep -F "$email" | awk '{ print $2 }')
-cat >var/casper/test_credentials.js <<EOF
+cat > var/casper/test_credentials.js <<EOF
 // Generated by tools/setup/generate-test-credentials
 var test_credentials = {default_user: {username: '$email', password: '$password'}};
 try { exports.test_credentials = test_credentials; } catch (e) {}
--- a/tools/setup/install-semgrep
+++ b/tools/setup/install-semgrep
@@ -6,7 +6,7 @@ tarball=semgrep-v$version-ubuntu-16.04.tgz
 sha256=8b9437af0540ed9664904f9603d9d6ad011dad46433cba74e524c7753c7732c9
 tarball_url=https://github.com/returntocorp/semgrep/releases/download/v$version/$tarball

-check_version() {
+check_version () {
    out="$(semgrep --version 2>/dev/null)" && [ "$out" = "$version" ]
 }

@@ -15,7 +15,7 @@ if ! check_version; then
    trap 'rm -r "$tmpdir"' EXIT
    cd "$tmpdir"
    wget -nv "$tarball_url"
-    sha256sum -c <<<"$sha256  $tarball"
+    sha256sum -c <<< "$sha256  $tarball"
    tar -xzf "$tarball" -C /usr/local/lib/ semgrep-files/
    ln -sf /usr/local/lib/semgrep-files/semgrep /usr/local/bin/semgrep
    ln -sf /usr/local/lib/semgrep-files/semgrep-core /usr/local/bin/semgrep-core
--- a/tools/setup/install-shellcheck
+++ b/tools/setup/install-shellcheck
@@ -5,7 +5,7 @@ version=0.7.1
 tarball="shellcheck-v$version.linux.x86_64.tar.xz"
 sha256=64f17152d96d7ec261ad3086ed42d18232fcb65148b44571b564d688269d36c8

-check_version() {
+check_version () {
    out="$(shellcheck --version 2>/dev/null)" && [[ "$out" = *"
 version: $version
 "* ]]
@@ -16,7 +16,7 @@ if ! check_version; then
    trap 'rm -r "$tmpdir"' EXIT
    cd "$tmpdir"
    wget -nv "https://github.com/koalaman/shellcheck/releases/download/v$version/$tarball"
-    sha256sum -c <<<"$sha256 $tarball"
+    sha256sum -c <<< "$sha256 $tarball"
    tar -xJf "$tarball" --no-same-owner --strip-components=1 -C /usr/local/bin "shellcheck-v$version/shellcheck"
    check_version
 fi
--- a/tools/setup/install-shfmt
+++ b/tools/setup/install-shfmt
@@ -1,21 +0,0 @@
-#!/usr/bin/env bash
-set -eu
-
-version=3.1.2
-binary="shfmt_v${version}_linux_amd64"
-sha256=c5794c1ac081f0028d60317454fe388068ab5af7740a83e393515170a7157dce
-
-check_version() {
-    out="$(shfmt --version 2>/dev/null)" && [ "$out" = "v$version" ]
-}
-
-if ! check_version; then
-    tmpdir="$(mktemp -d)"
-    trap 'rm -r "$tmpdir"' EXIT
-    cd "$tmpdir"
-    wget -nv "https://github.com/mvdan/sh/releases/download/v3.1.2/$binary"
-    sha256sum -c <<<"$sha256 $binary"
-    chmod +x "$binary"
-    mv "$binary" /usr/local/bin/shfmt
-    check_version
-fi
--- a/tools/setup/optimize-svg
+++ b/tools/setup/optimize-svg
@@ -1,9 +1,10 @@
 #!/usr/bin/env bash

-if [ "$(node_modules/.bin/svgo -f static/images/integrations/logos | grep -o '\.[0-9]% = ' | wc -l)" -ge 1 ]; then
-    echo "ERROR: svgo detected unoptimized SVG files in the \`static/images/integrations/logos\` folder." 1>&2
-    echo "Please run \`svgo -f static/images/integrations/logos\` and commit the file changes to optimize them."
-    exit 1
-else
-    echo "SUCCESS: SVG files in static/images/integrations/logos are all optimized!"
+if [ "$(node_modules/.bin/svgo -f static/images/integrations/logos | grep -o '\.[0-9]% = ' | wc -l)" -ge 1 ]
+ then
+   echo "ERROR: svgo detected unoptimized SVG files in the \`static/images/integrations/logos\` folder." 1>&2
+   echo "Please run \`svgo -f static/images/integrations/logos\` and commit the file changes to optimize them."
+   exit 1
+ else
+  echo "SUCCESS: SVG files in static/images/integrations/logos are all optimized!"
 fi
--- a/tools/setup/postgres-init-dev-db
+++ b/tools/setup/postgres-init-dev-db
@@ -29,18 +29,18 @@ set -x

 POSTGRES_USER="postgres"
 if [ "$(uname)" = "OpenBSD" ]; then
-    POSTGRES_USER="_postgresql"
+  POSTGRES_USER="_postgresql"
 fi

 ROOT_POSTGRES=(sudo -i -u "$POSTGRES_USER" psql)
 DEFAULT_DB=""
 if [ "$(uname)" = "Darwin" ]; then
-    ROOT_POSTGRES=(psql)
-    DEFAULT_DB="postgres"
+   ROOT_POSTGRES=(psql)
+   DEFAULT_DB="postgres"
 fi

 if [ "$(uname)" = "OpenBSD" ]; then
-    DEFAULT_DB="postgres"
+  DEFAULT_DB="postgres"
 fi

 VAGRANTUSERNAME=$(whoami)
@@ -64,7 +64,7 @@ fi
 uuid_var_path=$($(readlink -f "$(dirname "$0")/../../scripts/lib/zulip_tools.py") get_dev_uuid)
 rm -f "$uuid_var_path/$STATUS_FILE_NAME"

-"${ROOT_POSTGRES[@]}" -v ON_ERROR_STOP=1 -e "$DEFAULT_DB" <<EOF
+"${ROOT_POSTGRES[@]}" -v ON_ERROR_STOP=1 -e "$DEFAULT_DB" << EOF
 DO \$\$BEGIN
    CREATE USER $USERNAME;
 EXCEPTION WHEN duplicate_object THEN
@@ -87,7 +87,7 @@ umask go-rw
 PGPASS_PREFIX="*:*:*:$USERNAME:"
 PGPASS_ESCAPED_PREFIX="*:\\*:\\*:$USERNAME:"
 if ! grep -q "$PGPASS_ESCAPED_PREFIX" ~/.pgpass; then
-    echo "$PGPASS_PREFIX$PASSWORD" >>~/.pgpass
+    echo "$PGPASS_PREFIX$PASSWORD" >> ~/.pgpass
 else
    sed -i "s/$PGPASS_ESCAPED_PREFIX.*\$/$PGPASS_PREFIX$PASSWORD/" ~/.pgpass
 fi
@@ -106,7 +106,7 @@ psql -v ON_ERROR_STOP=1 -e -h localhost "$DBNAME_BASE" "$USERNAME" <<EOF
 CREATE SCHEMA zulip;
 EOF

-"${ROOT_POSTGRES[@]}" -v ON_ERROR_STOP=1 -e "$DBNAME_BASE" <<EOF
+"${ROOT_POSTGRES[@]}" -v ON_ERROR_STOP=1 -e "$DBNAME_BASE" << EOF
 CREATE EXTENSION pgroonga;
 GRANT USAGE ON SCHEMA pgroonga TO $USERNAME;
 EOF
--- a/tools/test-all
+++ b/tools/test-all
@@ -8,20 +8,18 @@ TEMP=$(getopt -o f --long force -- "$@")
 eval set -- "$TEMP"

 # extract options.
-while true; do
+while true ; do
    case "$1" in
-        -f | --force)
-            FORCEARG="--force"
-            shift
-            ;;
+        -f|--force)
+            FORCEARG="--force";
+            shift;;
        --)
-            shift
-            break
-            ;;
+            shift;
+            break;;
    esac
 done

-function run() {
+function run {
    echo '----'
    printf 'Running'
    printf ' %q' "$@"
--- a/tools/test-documentation
+++ b/tools/test-documentation
@@ -1,14 +1,14 @@
 #!/usr/bin/env bash
 set -e

-color_message() {
+color_message () {
    local color_code="$1" message="$2"
    printf '\e[%sm%s\e[0m\n' "$color_code" "$message" >&2
 }

 loglevel=()

-usage() {
+usage () {
    cat <<EOF
 usage:
  --help, -h                   show this help message and exit
@@ -18,35 +18,17 @@ usage:
 EOF
 }

-args="$(getopt -o hL: --long help,loglevel:,skip-check-links,skip-external-links -- "$@")" \
-    || {
-        usage >&2
-        exit 1
-    }
+args="$(getopt -o hL: --long help,loglevel:,skip-check-links,skip-external-links -- "$@")" ||
+    { usage >&2; exit 1; }
 eval "set -- $args"
 while true; do
    case "$1" in
-        -h | --help)
-            usage
-            exit 0
-            ;;
-        -L | --loglevel)
-            loglevel=("$1" "$2")
-            shift 2
-            ;;
-        --skip-check-links)
-            skip_check_links=1
-            shift
-            ;;
-        --skip-external-links)
-            skip_external_links=1
-            shift
-            ;;
-        --)
-            shift
-            break
-            ;;
-        *) exit 1 ;;
+        -h|--help) usage; exit 0;;
+        -L|--loglevel) loglevel=("$1" "$2"); shift 2;;
+        --skip-check-links) skip_check_links=1; shift;;
+        --skip-external-links) skip_external_links=1; shift;;
+        --) shift; break;;
+        *) exit 1;;
    esac
 done

--- a/tools/test-install/destroy-all
+++ b/tools/test-install/destroy-all
@@ -10,16 +10,10 @@ args="$(getopt -o +f --long help,force -- "$@")"
 eval "set -- $args"
 while true; do
    case "$1" in
-        --help) usage ;;
-        -f | --force)
-            FORCE=1
-            shift
-            ;;
-        --)
-            shift
-            break
-            ;;
-        *) usage ;;
+        --help) usage;;
+        -f|--force) FORCE=1; shift;;
+        --) shift; break;;
+        *) usage;;
    esac
 done

@@ -33,8 +27,9 @@ if [ "$EUID" -ne 0 ]; then
 fi

 lxc-ls -f \
-    | perl -lane '$_ = $F[0]; print if (/^zulip-install-/ && !/-base$/)' \
-    | while read -r c; do
-        echo "$c"
-        lxc-destroy -f -n "$c"
-    done
+  | perl -lane '$_ = $F[0]; print if (/^zulip-install-/ && !/-base$/)' \
+  | while read -r c
+do
+    echo "$c"
+    lxc-destroy -f -n "$c"
+done
--- a/tools/test-install/install
+++ b/tools/test-install/install
@@ -10,23 +10,14 @@ args="$(getopt -o +r: --long help,release: -- "$@")"
 eval "set -- $args"
 while true; do
    case "$1" in
-        --help) usage ;;
-        -r | --release)
-            RELEASE="$2"
-            shift
-            shift
-            ;;
-        --)
-            shift
-            break
-            ;;
-        *) usage ;;
+        --help) usage;;
+        -r|--release) RELEASE="$2"; shift; shift;;
+        --) shift; break;;
+        *) usage;;
    esac
 done
-INSTALLER="$1"
-shift || usage
-INSTALLER_ARGS=("$@")
-set --
+INSTALLER="$1"; shift || usage
+INSTALLER_ARGS=("$@"); set --

 if [ -z "$RELEASE" ] || [ -z "$INSTALLER" ]; then
    usage
@@ -51,8 +42,7 @@ while [ -z "$CONTAINER_NAME" ] || lxc-info -n "$CONTAINER_NAME" >/dev/null 2>&1;
    CONTAINER_NAME=zulip-install-"$(basename "$shared_dir")"
 done

-message="$(
-    cat <<EOF
+message="$(cat <<EOF

 Container:
  sudo lxc-attach --clear-env -n $CONTAINER_NAME
@@ -78,7 +68,7 @@ mount -t overlay overlay \
    "$shared_dir"/mnt

 lxc-copy --ephemeral --keepdata -n "$BASE_CONTAINER_NAME" -N "$CONTAINER_NAME" \
-    -m bind="$shared_dir"/mnt:/mnt/src/,bind=/srv/zulip/test-install/pip-cache:/root/.cache/pip
+         -m bind="$shared_dir"/mnt:/mnt/src/,bind=/srv/zulip/test-install/pip-cache:/root/.cache/pip

 "$THIS_DIR"/lxc-wait -n "$CONTAINER_NAME"

--- a/tools/test-install/lxc-wait
+++ b/tools/test-install/lxc-wait
@@ -10,17 +10,10 @@ args="$(getopt -o +n: --long help,name: -- "$@")"
 eval "set -- $args"
 while true; do
    case "$1" in
-        --help) usage ;;
-        -n | --name)
-            CONTAINER_NAME="$2"
-            shift
-            shift
-            ;;
-        --)
-            shift
-            break
-            ;;
-        *) usage ;;
+        --help) usage;;
+        -n|--name) CONTAINER_NAME="$2"; shift; shift;;
+        --) shift; break;;
+        *) usage;;
    esac
 done

@@ -38,10 +31,7 @@ poll_runlevel() {
    for _ in {1..60}; do
        echo "lxc-wait: $CONTAINER_NAME: polling for boot..." >&2
        runlevel="$(lxc-attach --clear-env -n "$CONTAINER_NAME" -- runlevel 2>/dev/null)" \
-            || {
-                sleep 1
-                continue
-            }
+            || { sleep 1; continue; }
        if [ "$runlevel" != "${0%[0-9]}" ]; then
            echo "lxc-wait: $CONTAINER_NAME: booted!" >&2
            poll_network
@@ -52,16 +42,14 @@ poll_runlevel() {
    exit 1
 }

+
 poll_network() {
    for _ in {1..60}; do
        echo "lxc-wait: $CONTAINER_NAME: polling for network..." >&2
        # New hosts don't have `host` or `nslookup`
        lxc-attach --clear-env -n "$CONTAINER_NAME" -- \
-            ping -q -c 1 archive.ubuntu.com 2>/dev/null >/dev/null \
-            || {
-                sleep 1
-                continue
-            }
+                   ping -q -c 1 archive.ubuntu.com 2>/dev/null >/dev/null \
+            || { sleep 1; continue; }
        echo "lxc-wait: $CONTAINER_NAME: network is up!" >&2
        exit 0
    done
@@ -69,4 +57,6 @@ poll_network() {
    exit 1
 }

+
 poll_runlevel
+
--- a/tools/test-install/prepare-base
+++ b/tools/test-install/prepare-base
@@ -7,15 +7,13 @@ if [ "$EUID" -ne 0 ]; then
 fi

 RELEASE="$1"
-ARCH=amd64 # TODO: maybe i686 too
+ARCH=amd64  # TODO: maybe i686 too

 case "$RELEASE" in
-    bionic)
-        extra_packages=(python-pip)
-        ;;
-    focal)
-        extra_packages=(python3-pip)
-        ;;
+    bionic) extra_packages=(python-pip)
+            ;;
+    focal) extra_packages=(python3-pip)
+           ;;
    *)
        echo "error: unsupported target release: $RELEASE" >&2
        exit 1
@@ -48,16 +46,16 @@ run apt-get dist-upgrade -y
 # As an optimization, we install a bunch of packages the installer
 # would install for itself.
 run apt-get install -y --no-install-recommends \
-    xvfb parallel netcat unzip zip jq python3-pip wget curl eatmydata \
-    git crudini openssl ssl-cert \
-    build-essential python3-dev \
-    memcached redis-server \
-    hunspell-en-us supervisor libssl-dev puppet \
-    gettext libffi-dev libfreetype6-dev zlib1g-dev libjpeg-dev \
-    libldap2-dev \
-    libxml2-dev libxslt1-dev libpq-dev \
-    virtualenv \
-    "${extra_packages[@]}"
+  xvfb parallel netcat unzip zip jq python3-pip wget curl eatmydata \
+  git crudini openssl ssl-cert \
+  build-essential python3-dev \
+  memcached redis-server \
+  hunspell-en-us supervisor libssl-dev puppet \
+  gettext libffi-dev libfreetype6-dev zlib1g-dev libjpeg-dev \
+  libldap2-dev \
+  libxml2-dev libxslt1-dev libpq-dev \
+  virtualenv \
+  "${extra_packages[@]}"

 run ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime
 run locale-gen en_US.UTF-8 || true
--- a/tools/test-migrations
+++ b/tools/test-migrations
@@ -7,13 +7,13 @@ echo 'Testing whether migrations are consistent with models'
 new_auto_named_migrations=$(./manage.py showmigrations \
    | grep -E ' [0-9]{4}_auto_' \
    | grep -Eve ' [0-9]{4}_auto_201[67]' \
-        -e ' 0052_auto_fix_realmalias_realm_nullable' \
-        -e ' 0003_auto_20150817_1733' \
-        -e ' 0002_auto_20150110_0810' \
-        -e ' 0002_auto_20190420_0723' \
-        -e ' 0009_auto_20191118_0520' \
+           -e ' 0052_auto_fix_realmalias_realm_nullable' \
+           -e ' 0003_auto_20150817_1733' \
+           -e ' 0002_auto_20150110_0810' \
+           -e ' 0002_auto_20190420_0723' \
+           -e ' 0009_auto_20191118_0520' \
    | sed 's/\[[x ]\] /  /' \
-    || true)
+ || true)
 if [ "$new_auto_named_migrations" != "" ]; then
    echo "ERROR: New migrations with unclear automatically generated names."
    echo "Please rename these migrations to have readable names:"
--- a/tools/update-locked-requirements
+++ b/tools/update-locked-requirements
@@ -6,7 +6,7 @@ if [ ! -d /srv/zulip-py3-venv ] || [ ! -d /srv/zulip-thumbor-venv ]; then
    ./tools/setup/setup_venvs.py
 fi

-compile_requirements() {
+compile_requirements () {
    source="$1"
    output="$2"

--- a/version.py
+++ b/version.py
@@ -1,6 +1,6 @@
 import os

-ZULIP_VERSION = "3.3"
+ZULIP_VERSION = "3.1"
 # Add information on number of commits and commit hash to version, if available
 zulip_git_version_file = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'zulip-git-version')
 if os.path.exists(zulip_git_version_file):
@@ -10,7 +10,7 @@ if os.path.exists(zulip_git_version_file):
            ZULIP_VERSION = version

 LATEST_MAJOR_VERSION = "3.0"
-LATEST_RELEASE_VERSION = "3.3"
+LATEST_RELEASE_VERSION = "3.1"
 LATEST_RELEASE_ANNOUNCEMENT = "https://blog.zulip.org/2020/07/16/zulip-3-0-released/"
 LATEST_DESKTOP_VERSION = "5.3.0"

@@ -44,4 +44,4 @@ API_FEATURE_LEVEL = 27
 #   historical commits sharing the same major version, in which case a
 #   minor version bump suffices.

-PROVISION_VERSION = '92.1'
+PROVISION_VERSION = '91.0'
--- a/zerver/lib/streams.py
+++ b/zerver/lib/streams.py
@@ -156,8 +156,6 @@ def access_stream_for_send_message(sender: UserProfile,
        pass
    elif stream.stream_post_policy == Stream.STREAM_POST_POLICY_ADMINS:
        raise JsonableError(_("Only organization administrators can send to this stream."))
-    elif stream.stream_post_policy != Stream.STREAM_POST_POLICY_EVERYONE and sender.is_guest:
-        raise JsonableError(_("Guests cannot send to this stream."))
    elif stream.stream_post_policy == Stream.STREAM_POST_POLICY_RESTRICT_NEW_MEMBERS:
        if sender.is_bot and (sender.bot_owner is not None and
                              sender.bot_owner.is_new_member):
--- a/zerver/management/commands/change_user_role.py
+++ b/zerver/management/commands/change_user_role.py
@@ -1,57 +0,0 @@
-from argparse import ArgumentParser
-from typing import Any
-
-from django.core.management.base import CommandError
-
-from zerver.lib.actions import do_change_is_api_super_user, do_change_user_role
-from zerver.lib.management import ZulipBaseCommand
-from zerver.models import UserProfile
-
-
-class Command(ZulipBaseCommand):
-    help = """Change role of an existing user in their (own) Realm.
-
-ONLY perform this on customer request from an authorized person.
-"""
-
-    def add_arguments(self, parser: ArgumentParser) -> None:
-        parser.add_argument('email', metavar='<email>',
-                            help="email of user to change role")
-        parser.add_argument('new_role', metavar='<new_role>',
-                            choices=['owner', 'admin', 'member', 'guest', 'api_super_user'],
-                            help="new role of the user")
-        parser.add_argument('--revoke',
-                            dest='grant',
-                            action="store_false",
-                            help='Remove an api_super_user\'s rights.')
-        self.add_realm_args(parser, True)
-
-    def handle(self, *args: Any, **options: Any) -> None:
-        email = options['email']
-        realm = self.get_realm(options)
-
-        user = self.get_user(email, realm)
-
-        user_role_map = {'owner': UserProfile.ROLE_REALM_OWNER,
-                         'admin': UserProfile.ROLE_REALM_ADMINISTRATOR,
-                         'member': UserProfile.ROLE_MEMBER,
-                         'guest': UserProfile.ROLE_GUEST}
-
-        if options['new_role'] != 'api_super_user':
-            new_role = user_role_map[options['new_role']]
-            if not options['grant']:
-                raise CommandError("Revoke not supported with this permission; please specify new role.")
-            if new_role == user.role:
-                raise CommandError("User already has this role.")
-            old_role_name = UserProfile.ROLE_ID_TO_NAME_MAP[user.role]
-            do_change_user_role(user, new_role, acting_user=None)
-            new_role_name = UserProfile.ROLE_ID_TO_NAME_MAP[user.role]
-            print(f"Role for {user.delivery_email} changed from {old_role_name} to {new_role_name}.")
-        else:
-            if user.is_api_super_user and options['grant']:
-                raise CommandError("User is already api super user for this realm.")
-            elif not user.is_api_super_user and not options['grant']:
-                raise CommandError("User is not api super user for this realm.")
-            do_change_is_api_super_user(user, options['grant'])
-            granted_text = "have" if options['grant'] else "not have"
-            print(f"{user.delivery_email} changed to {granted_text} {options['new_role']} permission.")
--- a/zerver/management/commands/knight.py
+++ b/zerver/management/commands/knight.py
@@ -0,0 +1,71 @@
+from argparse import ArgumentParser
+from typing import Any
+
+from django.core.management.base import CommandError
+
+from zerver.lib.actions import do_change_is_api_super_user, do_change_user_role
+from zerver.lib.management import ZulipBaseCommand
+from zerver.models import UserProfile
+
+
+class Command(ZulipBaseCommand):
+    help = """Give an existing user administrative permissions over their (own) Realm.
+
+ONLY perform this on customer request from an authorized person.
+"""
+
+    def add_arguments(self, parser: ArgumentParser) -> None:
+        parser.add_argument('-f', '--for-real',
+                            dest='ack',
+                            action="store_true",
+                            default=False,
+                            help='Acknowledgement that this is done according to policy.')
+        parser.add_argument('--revoke',
+                            dest='grant',
+                            action="store_false",
+                            default=True,
+                            help='Remove an administrator\'s rights.')
+        parser.add_argument('--permission',
+                            dest='permission',
+                            action="store",
+                            default='administer',
+                            choices=['administer', 'api_super_user'],
+                            help='Permission to grant/remove.')
+        parser.add_argument('email', metavar='<email>', type=str,
+                            help="email of user to knight")
+        self.add_realm_args(parser, True)
+
+    def handle(self, *args: Any, **options: Any) -> None:
+        email = options['email']
+        realm = self.get_realm(options)
+
+        user = self.get_user(email, realm)
+
+        if options['grant']:
+            if (user.is_realm_admin and options['permission'] == "administer" or
+                    user.is_api_super_user and options['permission'] == "api_super_user"):
+                raise CommandError("User already has permission for this realm.")
+            else:
+                if options['ack']:
+                    if options['permission'] == "api_super_user":
+                        do_change_is_api_super_user(user, True)
+                    elif options['permission'] == "administer":
+                        do_change_user_role(user, UserProfile.ROLE_REALM_ADMINISTRATOR, acting_user=None)
+                    print("Done!")
+                else:
+                    print("Would have granted {} {} rights for {}".format(
+                          email, options['permission'], user.realm.string_id))
+        else:
+            if (user.is_realm_admin and options['permission'] == "administer" or
+                    user.is_api_super_user and options['permission'] == "api_super_user"):
+                if options['ack']:
+                    if options['permission'] == "api_super_user":
+                        do_change_is_api_super_user(user, False)
+                    elif options['permission'] == "administer":
+                        do_change_user_role(user, UserProfile.ROLE_MEMBER, acting_user=None)
+                    print("Done!")
+                else:
+                    print("Would have removed {}'s {} rights on {}".format(email, options['permission'],
+                                                                           user.realm.string_id))
+            else:
+                raise CommandError("User did not have permission for this realm!")
--- a/zerver/management/commands/show_admins.py
+++ b/zerver/management/commands/show_admins.py
@@ -30,4 +30,5 @@ class Command(ZulipBaseCommand):
        else:
            raise CommandError('There are no admins for this realm!')

-        print('\nYou can use the "change_user_role" management command to adjust roles.')
+        print('\nYou can use the "knight" management command to make more users admins.')
+        print('\nOr with the --revoke argument, remove admin status from users.')
--- a/zerver/tests/test_auth_backends.py
+++ b/zerver/tests/test_auth_backends.py
@@ -3581,14 +3581,6 @@ class TestZulipRemoteUserBackend(DesktopFlowTestingLib, ZulipTestCase):
            self.assertEqual(result.status_code, 302)
            self.assert_logged_in_user_id(user_profile.id)

-    def test_login_case_insensitive(self) -> None:
-        user_profile = self.example_user('hamlet')
-        email_upper = user_profile.delivery_email.upper()
-        with self.settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipRemoteUserBackend',)):
-            result = self.client_get('/accounts/login/sso/', REMOTE_USER=email_upper)
-            self.assertEqual(result.status_code, 302)
-            self.assert_logged_in_user_id(user_profile.id)
-
    def test_login_failure(self) -> None:
        email = self.example_email("hamlet")
        result = self.client_get('/accounts/login/sso/', REMOTE_USER=email)
--- a/zerver/tests/test_events.py
+++ b/zerver/tests/test_events.py
@@ -408,6 +408,13 @@ class NormalActionsTest(BaseAction):
            ('edit_timestamp', check_int),
            ('message_id', check_int),
            ('message_ids', check_list(check_int)),
+            ('prior_mention_user_ids', check_list(check_int)),
+            ('mention_user_ids', check_list(check_int)),
+            ('wildcard_mention_user_ids', check_list(check_int)),
+            ('presence_idle_user_ids', check_list(check_int)),
+            ('stream_push_user_ids', check_list(check_int)),
+            ('stream_email_user_ids', check_list(check_int)),
+            ('push_notify_user_ids', check_list(check_int)),
            ('orig_content', check_string),
            ('orig_rendered_content', check_string),
            (ORIG_TOPIC, check_string),
--- a/Show More
+++ b/Show More