migrations: Fix possible 0257_fix_has_link_attribute.py failure.

While it should be an invariant that message.rendered_content is never
None for a row saved to the database, it is possible for that
invariant to be violated, likely including due to bugs in previous
versions of data import/export tools.

While it'd be ideal for such messages to be rendered to fix the
invariant, it doesn't make sense for this has_link migration to crash
because of such a corrupted row, so we apply the similar policy we
already have for rendered_content="".

.editorconfig

@@ -3,12 +3,13 @@ root = true
 [*]
 end_of_line = lf
 charset = utf-8
+indent_size = 4
+indent_style = space
 trim_trailing_whitespace = true
 insert_final_newline = true
 
-[*.{sh,py,pyi,js,ts,json,xml,css,scss,hbs,html}]
+binary_next_line = true  # for shfmt
-indent_style = space
+switch_case_indent = true  # for shfmt
-indent_size = 4
 
 [*.py]
 max_line_length = 110
@@ -17,5 +18,4 @@ max_line_length = 110
 max_line_length = 100
 
 [*.{svg,rb,pp}]
-indent_style = space
 indent_size = 2

analytics/migrations/0015_clear_duplicate_counts.py

@@ -10,7 +10,7 @@ def clear_duplicate_counts(apps: StateApps, schema_editor: DatabaseSchemaEditor)
     The backstory is that Django's unique_together indexes do not properly
     handle the subgroup=None corner case (allowing duplicate rows that have a
     subgroup of None), which meant that in race conditions, rather than updating
-    an existing row for the property/realm/time with subgroup=None, Django would
+    an existing row for the property/(realm, stream, user)/time with subgroup=None, Django would
     create a duplicate row.
 
     In the next migration, we'll add a proper constraint to fix this bug, but
@@ -20,26 +20,32 @@ def clear_duplicate_counts(apps: StateApps, schema_editor: DatabaseSchemaEditor)
     this means deleting the extra rows, but for LoggingCountStat objects, we need to
     additionally combine the sums.
     """
-    RealmCount = apps.get_model('analytics', 'RealmCount')
+    count_tables = dict(realm=apps.get_model('analytics', 'RealmCount'),
+                        user=apps.get_model('analytics', 'UserCount'),
+                        stream=apps.get_model('analytics', 'StreamCount'),
+                        installation=apps.get_model('analytics', 'InstallationCount'))
 
-    realm_counts = RealmCount.objects.filter(subgroup=None).values(
+    for name, count_table in count_tables.items():
-        'realm_id', 'property', 'end_time').annotate(
+        value = [name, 'property', 'end_time']
+        if name == 'installation':
+            value = ['property', 'end_time']
+        counts = count_table.objects.filter(subgroup=None).values(*value).annotate(
             Count('id'), Sum('value')).filter(id__count__gt=1)
 
-    for realm_count in realm_counts:
+        for count in counts:
-        realm_count.pop('id__count')
+            count.pop('id__count')
-        total_value = realm_count.pop('value__sum')
+            total_value = count.pop('value__sum')
-        duplicate_counts = list(RealmCount.objects.filter(**realm_count))
+            duplicate_counts = list(count_table.objects.filter(**count))
-        first_count = duplicate_counts[0]
+            first_count = duplicate_counts[0]
-        if realm_count['property'] in ["invites_sent::day", "active_users_log:is_bot:day"]:
+            if count['property'] in ["invites_sent::day", "active_users_log:is_bot:day"]:
-            # For LoggingCountStat objects, the right fix is to combine the totals;
+                # For LoggingCountStat objects, the right fix is to combine the totals;
-            # for other CountStat objects, we expect the duplicates to have the same value.
+                # for other CountStat objects, we expect the duplicates to have the same value.
-            # And so all we need to do is delete them.
+                # And so all we need to do is delete them.
-            first_count.value = total_value
+                first_count.value = total_value
-            first_count.save()
+                first_count.save()
-        to_cleanup = duplicate_counts[1:]
+            to_cleanup = duplicate_counts[1:]
-        for duplicate_count in to_cleanup:
+            for duplicate_count in to_cleanup:
-            duplicate_count.delete()
+                duplicate_count.delete()
 
 class Migration(migrations.Migration):
 

analytics/views.py

@@ -121,7 +121,7 @@ def stats_for_realm(request: HttpRequest, realm_str: str) -> HttpResponse:
     try:
         realm = get_realm(realm_str)
     except Realm.DoesNotExist:
-        return HttpResponseNotFound(f"Realm {realm_str} does not exist")
+        return HttpResponseNotFound()
 
     return render_stats(request, f'/realm/{realm_str}', realm.name or realm.string_id,
                         analytics_ready=is_analytics_ready(realm))
@@ -1486,7 +1486,7 @@ def get_realm_activity(request: HttpRequest, realm_str: str) -> HttpResponse:
     try:
         admins = Realm.objects.get(string_id=realm_str).get_human_admin_users()
     except Realm.DoesNotExist:
-        return HttpResponseNotFound(f"Realm {realm_str} does not exist")
+        return HttpResponseNotFound()
 
     admin_emails = {admin.delivery_email for admin in admins}
 

corporate/views.py

@@ -192,14 +192,7 @@ def sponsorship(request: HttpRequest, user: UserProfile,
     realm = user.realm
 
     requested_by = user.full_name
-
+    user_role = user.get_role_name()
-    role_id_to_name_map = {
-        UserProfile.ROLE_REALM_OWNER: "Realm owner",
-        UserProfile.ROLE_REALM_ADMINISTRATOR: "Realm adminstrator",
-        UserProfile.ROLE_MEMBER: "Member",
-        UserProfile.ROLE_GUEST: "Guest"
-    }
-    user_role = role_id_to_name_map[user.role]
 
     support_realm_uri = get_realm(settings.STAFF_SUBDOMAIN).uri
     support_url = urljoin(support_realm_uri, urlunsplit(("", "", reverse('analytics.views.support'),

docs/_templates/layout.html

@@ -5,7 +5,7 @@
     # version e.g. to say that something is likely to have changed.
     # For more info see: https://www.sphinx-doc.org/en/master/templating.html
     #}
-    {% if pagename in ["production/management-commands", "production/email-gateway", "production/upgrade-or-modify", "production/zoom-configuration"] and release.endswith('+git') %}
+    {% if pagename in ["production/video-calls"] and release.endswith('+git') %}
     {#
     # This page doesn't exist in the stable documentation yet.
     # This temporary workaround prevents CircleCI failure and should be removed after the next release.

docs/development/setup-advanced.md

@@ -177,7 +177,7 @@ git remote add -f upstream https://github.com/zulip/zulip.git
 
 ```
 doas pkg_add sudo bash gcc postgresql-server redis rabbitmq \
-    memcached libmemcached py-Pillow py-cryptography py-cffi
+    memcached py-Pillow py-cryptography py-cffi
 
 # Point environment to custom include locations and use newer GCC
 # (needed for Node modules):

docs/overview/changelog.md

@@ -1,11 +1,90 @@
 # Version History
 
-All notable changes to the Zulip server are documented in this file.
+This page contains the release history for the Zulip 3.x stable
+release series. See the [current Zulip changelog][latest-changelog]
+for newer release series, or the [commit log][commit-log] for an
+up-to-date list of raw changes.
 
-## Unreleased
+### 3.4 -- April 14, 2021
 
-This section lists notable unreleased changes; it is generally updated
+- CVE-2021-30487: Prevent administrators from moving topics to
-in bursts.
+  disallowed streams.
+- CVE-2021-30479: Prevent guest user access to `all_public_streams`
+  API.
+- CVE-2021-30478: Prevent API super users from forging messages to
+  other organizations.
+- CVE-2021-30477: Prevent outgoing webhook bots from sending arbitrary
+  messages to any stream.
+- Fixed a potential HTML injection bug in outgoing emails.
+- Fixed Postfix configuration error which would prevent outgoing email
+  to any email address containing `.`, `+`, or starting with `mm`, when
+  configured to use the local Postfix to deliver outgoing email.
+- Fixed a backporting error which caused the `manage.py
+  change_user_role` tool to not work for `admin`, `member`, or `guest` roles.
+- Add support for logout events sent from modern versions of the
+  desktop application.
+- Upgraded minor python dependencies.
+- Minor documentation fixes.
+
+### 3.3 -- December 1, 2020
+
+- Guest users should not be allowed to post to streams marked “Only
+  organization full members can post.”  This flaw has existed since
+  the feature was added in Zulip Server 3.0.
+- Permit outgoing mail from postfix; this resolves a bug introduced in
+  Zulip Server 3.2 which prevented Zulip from sending outgoing mail if
+  the local mail server (used mostly for incoming mail) was also used
+  for outgoing email (`MAIL_HOST='localhost'`).
+- Ensure that the `upgrade-postgres` tool upgrades the cluster’s data
+  to the specific PostgreSQL version requested; this resolves a bug
+  where, now that PostgreSQL 13 has been released, `upgrade-postgres`
+  would attempt to upgrade to that version and not PostgreSQL 12.
+- Replace the impenetrably-named `./manage.py knight` with
+  `./manage.py change_user_role`, and extend it to support
+  “Organization owner” roles.
+- Handle realm emojis that have been manually deleted more gracefully.
+
+### 3.2 -- September 15, 2020
+
+- Switched from `libmemcached` to `python-binary-memcached`, a
+  pure-Python implementation; this should eliminate memcached
+  connection problems affecting some installations.
+- Removed unnecessary `django-cookies-samesite` dependency, which had
+  its latest release removed from PyPI (breaking installation of Zulip
+  3.1).
+- Limited which local email addresses Postfix accepts when the
+  incoming email integration is enabled; this prevents the enumeration
+  of local users via the email system.
+- Fixed incorrectly case-sensitive email validation in `REMOTE_USER`
+  authentication.
+- Fixed search results for `has:image`.
+- Fixed ability to adjust "Who can post on the stream" configuration.
+- Fixed display of "Permission [to post] will be granted in n days"
+  for n > 365.
+- Support providing `nginx_listen_port` setting in conjunction with
+  `http_only` in `zulip.conf`.
+- Improved upgrade documentation.
+- Removed internal ID lists which could leak into the events API.
+
+### 3.1 -- July 30, 2020
+
+- Removed unused `short_name` field from the User model.  This field
+  had no purpose and could leak the local part of email addresses
+  when email address visiblity was restricted.
+- Fixed a bug where loading spinners would sometimes not be displayed.
+- Fixed incoming email gateway exception with unstructured headers.
+- Fixed AlertWords not being included in data import/export.
+- Fixed Twitter previews not including a clear link to the tweet.
+- Fixed compose box incorrectly opening after uploading a file in a
+  message edit widget.
+- Fixed exception in SAML integration with encrypted assertions.
+- Fixed an analytics migration bug that could cause upgrading from 2.x
+  releases to fail.
+- Added a Thinkst Canary integration (and renamed the old one, which
+  was actually an integration for canarytokens.org).
+- Reformatted the frontend codebase using prettier.  This change was
+  included in this maintenance release to ensure backporting patches
+  from master remains easy.
 
 ### 3.0 -- July 16, 2020
 
@@ -1829,3 +1908,7 @@ easily read them all when upgrading across multiple releases.
 * [Upgrade notes for 1.9.0](#upgrade-notes-for-1-9-0)
 * [Upgrade notes for 1.8.0](#upgrade-notes-for-1-8-0)
 * [Upgrade notes for 1.7.0](#upgrade-notes-for-1-7-0)
+
+[docker-zulip]: https://github.com/zulip/docker-zulip
+[commit-log]: https://github.com/zulip/zulip/commits/master
+[latest-changelog]: https://zulip.readthedocs.io/en/latest/overview/changelog.html

docs/production/export-and-import.md

@@ -65,8 +65,9 @@ su zulip -c '/home/zulip/deployments/current/manage.py backup'
 ```
 
 The backup tool provides the following options:
-- `--output`: Path where the output file should be stored. If no path is
+- `--output=/tmp/backup.tar.gz`: Filename to write the backup tarball
- provided, the output file is saved to a temporary directory.
+  to (default: write to a file in `/tmp`).  On success, the
+  console output will show the path to the output tarball.
 - `--skip-db`: Skip backup of the database.  Useful if you're using a
   remote postgres host with its own backup system and just need to
   backup non-database state.

docs/production/index.rst

@@ -21,4 +21,4 @@ Zulip in Production
    email
    deployment
    email-gateway
-   zoom-configuration
+   video-calls

docs/production/install.md

@@ -3,7 +3,7 @@
 You'll need an Ubuntu or Debian system that satisfies
 [the installation requirements](../production/requirements.md). Alternatively,
 you can use a preconfigured
-[Digital Ocean droplet](https://marketplace.digitalocean.com/apps/zulip), or
+[DigitalOcean droplet](https://marketplace.digitalocean.com/apps/zulip?refcode=3ee45da8ee26), or
 Zulip's
 [experimental Docker image](../production/deployment.html#zulip-in-docker).
 
@@ -74,11 +74,10 @@ If the script gives an error, consult [Troubleshooting](#troubleshooting) below.
 ## Step 3: Create a Zulip organization, and log in
 
 On success, the install script prints a link.  If you're [restoring a
-backup][zulip-backups] or importing your data from [HipChat][hipchat-import],
+backup][zulip-backups] or importing your data from [Slack][slack-import],
-[Slack][slack-import], or another Zulip server, you should stop here
+or another Zulip server, you should stop here
 and return to the import instructions.
 
-[hipchat-import]: https://zulip.com/help/import-from-hipchat
 [slack-import]: https://zulip.com/help/import-from-slack
 [zulip-backups]: ../production/export-and-import.html#backups
 
@@ -164,11 +163,13 @@ the bottom of `/var/log/zulip/errors.log` for a traceback, and consult
 the [troubleshooting section](troubleshooting.md) for advice on
 how to debug.
 
-**Community.**
+**Community.** If the tips above don't help, please visit [#production
-If the tips above don't help, please visit
+help][production-help] in the [Zulip development community
-[#production help](https://chat.zulip.org/#narrow/stream/31-production-help)
+server][chat-zulip-org] for realtime help, and we'll try to help you
-in the [Zulip development community server](../contributing/chat-zulip-org.md) for
+out!  Please provide details like the full traceback from the bottom
-realtime help or email zulip-help@googlegroups.com with the full
+of `/var/log/zulip/errors.log` in your report (ideally in a [code
-traceback, and we'll try to help you out!  Please provide details like
+block][code-block]).
-the full traceback from the bottom of `/var/log/zulip/errors.log` in
+
-your report.
+[chat-zulip-org]: ../contributing/chat-zulip-org.md
+[production-help]: https://chat.zulip.org/#narrow/stream/31-production-help
+[code-block]: https://zulip.com/help/format-your-message-using-markdown#code

docs/production/management-commands.md

@@ -117,11 +117,10 @@ There are dozens of useful management commands under
 * `./manage.py send_password_reset_email`: Sends password reset email(s)
   to one or more users.
 * `./manage.py change_user_email`: Change a user's email address.
-* `./manage.py knight`: Can toggle whether a user is an administrator
+* `./manage.py change_user_role`: Can change are user's role
   (easier done [via the
   UI](https://zulip.com/help/change-a-users-role)) or create an
-  API super user bot (with `--permission=api_super_user`), which are
+  `api_super_user`, which are needed for certain special API features.
-  needed for some content mirroring integrations.
 * `./manage.py export_single_user` does a limited version of the [main
   export tools](../production/export-and-import.md) containing just
   the messages accessible by a single user.

docs/production/security-model.md

@@ -193,7 +193,7 @@ strength allowed is controlled by two settings in
 
     API super user bots cannot be created by Zulip users, including
     organization owners. They can only be created on the command
-    line (via `manage.py knight --permission=api_super_user`).
+    line (via `manage.py change_user_role api_super_user`).
 
 ## User-uploaded content
 

docs/production/settings.md

@@ -100,7 +100,7 @@ Some popular settings in `/etc/zulip/settings.py` include:
   tweets.
 * The [email gateway](../production/email-gateway.md), which lets
   users send emails into Zulip.
-* The [Zoom video call integration](zoom-configuration.md).
+* The [Video call integrations](../production/video-calls.md).
 
 ## Zulip announcement list
 

docs/production/upgrade-or-modify.md

@@ -249,9 +249,9 @@ instructions for other supported platforms.
         /home/zulip/deployments/current/ --ignore-static-assets --audit-fts-indexes
     ```
 
-That last command will finish by restarting your Zulip server; you
+   This will finish by restarting your Zulip server; you should now be
-should now be able to navigate to its URL and confirm everything is
+   able to navigate to its URL and confirm everything is working
-working correctly.
+   correctly.
 
 ### Upgrading from Ubuntu 16.04 Xenial to 18.04 Bionic
 
@@ -278,11 +278,28 @@ working correctly.
     systemctl restart memcached
     ```
 
-5. Same as for Bionic to Focal.
+5. Finally, we need to reinstall the current version of Zulip, which
+   among other things will recompile Zulip's Python module
+   dependencies for your new version of Python:
 
-That last command will finish by restarting your Zulip server; you
+    ```
-should now be able to navigate to its URL and confirm everything is
+    rm -rf /srv/zulip-venv-cache/*
-working correctly.
+    /home/zulip/deployments/current/scripts/lib/upgrade-zulip-stage-2 \
+        /home/zulip/deployments/current/ --ignore-static-assets
+    ```
+
+   This will finish by restarting your Zulip server; you should now
+   be able to navigate to its URL and confirm everything is working
+   correctly.
+
+6. [Upgrade to the latest Zulip release](#upgrading-to-a-release), now
+   that your server is running a supported operating system.
+
+7. As root, finish by verifying the contents of the full-text indexes:
+
+    ```
+    /home/zulip/deployments/current/manage.py audit_fts_indexes
+    ```
 
 ### Upgrading from Ubuntu 14.04 Trusty to 16.04 Xenial
 
@@ -295,7 +312,7 @@ working correctly.
 3. Same as for Bionic to Focal.
 
 4. As root, upgrade the database installation and OS configuration to
-match the new OS version:
+   match the new OS version:
 
     ```
     apt remove upstart -y
@@ -309,11 +326,23 @@ match the new OS version:
     service memcached restart
     ```
 
-5. Same as for Bionic to Focal.
+5. Finally, we need to reinstall the current version of Zulip, which
+   among other things will recompile Zulip's Python module
+   dependencies for your new version of Python:
 
-That last command will finish by restarting your Zulip server; you
+    ```
-should now be able to navigate to its URL and confirm everything is
+    rm -rf /srv/zulip-venv-cache/*
-working correctly.
+    /home/zulip/deployments/current/scripts/lib/upgrade-zulip-stage-2 \
+        /home/zulip/deployments/current/ --ignore-static-assets
+    ```
+
+   This will finish by restarting your Zulip server; you should now be
+   able to navigate to its URL and confirm everything is working
+   correctly.
+
+6. [Upgrade from Xenial to
+   Bionic](#upgrading-from-ubuntu-16-04-xenial-to-18-04-bionic), so
+   that you are running a supported operating system.
 
 ### Upgrading from Debian Stretch to Debian Buster
 
@@ -339,20 +368,37 @@ working correctly.
     ```
     apt remove upstart -y
     /home/zulip/deployments/current/scripts/zulip-puppet-apply -f
-    pg_dropcluster 9.5 main --stop
+    pg_dropcluster 11 main --stop
     systemctl stop postgresql
-    pg_upgradecluster -m upgrade 9.3 main
+    pg_upgradecluster -m upgrade 9.6 main
-    pg_dropcluster 9.3 main
+    pg_dropcluster 9.6 main
-    apt remove postgresql-9.3
+    apt remove postgresql-9.6
     systemctl start postgresql
     service memcached restart
     ```
 
-5. Same as for Bionic to Focal.
+5. Finally, we need to reinstall the current version of Zulip, which
+   among other things will recompile Zulip's Python module
+   dependencies for your new version of Python:
 
-That last command will finish by restarting your Zulip server; you
+    ```
-should now be able to navigate to its URL and confirm everything is
+    rm -rf /srv/zulip-venv-cache/*
-working correctly.
+    /home/zulip/deployments/current/scripts/lib/upgrade-zulip-stage-2 \
+        /home/zulip/deployments/current/ --ignore-static-assets
+    ```
+
+   This will finish by restarting your Zulip server; you should now
+   be able to navigate to its URL and confirm everything is working
+   correctly.
+
+6. [Upgrade to the latest Zulip release](#upgrading-to-a-release), now
+   that your server is running a supported operating system.
+
+7. As root, finish by verifying the contents of the full-text indexes:
+
+    ```
+    /home/zulip/deployments/current/manage.py audit_fts_indexes
+    ```
 
 ## Upgrading PostgreSQL
 

docs/production/video-calls.md

@@ -0,0 +1,77 @@
+# Video call providers
+
+This page documents the server-level configuration required to support
+non-default [video call integration
+options](https://zulip.com/help/start-a-call) on a self-hosted Zulip
+server.
+
+## Zoom
+
+To use the [Zoom](https://zoom.us) integration on a self-hosted
+installation, you'll need to register a custom Zoom app as follows:
+
+1. Select [**Build App**](https://marketplace.zoom.us/develop/create)
+   at the Zoom Marketplace.
+
+1. Create an app with the **OAuth** type.
+
+   * Choose an app name such as "ExampleCorp Zulip".
+   * Select **User-managed app**.
+   * Disable the option to publish the app on the Marketplace.
+   * Click **Create**.
+
+1. Inside of the Zoom app management page:
+
+   * On the **App Credentials** tab, set both the **Redirect URL for
+     OAuth** and the **Whitelist URL** to
+     `https://zulip.example.com/calls/zoom/complete` (replacing
+     `zulip.example.com` by your main Zulip hostname).
+   * On the **Scopes** tab, add the `meeting:write` scope.
+
+You can then configure your Zulip server to use that Zoom app as
+follows:
+
+1. In `/etc/zulip/zulip-secrets.conf`, set `video_zoom_client_secret`
+   to be your app's "Client Secret".
+
+1. In `/etc/zulip/settings.py`, set `VIDEO_ZOOM_CLIENT_ID` to your
+   app's "Client ID".
+
+1. Restart the Zulip server with
+   `/home/zulip/deployments/current/scripts/restart-server`.
+
+This enables Zoom support in your Zulip server.  Finally, [configure
+Zoom as the video call
+provider](https://zulip.com/help/start-a-call) in the Zulip
+organization(s) where you want to use it.
+
+## Big Blue Button
+
+To use the [Big Blue Button](https://bigbluebutton.org/) video call
+integration on a self-hosted Zulip installation, you'll need to have a
+Big Blue Button server and configure it:
+
+1. Get the Shared Secret using the `bbb-conf --secret` command on your
+   Big Blue Button Server. See also [the Big Blue Button
+   documentation](https://docs.bigbluebutton.org/2.2/customize.html#extract-the-shared-secret).
+
+2. Get the URL to your Big Blue Button API. The URL has the form of
+   `https://bigbluebutton.example.com/bigbluebutton/` and can also be
+   found using the `bbb-conf --secret` command.
+
+You can then configure your Zulip server to use that Big Blue Button
+Server as follows:
+
+1. In `/etc/zulip/zulip-secrets.conf`, set `big_blue_button_secret`
+   to be your Big Blue Button Server's shared secret.
+
+2. In `/etc/zulip/settings.py`, set `BIG_BLUE_BUTTON_URL` to your
+   to be your Big Blue Button Server's API URL.
+
+3. Restart the Zulip server with
+   `/home/zulip/deployments/current/scripts/restart-server`.
+
+This enables Big Blue Button support in your Zulip server.  Finally, [configure
+Big Blue Button as the video call
+provider](https://zulip.com/help/start-a-call) in the Zulip
+organization(s) where you want to use it.

docs/production/zoom-configuration.md

@@ -1,36 +0,0 @@
-# Zoom Video Calling OAuth Configuration
-
-To use the [Zoom](https://zoom.us) integration on a self-hosted
-installation, you'll need to register a custom Zoom Application as
-follows:
-
-1. Visit the [Zoom Marketplace](https://marketplace.zoom.us/develop/create).
-
-1. Create a new application, choosing **OAuth** as the app type.
-We recommend using a name like "ExampleCorp Zulip".
-
-1. Select *account-level app* for the authentication type, disable
-the option to publish the app in the Marketplace, and click **Create**.
-
-1. Inside of the Zoom app management page, set the Redirect URL to
-`https://zulip.example.com/calls/zoom/complete` (replacing
-`zulip.example.com` by your main Zulip hostname).
-
-1. Set the "Scopes" to `meeting:write:admin`.
-
-You can then configure your Zulip server to use that Zoom application
-as follows:
-
-1. In `/etc/zulip/zulip-secrets.conf`, set `video_zoom_client_secret`
-to be your app's "Client Secret".
-
-1. In `/etc/zulip/settings.py`, set `VIDEO_ZOOM_CLIENT_ID` to your
-   app's "Client ID".
-
-1. Restart the Zulip server with
-   `/home/zulip/deployments/current/scripts/restart-server`.
-
-This enables Zoom support in your Zulip server.  Finally, [configure
-Zoom as the video call
-provider](https://zulip.com/help/start-a-call) in the Zulip
-organization(s) where you want to use it.

docs/subsystems/markdown.md

@@ -137,8 +137,8 @@ Important considerations for any changes are:
 Zulip's markdown processor's rendering supports a number of features
 that depend on realm-specific or user-specific data.  For example, the
 realm could have
-[Linkifiers](https://zulip.com/help/add-a-custom-linkification-filter)
+[linkifiers](https://zulip.com/help/add-a-custom-linkifier)
-or [Custom emoji](https://zulip.com/help/add-custom-emoji)
+or [custom emoji](https://zulip.com/help/add-custom-emoji)
 configured, and Zulip supports mentions for streams, users, and user
 groups (which depend on data like users' names, IDs, etc.).
 

frontend_tests/node_tests/compose.js

@@ -364,7 +364,7 @@ run_test("validate_stream_message", () => {
     assert($("#compose-all-everyone").visible());
 });
 
-run_test("test_validate_stream_message_post_policy", () => {
+run_test("test_validate_stream_message_post_policy_admin_only", () => {
     // This test is in continuation with test_validate but it has been separated out
     // for better readability. Their relative position of execution should not be changed.
     // Although the position with respect to test_validate_stream_message does not matter
@@ -386,9 +386,45 @@ run_test("test_validate_stream_message_post_policy", () => {
         i18n.t("Only organization admins are allowed to post to this stream."),
     );
 
-    // reset compose_state.stream_name to 'social' again so that any tests occurung after this
+    // Reset error message.
+    compose_state.stream_name("social");
+
+    page_params.is_admin = false;
+    page_params.is_guest = true;
+
+    compose_state.topic("subject102");
+    compose_state.stream_name("stream102");
+    assert(!compose.validate());
+    assert.equal(
+        $("#compose-error-msg").html(),
+        i18n.t("Only organization admins are allowed to post to this stream."),
+    );
+});
+
+run_test("test_validate_stream_message_post_policy_full_members_only", () => {
+    page_params.is_admin = false;
+    page_params.is_guest = true;
+    const sub = {
+        stream_id: 103,
+        name: "stream103",
+        subscribed: true,
+        stream_post_policy: stream_data.stream_post_policy_values.non_new_members.code,
+    };
+
+    compose_state.topic("subject103");
+    compose_state.stream_name("stream103");
+    stream_data.add_sub(sub);
+    assert(!compose.validate());
+    assert.equal(
+        $("#compose-error-msg").html(),
+        i18n.t("Guests are not allowed to post to this stream."),
+    );
+
+    // reset compose_state.stream_name to 'social' again so that any tests occurring after this
     // do not reproduce this error.
     compose_state.stream_name("social");
+    // Reset page_params
+    page_params.is_guest = false;
 });
 
 run_test("markdown_rtl", () => {

frontend_tests/node_tests/filter.js

@@ -720,34 +720,40 @@ run_test("predicate_basics", () => {
     // HTML content of message is used to determine if image have link, image or attachment.
     // We are using jquery to parse the html and find existence of relevant tags/elements.
     // In tests we need to stub the calls to jquery so using zjquery's .set_find_results method.
+    function set_find_results_for_msg_content(msg, jquery_selector, results) {
+        $(`<div>${msg.content}</div>`).set_find_results(jquery_selector, results);
+    }
+
     const has_link = get_predicate([["has", "link"]]);
-    $(img_msg.content).set_find_results("a", [$("<a>")]);
+    set_find_results_for_msg_content(img_msg, "a", [$("<a>")]);
     assert(has_link(img_msg));
-    $(non_img_attachment_msg.content).set_find_results("a", [$("<a>")]);
+    set_find_results_for_msg_content(non_img_attachment_msg, "a", [$("<a>")]);
     assert(has_link(non_img_attachment_msg));
-    $(link_msg.content).set_find_results("a", [$("<a>")]);
+    set_find_results_for_msg_content(link_msg, "a", [$("<a>")]);
     assert(has_link(link_msg));
-    $(no_has_filter_matching_msg.content).set_find_results("a", false);
+    set_find_results_for_msg_content(no_has_filter_matching_msg, "a", false);
     assert(!has_link(no_has_filter_matching_msg));
 
     const has_attachment = get_predicate([["has", "attachment"]]);
-    $(img_msg.content).set_find_results("a[href^='/user_uploads']", [$("<a>")]);
+    set_find_results_for_msg_content(img_msg, "a[href^='/user_uploads']", [$("<a>")]);
     assert(has_attachment(img_msg));
-    $(non_img_attachment_msg.content).set_find_results("a[href^='/user_uploads']", [$("<a>")]);
+    set_find_results_for_msg_content(non_img_attachment_msg, "a[href^='/user_uploads']", [
+        $("<a>"),
+    ]);
     assert(has_attachment(non_img_attachment_msg));
-    $(link_msg.content).set_find_results("a[href^='/user_uploads']", false);
+    set_find_results_for_msg_content(link_msg, "a[href^='/user_uploads']", false);
     assert(!has_attachment(link_msg));
-    $(no_has_filter_matching_msg.content).set_find_results("a[href^='/user_uploads']", false);
+    set_find_results_for_msg_content(no_has_filter_matching_msg, "a[href^='/user_uploads']", false);
     assert(!has_attachment(no_has_filter_matching_msg));
 
     const has_image = get_predicate([["has", "image"]]);
-    $(img_msg.content).set_find_results(".message_inline_image", [$("<img>")]);
+    set_find_results_for_msg_content(img_msg, ".message_inline_image", [$("<img>")]);
     assert(has_image(img_msg));
-    $(non_img_attachment_msg.content).set_find_results(".message_inline_image", false);
+    set_find_results_for_msg_content(non_img_attachment_msg, ".message_inline_image", false);
     assert(!has_image(non_img_attachment_msg));
-    $(link_msg.content).set_find_results(".message_inline_image", false);
+    set_find_results_for_msg_content(link_msg, ".message_inline_image", false);
     assert(!has_image(link_msg));
-    $(no_has_filter_matching_msg.content).set_find_results(".message_inline_image", false);
+    set_find_results_for_msg_content(no_has_filter_matching_msg, ".message_inline_image", false);
     assert(!has_image(no_has_filter_matching_msg));
 });
 

frontend_tests/node_tests/muting.js

@@ -67,14 +67,14 @@ run_test("get_and_set_muted_topics", () => {
     assert.deepEqual(muting.get_muted_topics().sort(), [
         {
             date_muted: 1577836800000,
-            date_muted_str: "Jan 01",
+            date_muted_str: "Jan\u00A001,\u00A02020",
             stream: devel.name,
             stream_id: devel.stream_id,
             topic: "java",
         },
         {
             date_muted: 1577836800000,
-            date_muted_str: "Jan 01",
+            date_muted_str: "Jan\u00A001,\u00A02020",
             stream: office.name,
             stream_id: office.stream_id,
             topic: "gossip",
@@ -93,14 +93,14 @@ run_test("get_and_set_muted_topics", () => {
     assert.deepEqual(muting.get_muted_topics().sort(), [
         {
             date_muted: 1577836800000,
-            date_muted_str: "Jan 01",
+            date_muted_str: "Jan\u00A001,\u00A02020",
             stream: social.name,
             stream_id: social.stream_id,
             topic: "breakfast",
         },
         {
             date_muted: 1577836800000,
-            date_muted_str: "Jan 01",
+            date_muted_str: "Jan\u00A001,\u00A02020",
             stream: design.name,
             stream_id: design.stream_id,
             topic: "typography",

frontend_tests/node_tests/reactions.js

@@ -171,6 +171,24 @@ run_test("basics", () => {
     assert.deepEqual(result, expected_result);
 });
 
+run_test("unknown realm emojis (add)", () => {
+    blueslip.expect("error", "Cannot find/add realm emoji for code 'broken'.");
+    reactions.add_clean_reaction({
+        reaction_type: "realm_emoji",
+        emoji_code: "broken",
+        user_ids: [alice.user_id],
+    });
+});
+
+run_test("unknown realm emojis (insert)", () => {
+    blueslip.expect("error", "Cannot find/insert realm emoji for code 'bogus'.");
+    reactions.view.insert_new_reaction({
+        reaction_type: "realm_emoji",
+        emoji_code: "bogus",
+        user_id: bob.user_id,
+    });
+});
+
 run_test("sending", () => {
     const message_id = 1001; // see above for setup
     let emoji_name = "smile"; // should be a current reaction

frontend_tests/node_tests/settings_muting.js

@@ -23,7 +23,7 @@ run_test("settings", () => {
         assert.deepEqual(opts, [
             {
                 date_muted: 1577836800000,
-                date_muted_str: "Jan 01",
+                date_muted_str: "Jan\u00A001,\u00A02020",
                 stream: frontend.name,
                 stream_id: frontend.stream_id,
                 topic: "js",

puppet/zulip/files/nagios_plugins/zulip_app_frontend/check_email_deliverer_backlog

@@ -15,12 +15,10 @@ fi
 cd /home/zulip/deployments/current
 BACKLOG="$(./manage.py print_email_delivery_backlog)"
 
-if [ "$BACKLOG" -gt 0 ] && [ "$BACKLOG" -lt 10 ]
+if [ "$BACKLOG" -gt 0 ] && [ "$BACKLOG" -lt 10 ]; then
-then
     echo "backlog of $BACKLOG"
     exit 1
-elif [ "$BACKLOG" -ge 10 ]
+elif [ "$BACKLOG" -ge 10 ]; then
-then
     echo "backlog of $BACKLOG"
     exit 2
 else

puppet/zulip/files/nagios_plugins/zulip_app_frontend/check_email_deliverer_process

@@ -8,13 +8,12 @@
 SUPERVISOR_STATUS=$(supervisorctl status zulip-workers:zulip_deliver_enqueued_emails 2>&1)
 STATUS=$(echo "$SUPERVISOR_STATUS" | awk '{ print $2 }')
 
-
 case "$STATUS" in
     RUNNING)
         echo "Running"
         exit 0
         ;;
-    STOPPED|STARTING|BACKOFF|STOPPING|EXITED|FATAL|UNKNOWN)
+    STOPPED | STARTING | BACKOFF | STOPPING | EXITED | FATAL | UNKNOWN)
         # not "RUNNING", but a recognized supervisor status
         echo "$STATUS"
         exit 1

puppet/zulip/files/nagios_plugins/zulip_app_frontend/check_worker_memory

@@ -9,16 +9,16 @@ if [ -z "$processes" ]; then
     echo "No workers running"
     exit 0
 fi
-mapfile -t processes <<< "$processes"
+mapfile -t processes <<<"$processes"
-ps -o vsize,size,pid,user,command --sort -vsize "${processes[@]}" > "$datafile"
+ps -o vsize,size,pid,user,command --sort -vsize "${processes[@]}" >"$datafile"
 cat "$datafile"
 top_worker=$(head -n2 "$datafile" | tail -n1)
 top_worker_memory_usage=$(echo "$top_worker" | cut -f1 -d" ")
 rm -f "$datafile"
 if [ "$top_worker_memory_usage" -gt 800000 ]; then
-   exit 2
+    exit 2
 elif [ "$top_worker_memory_usage" -gt 600000 ]; then
-   exit 1
+    exit 1
 else
-   exit 0
+    exit 0
 fi

puppet/zulip/files/postfix/access

@@ -0,0 +1,9 @@
+# This is the list of email addresses that are accepted via SMTP;
+# these consist of only the addresses in `virtual`, as well as the
+# RFC822-specified postmaster.
+
+/\+.*@/         OK
+/\..*@/         OK
+/^mm/           OK
+
+/^postmaster@/  OK

puppet/zulip/files/postfix/virtual

@@ -1,3 +0,0 @@
-/\+.*@/ zulip@localhost
-/\..*@/ zulip@localhost
-/^mm/ zulip@localhost

puppet/zulip/manifests/app_frontend.pp

@@ -5,7 +5,11 @@ class zulip::app_frontend {
   include zulip::app_frontend_once
 
   $nginx_http_only = zulipconf('application_server', 'http_only', undef)
-  $nginx_listen_port = zulipconf('application_server', 'nginx_listen_port', 443)
+  if $nginx_http_only != '' {
+    $nginx_listen_port = zulipconf('application_server', 'nginx_listen_port', 80)
+  } else {
+    $nginx_listen_port = zulipconf('application_server', 'nginx_listen_port', 443)
+  }
   $no_serve_uploads = zulipconf('application_server', 'no_serve_uploads', undef)
   $ssl_dir = $::osfamily ? {
     'debian' => '/etc/ssl',

puppet/zulip/manifests/app_frontend_base.pp

@@ -151,15 +151,4 @@ class zulip::app_frontend_base {
     mode    => '0755',
     source  => 'puppet:///modules/zulip/nagios_plugins/zulip_app_frontend',
   }
-
-  if $::osfamily == 'debian' {
-    # The pylibmc wheel looks for SASL plugins in the wrong place.
-    file { '/usr/lib64':
-      ensure => directory,
-    }
-    file { '/usr/lib64/sasl2':
-      ensure => link,
-      target => "/usr/lib/${::rubyplatform}/sasl2",
-    }
-  }
 }

puppet/zulip/manifests/postfix_localmail.pp

@@ -45,7 +45,7 @@ class zulip::postfix_localmail {
     mode    => '0644',
     owner   => root,
     group   => root,
-    source  => 'puppet:///modules/zulip/postfix/virtual',
+    content => template('zulip/postfix/virtual.erb'),
     require => Package[postfix],
     notify  => Service['postfix'],
   }
@@ -67,4 +67,12 @@ class zulip::postfix_localmail {
     ],
   }
 
+  file {'/etc/postfix/access':
+    ensure  => file,
+    mode    => '0644',
+    owner   => root,
+    group   => root,
+    source  => 'puppet:///modules/zulip/postfix/access',
+    require => Package[postfix],
+  }
 }

puppet/zulip/templates/nginx/zulip-enterprise.template.erb

@@ -16,8 +16,8 @@ include /etc/nginx/zulip-include/upstreams;
 
 server {
 <% if @nginx_http_only != '' -%>
-    listen 80;
+    listen <%= @nginx_listen_port %>;
-    listen [::]:80;
+    listen [::]:<%= @nginx_listen_port %>;
 <% else -%>
     listen <%= @nginx_listen_port %> http2;
     listen [::]:<%= @nginx_listen_port %> http2;

puppet/zulip/templates/postfix/main.cf.erb

@@ -16,6 +16,7 @@ smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 
 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
+smtpd_recipient_restrictions = permit_mynetworks, check_recipient_access regexp:/etc/postfix/access, reject
 myhostname = <%= @fqdn %>
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases

puppet/zulip/templates/postfix/virtual.erb

@@ -0,0 +1,7 @@
+if /@<%= Regexp.escape(@postfix_mailname) %>\.?$/
+# Changes to this list require a corresponding change to `access` as
+# well.
+/\+.*@/  zulip@localhost
+/\..*@/  zulip@localhost
+/^mm/    zulip@localhost
+endif

puppet/zulip_ops/files/munin-plugins/rabbitmq_connections

@@ -20,8 +20,8 @@
 # always be included.
 
 if [ "$1" = "autoconf" ]; then
-	echo yes
+    echo yes
-	exit 0
+    exit 0
 fi
 
 HOME=/tmp/
@@ -30,33 +30,33 @@ HOME=/tmp/
 # graphs should look.
 
 if [ "$1" = "config" ]; then
-        CONN_WARN=${queue_warn:-500}
+    CONN_WARN=${queue_warn:-500}
-        CONN_CRIT=${queue_crit:-1000}
+    CONN_CRIT=${queue_crit:-1000}
 
-	# The host name this plugin is for. (Can be overridden to have
+    # The host name this plugin is for. (Can be overridden to have
-	# one machine answer for several)
+    # one machine answer for several)
 
-	# The title of the graph
+    # The title of the graph
-	echo 'graph_title RabbitMQ connections'
+    echo 'graph_title RabbitMQ connections'
-	# Arguments to "rrdtool graph". In this case, tell it that the
+    # Arguments to "rrdtool graph". In this case, tell it that the
-	# lower limit of the graph is '0', and that 1k=1000 (not 1024)
+    # lower limit of the graph is '0', and that 1k=1000 (not 1024)
-	echo 'graph_args --base 1000 -l 0'
+    echo 'graph_args --base 1000 -l 0'
-	# The Y-axis label
+    # The Y-axis label
-	echo 'graph_vlabel connections'
+    echo 'graph_vlabel connections'
-	# We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
+    # We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
-	# 420 milliload)
+    # 420 milliload)
-	#echo 'graph_scale no'
+    #echo 'graph_scale no'
-	echo 'graph_category RabbitMQ'
+    echo 'graph_category RabbitMQ'
 
-	echo "connections.label Connections"
+    echo "connections.label Connections"
-	echo "connections.warning $CONN_WARN"
+    echo "connections.warning $CONN_WARN"
-	echo "connections.critical $CONN_CRIT"
+    echo "connections.critical $CONN_CRIT"
-	echo "connections.info Number of active connections"
+    echo "connections.info Number of active connections"
 
-	echo 'graph_info Shows the number of connections to RabbitMQ'
+    echo 'graph_info Shows the number of connections to RabbitMQ'
-	# Last, if run with the "config"-parameter, quit here (don't
+    # Last, if run with the "config"-parameter, quit here (don't
-	# display any data)
+    # display any data)
-	exit 0
+    exit 0
 fi
 
 # If not run with any parameters at all (or only unknown ones), do the

puppet/zulip_ops/files/munin-plugins/rabbitmq_consumers

@@ -20,54 +20,54 @@
 # always be included.
 
 if [ "$1" = "autoconf" ]; then
-	echo yes
+    echo yes
-	exit 0
+    exit 0
 fi
 
 # If run with the "config"-parameter, give out information on how the
 # graphs should look.
 
 HOME=/tmp/
-QUEUES=$(HOME=$HOME rabbitmqctl list_queues name | \
+QUEUES=$(HOME=$HOME rabbitmqctl list_queues name \
-		grep -v '^Listing' | \
+    | grep -v '^Listing' \
-		grep -v 'done\.$' | sed -e 's/[.=-]/_/g' )
+    | grep -v 'done\.$' | sed -e 's/[.=-]/_/g')
 
 if [ "$1" = "config" ]; then
-        QUEUE_WARN=${queue_warn:-100}
+    QUEUE_WARN=${queue_warn:-100}
-        QUEUE_CRIT=${queue_crit:-500}
+    QUEUE_CRIT=${queue_crit:-500}
 
-	# The host name this plugin is for. (Can be overridden to have
+    # The host name this plugin is for. (Can be overridden to have
-	# one machine answer for several)
+    # one machine answer for several)
 
-	# The title of the graph
+    # The title of the graph
-	echo "graph_title RabbitMQ consumers"
+    echo "graph_title RabbitMQ consumers"
-	# Arguments to "rrdtool graph". In this case, tell it that the
+    # Arguments to "rrdtool graph". In this case, tell it that the
-	# lower limit of the graph is '0', and that 1k=1000 (not 1024)
+    # lower limit of the graph is '0', and that 1k=1000 (not 1024)
-	echo 'graph_args --base 1000 -l 0'
+    echo 'graph_args --base 1000 -l 0'
-	# The Y-axis label
+    # The Y-axis label
-	echo 'graph_vlabel consumers'
+    echo 'graph_vlabel consumers'
-	# We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
+    # We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
-	# 420 milliload)
+    # 420 milliload)
-	#echo 'graph_scale no'
+    #echo 'graph_scale no'
-	echo 'graph_category RabbitMQ'
+    echo 'graph_category RabbitMQ'
 
-	for queue in $QUEUES; do
+    for queue in $QUEUES; do
-		echo "$queue.label $queue"
+        echo "$queue.label $queue"
-		echo "$queue.warning $QUEUE_WARN"
+        echo "$queue.warning $QUEUE_WARN"
-		echo "$queue.critical $QUEUE_CRIT"
+        echo "$queue.critical $QUEUE_CRIT"
-		echo "$queue.info Active consumers for $queue"
+        echo "$queue.info Active consumers for $queue"
-	done
+    done
 
-	echo 'graph_info Lists active consumers for a queue.'
+    echo 'graph_info Lists active consumers for a queue.'
-	# Last, if run with the "config"-parameter, quit here (don't
+    # Last, if run with the "config"-parameter, quit here (don't
-	# display any data)
+    # display any data)
-	exit 0
+    exit 0
 fi
 
 # If not run with any parameters at all (or only unknown ones), do the
 # real work - i.e. display the data. Almost always this will be
 # "value" subfield for every data field.
 
-HOME=$HOME rabbitmqctl list_queues name consumers| \
+HOME=$HOME rabbitmqctl list_queues name consumers \
-	grep -v "^Listing" | grep -v "done.$" | \
+    | grep -v "^Listing" | grep -v "done.$" \
-    perl -nle'($q, $s) = split; $q =~ s/[.=-]/_/g; print("$q.value $s")'
+    | perl -nle'($q, $s) = split; $q =~ s/[.=-]/_/g; print("$q.value $s")'

puppet/zulip_ops/files/munin-plugins/rabbitmq_messages

@@ -20,54 +20,54 @@
 # always be included.
 
 if [ "$1" = "autoconf" ]; then
-	echo yes
+    echo yes
-	exit 0
+    exit 0
 fi
 
 # If run with the "config"-parameter, give out information on how the
 # graphs should look.
 
 HOME=/tmp/
-QUEUES=$(HOME=$HOME rabbitmqctl list_queues name | \
+QUEUES=$(HOME=$HOME rabbitmqctl list_queues name \
-		grep -v '^Listing' | \
+    | grep -v '^Listing' \
-		grep -v 'done\.$' | sed -e 's/[.=-]/_/g' )
+    | grep -v 'done\.$' | sed -e 's/[.=-]/_/g')
 
 if [ "$1" = "config" ]; then
-        QUEUE_WARN=${queue_warn:-10000}
+    QUEUE_WARN=${queue_warn:-10000}
-        QUEUE_CRIT=${queue_crit:-20000}
+    QUEUE_CRIT=${queue_crit:-20000}
 
-	# The host name this plugin is for. (Can be overridden to have
+    # The host name this plugin is for. (Can be overridden to have
-	# one machine answer for several)
+    # one machine answer for several)
 
-	# The title of the graph
+    # The title of the graph
-	echo "graph_title RabbitMQ list_queues"
+    echo "graph_title RabbitMQ list_queues"
-	# Arguments to "rrdtool graph". In this case, tell it that the
+    # Arguments to "rrdtool graph". In this case, tell it that the
-	# lower limit of the graph is '0', and that 1k=1000 (not 1024)
+    # lower limit of the graph is '0', and that 1k=1000 (not 1024)
-	echo 'graph_args --base 1000 -l 0'
+    echo 'graph_args --base 1000 -l 0'
-	# The Y-axis label
+    # The Y-axis label
-	echo 'graph_vlabel queue_size'
+    echo 'graph_vlabel queue_size'
-	# We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
+    # We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
-	# 420 milliload)
+    # 420 milliload)
-	#echo 'graph_scale no'
+    #echo 'graph_scale no'
-	echo 'graph_category RabbitMQ'
+    echo 'graph_category RabbitMQ'
 
-	for queue in $QUEUES; do
+    for queue in $QUEUES; do
-		echo "$queue.label $queue"
+        echo "$queue.label $queue"
-		echo "$queue.warning $QUEUE_WARN"
+        echo "$queue.warning $QUEUE_WARN"
-		echo "$queue.critical $QUEUE_CRIT"
+        echo "$queue.critical $QUEUE_CRIT"
-		echo "$queue.info Queue size for $queue"
+        echo "$queue.info Queue size for $queue"
-	done
+    done
 
-	echo 'graph_info Lists how many messages are in each queue.'
+    echo 'graph_info Lists how many messages are in each queue.'
-	# Last, if run with the "config"-parameter, quit here (don't
+    # Last, if run with the "config"-parameter, quit here (don't
-	# display any data)
+    # display any data)
-	exit 0
+    exit 0
 fi
 
 # If not run with any parameters at all (or only unknown ones), do the
 # real work - i.e. display the data. Almost always this will be
 # "value" subfield for every data field.
 
-HOME=$HOME rabbitmqctl list_queues | \
+HOME=$HOME rabbitmqctl list_queues \
-	grep -v "^Listing" | grep -v "done.$" | \
+    | grep -v "^Listing" | grep -v "done.$" \
-	perl -nle'($q, $s) = split; $q =~ s/[.=-]/_/g; print("$q.value $s")'
+    | perl -nle'($q, $s) = split; $q =~ s/[.=-]/_/g; print("$q.value $s")'

puppet/zulip_ops/files/munin-plugins/rabbitmq_messages_unacknowledged

@@ -20,54 +20,54 @@
 # always be included.
 
 if [ "$1" = "autoconf" ]; then
-	echo yes
+    echo yes
-	exit 0
+    exit 0
 fi
 
 # If run with the "config"-parameter, give out information on how the
 # graphs should look.
 
 HOME=/tmp/
-QUEUES=$(HOME=$HOME rabbitmqctl list_queues name | \
+QUEUES=$(HOME=$HOME rabbitmqctl list_queues name \
-		grep -v '^Listing' | \
+    | grep -v '^Listing' \
-		grep -v 'done\.$' | sed -e 's/[.=-]/_/g' )
+    | grep -v 'done\.$' | sed -e 's/[.=-]/_/g')
 
 if [ "$1" = "config" ]; then
-        QUEUE_WARN=${queue_warn:-10000}
+    QUEUE_WARN=${queue_warn:-10000}
-        QUEUE_CRIT=${queue_crit:-20000}
+    QUEUE_CRIT=${queue_crit:-20000}
 
-	# The host name this plugin is for. (Can be overridden to have
+    # The host name this plugin is for. (Can be overridden to have
-	# one machine answer for several)
+    # one machine answer for several)
 
-	# The title of the graph
+    # The title of the graph
-	echo "graph_title RabbitMQ Unacknowledged Messages"
+    echo "graph_title RabbitMQ Unacknowledged Messages"
-	# Arguments to "rrdtool graph". In this case, tell it that the
+    # Arguments to "rrdtool graph". In this case, tell it that the
-	# lower limit of the graph is '0', and that 1k=1000 (not 1024)
+    # lower limit of the graph is '0', and that 1k=1000 (not 1024)
-	echo 'graph_args --base 1000 -l 0'
+    echo 'graph_args --base 1000 -l 0'
-	# The Y-axis label
+    # The Y-axis label
-	echo 'graph_vlabel unacknowledged'
+    echo 'graph_vlabel unacknowledged'
-	# We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
+    # We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
-	# 420 milliload)
+    # 420 milliload)
-	#echo 'graph_scale no'
+    #echo 'graph_scale no'
-	echo 'graph_category RabbitMQ'
+    echo 'graph_category RabbitMQ'
 
-	for queue in $QUEUES; do
+    for queue in $QUEUES; do
-		echo "$queue.label $queue"
+        echo "$queue.label $queue"
-		echo "$queue.warning $QUEUE_WARN"
+        echo "$queue.warning $QUEUE_WARN"
-		echo "$queue.critical $QUEUE_CRIT"
+        echo "$queue.critical $QUEUE_CRIT"
-		echo "$queue.info Unacknowledged messages for $queue"
+        echo "$queue.info Unacknowledged messages for $queue"
-	done
+    done
 
-	echo 'graph_info Lists how many messages are in each queue.'
+    echo 'graph_info Lists how many messages are in each queue.'
-	# Last, if run with the "config"-parameter, quit here (don't
+    # Last, if run with the "config"-parameter, quit here (don't
-	# display any data)
+    # display any data)
-	exit 0
+    exit 0
 fi
 
 # If not run with any parameters at all (or only unknown ones), do the
 # real work - i.e. display the data. Almost always this will be
 # "value" subfield for every data field.
 
-HOME=$HOME rabbitmqctl list_queues name messages_unacknowledged | \
+HOME=$HOME rabbitmqctl list_queues name messages_unacknowledged \
-	grep -v "^Listing" | grep -v "done.$" | \
+    | grep -v "^Listing" | grep -v "done.$" \
-    perl -nle'($q, $s) = split; $q =~ s/[.=-]/_/g; print("$q.value $s")'
+    | perl -nle'($q, $s) = split; $q =~ s/[.=-]/_/g; print("$q.value $s")'

puppet/zulip_ops/files/munin-plugins/rabbitmq_messages_uncommitted

@@ -20,54 +20,54 @@
 # always be included.
 
 if [ "$1" = "autoconf" ]; then
-	echo yes
+    echo yes
-	exit 0
+    exit 0
 fi
 
 # If run with the "config"-parameter, give out information on how the
 # graphs should look.
 
 HOME=/tmp/
-QUEUES=$(HOME=$HOME rabbitmqctl list_queues name | \
+QUEUES=$(HOME=$HOME rabbitmqctl list_queues name \
-		grep -v '^Listing' | \
+    | grep -v '^Listing' \
-		grep -v 'done\.$' | sed -e 's/[.=-]/_/g' )
+    | grep -v 'done\.$' | sed -e 's/[.=-]/_/g')
 
 if [ "$1" = "config" ]; then
-        QUEUE_WARN=${queue_warn:-10000}
+    QUEUE_WARN=${queue_warn:-10000}
-        QUEUE_CRIT=${queue_crit:-20000}
+    QUEUE_CRIT=${queue_crit:-20000}
 
-	# The host name this plugin is for. (Can be overridden to have
+    # The host name this plugin is for. (Can be overridden to have
-	# one machine answer for several)
+    # one machine answer for several)
 
-	# The title of the graph
+    # The title of the graph
-	echo "graph_title RabbitMQ Uncommitted Messages"
+    echo "graph_title RabbitMQ Uncommitted Messages"
-	# Arguments to "rrdtool graph". In this case, tell it that the
+    # Arguments to "rrdtool graph". In this case, tell it that the
-	# lower limit of the graph is '0', and that 1k=1000 (not 1024)
+    # lower limit of the graph is '0', and that 1k=1000 (not 1024)
-	echo 'graph_args --base 1000 -l 0'
+    echo 'graph_args --base 1000 -l 0'
-	# The Y-axis label
+    # The Y-axis label
-	echo 'graph_vlabel uncommitted'
+    echo 'graph_vlabel uncommitted'
-	# We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
+    # We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
-	# 420 milliload)
+    # 420 milliload)
-	#echo 'graph_scale no'
+    #echo 'graph_scale no'
-	echo 'graph_category RabbitMQ'
+    echo 'graph_category RabbitMQ'
 
-	for queue in $QUEUES; do
+    for queue in $QUEUES; do
-		echo "$queue.label $queue"
+        echo "$queue.label $queue"
-		echo "$queue.warning $QUEUE_WARN"
+        echo "$queue.warning $QUEUE_WARN"
-		echo "$queue.critical $QUEUE_CRIT"
+        echo "$queue.critical $QUEUE_CRIT"
-		echo "$queue.info Uncommitted messages for $queue"
+        echo "$queue.info Uncommitted messages for $queue"
-	done
+    done
 
-	echo 'graph_info Lists how many messages are in each queue.'
+    echo 'graph_info Lists how many messages are in each queue.'
-	# Last, if run with the "config"-parameter, quit here (don't
+    # Last, if run with the "config"-parameter, quit here (don't
-	# display any data)
+    # display any data)
-	exit 0
+    exit 0
 fi
 
 # If not run with any parameters at all (or only unknown ones), do the
 # real work - i.e. display the data. Almost always this will be
 # "value" subfield for every data field.
 
-HOME=$HOME rabbitmqctl list_channels name messages_uncommitted | \
+HOME=$HOME rabbitmqctl list_channels name messages_uncommitted \
-	grep -v "^Listing" | grep -v "done.$" | \
+    | grep -v "^Listing" | grep -v "done.$" \
-    perl -nle'($q, $s) = /^(.*)\s+(\d+)$/; $q =~ s/[.=-]/_/g; print("$q.value $s")'
+    | perl -nle'($q, $s) = /^(.*)\s+(\d+)$/; $q =~ s/[.=-]/_/g; print("$q.value $s")'

puppet/zulip_ops/files/munin-plugins/rabbitmq_queue_memory

@@ -20,54 +20,54 @@
 # always be included.
 
 if [ "$1" = "autoconf" ]; then
-	echo yes
+    echo yes
-	exit 0
+    exit 0
 fi
 
 # If run with the "config"-parameter, give out information on how the
 # graphs should look.
 
 HOME=/tmp/
-QUEUES=$(rabbitmqctl list_queues name | \
+QUEUES=$(rabbitmqctl list_queues name \
-		grep -v '^Listing' | \
+    | grep -v '^Listing' \
-		grep -v 'done\.$' | sed -e 's/[.=-]/_/g' )
+    | grep -v 'done\.$' | sed -e 's/[.=-]/_/g')
 
 if [ "$1" = "config" ]; then
-        QUEUE_WARN=${queue_warn:-10000}
+    QUEUE_WARN=${queue_warn:-10000}
-        QUEUE_CRIT=${queue_crit:-20000}
+    QUEUE_CRIT=${queue_crit:-20000}
 
-	# The host name this plugin is for. (Can be overridden to have
+    # The host name this plugin is for. (Can be overridden to have
-	# one machine answer for several)
+    # one machine answer for several)
 
-	# The title of the graph
+    # The title of the graph
-	echo "graph_title RabbitMQ Memory used by queue"
+    echo "graph_title RabbitMQ Memory used by queue"
-	# Arguments to "rrdtool graph". In this case, tell it that the
+    # Arguments to "rrdtool graph". In this case, tell it that the
-	# lower limit of the graph is '0', and that 1k=1000 (not 1024)
+    # lower limit of the graph is '0', and that 1k=1000 (not 1024)
-	echo 'graph_args --base 1024 --vertical-label Bytes -l 0'
+    echo 'graph_args --base 1024 --vertical-label Bytes -l 0'
-	# The Y-axis label
+    # The Y-axis label
-	echo 'graph_vlabel memory'
+    echo 'graph_vlabel memory'
-	# We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
+    # We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
-	# 420 milliload)
+    # 420 milliload)
-	#echo 'graph_scale no'
+    #echo 'graph_scale no'
-	echo 'graph_category RabbitMQ'
+    echo 'graph_category RabbitMQ'
 
-	for queue in $QUEUES; do
+    for queue in $QUEUES; do
-		echo "$queue.label $queue"
+        echo "$queue.label $queue"
-		echo "$queue.warning $QUEUE_WARN"
+        echo "$queue.warning $QUEUE_WARN"
-		echo "$queue.critical $QUEUE_CRIT"
+        echo "$queue.critical $QUEUE_CRIT"
-		echo "$queue.info Memory used by $queue"
+        echo "$queue.info Memory used by $queue"
-	done
+    done
 
-	echo 'graph_info Show memory usage by queue'
+    echo 'graph_info Show memory usage by queue'
-	# Last, if run with the "config"-parameter, quit here (don't
+    # Last, if run with the "config"-parameter, quit here (don't
-	# display any data)
+    # display any data)
-	exit 0
+    exit 0
 fi
 
 # If not run with any parameters at all (or only unknown ones), do the
 # real work - i.e. display the data. Almost always this will be
 # "value" subfield for every data field.
 
-HOME=$HOME rabbitmqctl list_queues name memory | \
+HOME=$HOME rabbitmqctl list_queues name memory \
-	grep -v "^Listing" | grep -v "done.$" | \
+    | grep -v "^Listing" | grep -v "done.$" \
-    perl -nle'($q, $s) = split; $q =~ s/[.=-]/_/g; print("$q.value $s")'
+    | perl -nle'($q, $s) = split; $q =~ s/[.=-]/_/g; print("$q.value $s")'

puppet/zulip_ops/files/munin-plugins/tornado_event_queues

@@ -18,8 +18,8 @@
 # always be included.
 
 if [ "$1" = "autoconf" ]; then
-	echo yes
+    echo yes
-	exit 0
+    exit 0
 fi
 
 HOME=/tmp/
@@ -28,30 +28,30 @@ HOME=/tmp/
 # graphs should look.
 
 if [ "$1" = "config" ]; then
-	# The host name this plugin is for. (Can be overridden to have
+    # The host name this plugin is for. (Can be overridden to have
-	# one machine answer for several)
+    # one machine answer for several)
 
-	# The title of the graph
+    # The title of the graph
-	echo 'graph_title Event queues'
+    echo 'graph_title Event queues'
-	# Arguments to "rrdtool graph". In this case, tell it that the
+    # Arguments to "rrdtool graph". In this case, tell it that the
-	# lower limit of the graph is '0', and that 1k=1000 (not 1024)
+    # lower limit of the graph is '0', and that 1k=1000 (not 1024)
-	echo 'graph_args --base 1000 -l 0'
+    echo 'graph_args --base 1000 -l 0'
-	# The Y-axis label
+    # The Y-axis label
-	echo 'graph_vlabel Number'
+    echo 'graph_vlabel Number'
-	# We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
+    # We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
-	# 420 milliload)
+    # 420 milliload)
-	#echo 'graph_scale no'
+    #echo 'graph_scale no'
-	echo 'graph_category Tornado'
+    echo 'graph_category Tornado'
 
-	echo "active_queues.label Total active event queues"
+    echo "active_queues.label Total active event queues"
-	echo "active_queues.info Total number of active event queues"
+    echo "active_queues.info Total number of active event queues"
-	echo "active_users.label Users with active event queues"
+    echo "active_users.label Users with active event queues"
-	echo "active_users.info Number of users with active event queues"
+    echo "active_users.info Number of users with active event queues"
 
-	echo 'graph_info Shows the number of active event queues'
+    echo 'graph_info Shows the number of active event queues'
-	# Last, if run with the "config"-parameter, quit here (don't
+    # Last, if run with the "config"-parameter, quit here (don't
-	# display any data)
+    # display any data)
-	exit 0
+    exit 0
 fi
 
 # If not run with any parameters at all (or only unknown ones), do the

puppet/zulip_ops/files/postgresql/setup_disks.sh

@@ -5,7 +5,7 @@ set -e
 LOCALDISK=/dev/nvme0n1
 
 if ! grep -q $LOCALDISK /etc/fstab; then
-    echo "$LOCALDISK   /srv  xfs    nofail,noatime 1 1" >> /etc/fstab
+    echo "$LOCALDISK   /srv  xfs    nofail,noatime 1 1" >>/etc/fstab
 fi
 
 if ! mountpoint -q /srv; then

puppet/zulip_ops/files/zulip-ec2-configure-interfaces_if-up.d.sh

@@ -5,9 +5,9 @@ set -e
 
 # Only run from ifup.
 if [ "$MODE" != start ]; then
-	exit 0
+    exit 0
 fi
 
 if [ "$IFACE" = eth0 ]; then
-	/usr/local/sbin/zulip-ec2-configure-interfaces
+    /usr/local/sbin/zulip-ec2-configure-interfaces
 fi

requirements/common.in

@@ -3,7 +3,7 @@
 # and requirements/prod.txt.
 # See requirements/README.md for more detail.
 # Django itself
-Django==2.2.*
+Django[argon2]==2.2.*
 
 # needed for Literal, TypedDict
 typing-extensions
@@ -30,9 +30,6 @@ Pillow
 # Needed for building complex DB queries
 SQLAlchemy
 
-# Needed for password hashing
-argon2-cffi
-
 # Needed for S3 file uploads
 boto3
 
@@ -56,7 +53,6 @@ python-gcm
 
 # Needed for the email mirror
 html2text
-httplib2
 # Forked to avoid pulling in scipy: https://github.com/mailgun/talon/issues/130
 https://github.com/zulip/talon/archive/7d8bdc4dbcfcc5a73298747293b99fe53da55315.zip#egg=talon==1.2.10.zulip1
 
@@ -79,10 +75,10 @@ pika
 psycopg2 --no-binary psycopg2
 
 # Needed for memcached usage
-pylibmc
+python-binary-memcached
 
-# Needed for compression support in memcached via pylibmc
+# Needed for compression support in memcached via python-binary-memcached
-django-pylibmc
+django-bmemcached
 
 # Needed for zerver/tests/test_timestamp.py
 python-dateutil
@@ -150,9 +146,7 @@ cryptography
 lxml
 
 # Needed for 2-factor authentication
-django-two-factor-auth[phonenumberslite]
+django-two-factor-auth[call,phonenumberslite,sms]
-
-twilio
 
 # Needed for processing payments (in corporate)
 stripe
@@ -177,9 +171,6 @@ pyahocorasick
 # Used for rate limiting authentication.
 decorator
 
-# Use SameSite cookies in legacy Django (remove with Django 2.1)
-django-cookies-samesite
-
 # For server-side enforcement of password strength
 zxcvbn
 

requirements/dev.in

@@ -21,7 +21,7 @@ coverage
 fakeldap
 
 # For testing mock http requests
-responses
+responses==0.12.0  # https://github.com/spulec/moto/issues/3460
 
 # For sorting imports
 isort
@@ -54,7 +54,7 @@ python-digitalocean
 pip-tools
 
 # zulip's linting framework - zulint
-https://github.com/zulip/zulint/archive/204a02dbc730253061af08f67a26858dc73754cb.zip#egg=zulint==0.0.1
+https://github.com/zulip/zulint/archive/e8c7e42440e8b1a2e58316e16437e815cacfd495.zip#egg=zulint==0.0.1
 
 -r mypy.in
 

requirements/docs.txt

@@ -9,40 +9,41 @@
 #
 alabaster==0.7.12 \
     --hash=sha256:446438bdcca0e05bd45ea2de1668c1d9b032e1a9154c2c259092d77031ddd359 \
-    --hash=sha256:a661d72d58e6ea8a57f7a86e37d86716863ee5e92788398526d58b26a4e4dc02 \
+    --hash=sha256:a661d72d58e6ea8a57f7a86e37d86716863ee5e92788398526d58b26a4e4dc02
     # via sphinx
-babel==2.8.0 \
+babel==2.9.0 \
-    --hash=sha256:1aac2ae2d0d8ea368fa90906567f5c08463d98ade155c0c4bfedd6a0f7160e38 \
+    --hash=sha256:9d35c22fcc79893c3ecc85ac4a56cde1ecf3f19c540bba0922308a6c06ca6fa5 \
-    --hash=sha256:d670ea0b10f8b723672d3a6abeb87b565b244da220d76b4dba1b66269ec152d4 \
+    --hash=sha256:da031ab54472314f210b0adcff1588ee5d1d1d0ba4dbd07b94dba82bde791e05
     # via sphinx
-certifi==2020.6.20 \
+certifi==2020.12.5 \
-    --hash=sha256:5930595817496dd21bb8dc35dad090f1c2cd0adfaf21204bf6732ca5d8ee34d3 \
+    --hash=sha256:1a4995114262bffbc2413b159f2a1a480c969de6e6eb13ee966d470af86af59c \
-    --hash=sha256:8fc0819f1f30ba15bdb34cceffb9ef04d99f420f68eb75d901e9560b8749fc41 \
+    --hash=sha256:719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830
     # via requests
-chardet==3.0.4 \
+chardet==4.0.0 \
-    --hash=sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae \
+    --hash=sha256:0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa \
-    --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691 \
+    --hash=sha256:f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5
     # via requests
 commonmark==0.9.1 \
     --hash=sha256:452f9dc859be7f06631ddcb328b6919c67984aca654e5fefb3914d54691aed60 \
-    --hash=sha256:da2f38c92590f83de410ba1a3cbceafbc74fee9def35f9251ba9a971d6d66fd9 \
+    --hash=sha256:da2f38c92590f83de410ba1a3cbceafbc74fee9def35f9251ba9a971d6d66fd9
     # via recommonmark
-docutils==0.15.2 \
+docutils==0.16 \
-    --hash=sha256:6c4f696463b79f1fb8ba0c594b63840ebd41f059e92b31957c46b74a4599b6d0 \
+    --hash=sha256:0c5b78adfbf7762415433f5515cd5c9e762339e23369dbe8000d84a4bf4ab3af \
-    --hash=sha256:9e4d7ecfc600058e07ba661411a2b7de2fd0fafa17d1a7f7361cd47b1175c827 \
+    --hash=sha256:c2de3a60e9e7d07be26b7f2b00ca0309c207e06c100f9cc2a94931fc75a478fc
-    --hash=sha256:a2aeea129088da402665e92e0b25b04b073c04b2dce4ab65caaa38b7ce2e1a99 \
+    # via
-    # via recommonmark, sphinx
+    #   recommonmark
+    #   sphinx
 idna==2.8 \
     --hash=sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407 \
-    --hash=sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c \
+    --hash=sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c
     # via requests
 imagesize==1.2.0 \
     --hash=sha256:6965f19a6a2039c7d48bca7dba2473069ff854c36ae6f19d2cde309d998228a1 \
-    --hash=sha256:b1f6b5a4eab1f73479a50fb79fcf729514a900c341d8503d62a62dbc4127a2b1 \
+    --hash=sha256:b1f6b5a4eab1f73479a50fb79fcf729514a900c341d8503d62a62dbc4127a2b1
     # via sphinx
 jinja2==2.11.2 \
     --hash=sha256:89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0 \
-    --hash=sha256:f0a4641d3cf955324a89c04f3d94663aa4d638abe8f733ecd3582848e1c37035 \
+    --hash=sha256:f0a4641d3cf955324a89c04f3d94663aa4d638abe8f733ecd3582848e1c37035
     # via sphinx
 markupsafe==1.1.1 \
     --hash=sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473 \
@@ -77,79 +78,78 @@ markupsafe==1.1.1 \
     --hash=sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f \
     --hash=sha256:cdb132fc825c38e1aeec2c8aa9338310d29d337bebbd7baa06889d09a60a1fa2 \
     --hash=sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7 \
-    --hash=sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be \
+    --hash=sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be
     # via jinja2
-packaging==20.4 \
+packaging==20.8 \
-    --hash=sha256:4357f74f47b9c12db93624a82154e9b120fa8293699949152b22065d556079f8 \
+    --hash=sha256:24e0da08660a87484d1602c30bb4902d74816b6985b93de36926f5bc95741858 \
-    --hash=sha256:998416ba6962ae7fbd6596850b80e17859a5753ba17c32284f67bfff33784181 \
+    --hash=sha256:78598185a7008a470d64526a8059de9aaa449238f280fc9eb6b13ba6c4109093
     # via sphinx
-pygments==2.6.1 \
+pygments==2.7.4 \
-    --hash=sha256:647344a061c249a3b74e230c739f434d7ea4d8b1d5f3721bc0f3558049b38f44 \
+    --hash=sha256:bc9591213a8f0e0ca1a5e68a479b4887fdc3e75d0774e5c71c31920c427de435 \
-    --hash=sha256:ff7a40b4860b727ab48fad6360eb351cc1b33cbf9b15a0f689ca5353e9463324 \
+    --hash=sha256:df49d09b498e83c1a73128295860250b0b7edd4c723a32e9bc0d295c7c2ec337
     # via sphinx
 pyparsing==2.4.7 \
     --hash=sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1 \
-    --hash=sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b \
+    --hash=sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b
     # via packaging
-pytz==2020.1 \
+pytz==2020.5 \
-    --hash=sha256:a494d53b6d39c3c6e44c3bec237336e14305e4f29bbf800b599253057fbb79ed \
+    --hash=sha256:16962c5fb8db4a8f63a26646d8886e9d769b6c511543557bc84e9569fb9a9cb4 \
-    --hash=sha256:c35965d010ce31b23eeb663ed3cc8c906275d6be1a34393a1d73a41febf4a048 \
+    --hash=sha256:180befebb1927b16f6b57101720075a984c019ac16b1b7575673bea42c6c3da5
     # via babel
-recommonmark==0.6.0 \
+recommonmark==0.7.1 \
-    --hash=sha256:29cd4faeb6c5268c633634f2d69aef9431e0f4d347f90659fd0aab20e541efeb \
+    --hash=sha256:1b1db69af0231efce3fa21b94ff627ea33dee7079a01dd0a7f8482c3da148b3f \
-    --hash=sha256:2ec4207a574289355d5b6ae4ae4abb29043346ca12cdd5f07d374dc5987d2852 \
+    --hash=sha256:bdb4db649f2222dcd8d2d844f0006b958d627f732415d399791ee436a3686d67
     # via -r requirements/docs.in
-requests==2.24.0 \
+requests==2.25.1 \
-    --hash=sha256:b3559a131db72c33ee969480840fff4bb6dd111de7dd27c8ee1f820f4f00231b \
+    --hash=sha256:27973dd4a904a4f13b263a19c866c13b92a39ed1c964655f025f3f8d3d75b804 \
-    --hash=sha256:fe75cc94a9443b9246fc7049224f75604b113c36acb93f87b80ed42c44cbb898 \
+    --hash=sha256:c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e
     # via sphinx
-six==1.15.0 \
+snowballstemmer==2.1.0 \
-    --hash=sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259 \
+    --hash=sha256:b51b447bea85f9968c13b650126a888aabd4cb4463fca868ec596826325dedc2 \
-    --hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced \
+    --hash=sha256:e997baa4f2e9139951b6f4c631bad912dfd3c792467e2f03d7239464af90e914
-    # via packaging
-snowballstemmer==2.0.0 \
-    --hash=sha256:209f257d7533fdb3cb73bdbd24f436239ca3b2fa67d56f6ff88e86be08cc5ef0 \
-    --hash=sha256:df3bac3df4c2c01363f3dd2cfa78cce2840a79b9f1c2d2de9ce8d31683992f52 \
     # via sphinx
-sphinx-rtd-theme==0.5.0 \
+sphinx-rtd-theme==0.5.1 \
-    --hash=sha256:22c795ba2832a169ca301cd0a083f7a434e09c538c70beb42782c073651b707d \
+    --hash=sha256:eda689eda0c7301a80cf122dad28b1861e5605cbf455558f3775e1e8200e83a5 \
-    --hash=sha256:373413d0f82425aaa28fb288009bf0d0964711d347763af2f1b65cafcb028c82 \
+    --hash=sha256:fa6bebd5ab9a73da8e102509a86f3fcc36dec04a0b52ea80e5a033b2aba00113
     # via -r requirements/docs.in
-sphinx==3.1.2 \
+sphinx==3.4.3 \
-    --hash=sha256:97dbf2e31fc5684bb805104b8ad34434ed70e6c588f6896991b2fdfd2bef8c00 \
+    --hash=sha256:41cad293f954f7d37f803d97eb184158cfd90f51195131e94875bc07cd08b93c \
-    --hash=sha256:b9daeb9b39aa1ffefc2809b43604109825300300b987a24f45976c001ba1a8fd \
+    --hash=sha256:c314c857e7cd47c856d2c5adff514ac2e6495f8b8e0f886a8a37e9305dfea0d8
-    # via -r requirements/docs.in, recommonmark, sphinx-rtd-theme
+    # via
+    #   -r requirements/docs.in
+    #   recommonmark
+    #   sphinx-rtd-theme
 sphinxcontrib-applehelp==1.0.2 \
     --hash=sha256:806111e5e962be97c29ec4c1e7fe277bfd19e9652fb1a4392105b43e01af885a \
-    --hash=sha256:a072735ec80e7675e3f432fcae8610ecf509c5f1869d17e2eecff44389cdbc58 \
+    --hash=sha256:a072735ec80e7675e3f432fcae8610ecf509c5f1869d17e2eecff44389cdbc58
     # via sphinx
 sphinxcontrib-devhelp==1.0.2 \
     --hash=sha256:8165223f9a335cc1af7ffe1ed31d2871f325254c0423bc0c4c7cd1c1e4734a2e \
-    --hash=sha256:ff7f1afa7b9642e7060379360a67e9c41e8f3121f2ce9164266f61b9f4b338e4 \
+    --hash=sha256:ff7f1afa7b9642e7060379360a67e9c41e8f3121f2ce9164266f61b9f4b338e4
     # via sphinx
 sphinxcontrib-htmlhelp==1.0.3 \
     --hash=sha256:3c0bc24a2c41e340ac37c85ced6dafc879ab485c095b1d65d2461ac2f7cca86f \
-    --hash=sha256:e8f5bb7e31b2dbb25b9cc435c8ab7a79787ebf7f906155729338f3156d93659b \
+    --hash=sha256:e8f5bb7e31b2dbb25b9cc435c8ab7a79787ebf7f906155729338f3156d93659b
     # via sphinx
 sphinxcontrib-jsmath==1.0.1 \
     --hash=sha256:2ec2eaebfb78f3f2078e73666b1415417a116cc848b72e5172e596c871103178 \
-    --hash=sha256:a9925e4a4587247ed2191a22df5f6970656cb8ca2bd6284309578f2153e0c4b8 \
+    --hash=sha256:a9925e4a4587247ed2191a22df5f6970656cb8ca2bd6284309578f2153e0c4b8
     # via sphinx
 sphinxcontrib-qthelp==1.0.3 \
     --hash=sha256:4c33767ee058b70dba89a6fc5c1892c0d57a54be67ddd3e7875a18d14cba5a72 \
-    --hash=sha256:bd9fc24bcb748a8d51fd4ecaade681350aa63009a347a8c14e637895444dfab6 \
+    --hash=sha256:bd9fc24bcb748a8d51fd4ecaade681350aa63009a347a8c14e637895444dfab6
     # via sphinx
 sphinxcontrib-serializinghtml==1.1.4 \
     --hash=sha256:eaa0eccc86e982a9b939b2b82d12cc5d013385ba5eadcc7e4fed23f4405f77bc \
-    --hash=sha256:f242a81d423f59617a8e5cf16f5d4d74e28ee9a66f9e5b637a18082991db5a9a \
+    --hash=sha256:f242a81d423f59617a8e5cf16f5d4d74e28ee9a66f9e5b637a18082991db5a9a
     # via sphinx
-urllib3==1.25.9 \
+urllib3==1.26.2 \
-    --hash=sha256:3018294ebefce6572a474f0604c2021e33b3fd8006ecd11d62107a5d2a963527 \
+    --hash=sha256:19188f96923873c92ccb987120ec4acaa12f0461fa9ce5d3d0772bc965a39e08 \
-    --hash=sha256:88206b0eb87e6d677d424843ac5209e3fb9d0190d0ee169599165ec25e9d9115 \
+    --hash=sha256:d8ff90d979214d7b4f8ce956e80f4028fc6860e4431f731ea4a8c08f23f99473
     # via requests
 
 # The following packages are considered to be unsafe in a requirements file:
-setuptools==49.1.0 \
+setuptools==52.0.0 \
-    --hash=sha256:60351853f8c093ef57224695ee989d5d074168f6b93dae000fa9996072adaba3 \
+    --hash=sha256:0a6f1f18249f78cffdad842efadf1ed7b039fa3355d93f3890f56bd66a48cf27 \
-    --hash=sha256:daf2e1c215f805b0ddc3b4262886bb6667ae0d4563887a8374fb766adc47c324 \
+    --hash=sha256:fb3a1ee622509550dbf1d419f241296169d7f09cb1eb5b1736f2f10965932b96
     # via sphinx

requirements/mypy.txt

@@ -9,7 +9,7 @@
 #
 mypy-extensions==0.4.3 \
     --hash=sha256:090fedd75945a69ae91ce1303b5824f428daf5a028d2f6ab8a299250a846f15d \
-    --hash=sha256:2d82818f5bb3e369420cb3c4060a7970edba416647068eb4c5343488a6c604a8 \
+    --hash=sha256:2d82818f5bb3e369420cb3c4060a7970edba416647068eb4c5343488a6c604a8
     # via mypy
 mypy==0.782 \
     --hash=sha256:2c6cde8aa3426c1682d35190b59b71f661237d74b053822ea3d748e2c9578a7c \
@@ -25,33 +25,42 @@ mypy==0.782 \
     --hash=sha256:d7df6eddb6054d21ca4d3c6249cae5578cb4602951fd2b6ee2f5510ffb098707 \
     --hash=sha256:e0b61738ab504e656d1fe4ff0c0601387a5489ca122d55390ade31f9ca0e252d \
     --hash=sha256:eff7d4a85e9eea55afa34888dfeaccde99e7520b51f867ac28a48492c0b1130c \
-    --hash=sha256:f05644db6779387ccdb468cc47a44b4356fc2ffa9287135d05b70a98dc83b89a \
+    --hash=sha256:f05644db6779387ccdb468cc47a44b4356fc2ffa9287135d05b70a98dc83b89a
     # via -r requirements/mypy.in
-typed-ast==1.4.1 \
+typed-ast==1.4.2 \
-    --hash=sha256:0666aa36131496aed8f7be0410ff974562ab7eeac11ef351def9ea6fa28f6355 \
+    --hash=sha256:07d49388d5bf7e863f7fa2f124b1b1d89d8aa0e2f7812faff0a5658c01c59aa1 \
-    --hash=sha256:0c2c07682d61a629b68433afb159376e24e5b2fd4641d35424e462169c0a7919 \
+    --hash=sha256:14bf1522cdee369e8f5581238edac09150c765ec1cb33615855889cf33dcb92d \
-    --hash=sha256:249862707802d40f7f29f6e1aad8d84b5aa9e44552d2cc17384b209f091276aa \
+    --hash=sha256:240296b27397e4e37874abb1df2a608a92df85cf3e2a04d0d4d61055c8305ba6 \
-    --hash=sha256:24995c843eb0ad11a4527b026b4dde3da70e1f2d8806c99b7b4a7cf491612652 \
+    --hash=sha256:36d829b31ab67d6fcb30e185ec996e1f72b892255a745d3a82138c97d21ed1cd \
-    --hash=sha256:269151951236b0f9a6f04015a9004084a5ab0d5f19b57de779f908621e7d8b75 \
+    --hash=sha256:37f48d46d733d57cc70fd5f30572d11ab8ed92da6e6b28e024e4a3edfb456e37 \
-    --hash=sha256:4083861b0aa07990b619bd7ddc365eb7fa4b817e99cf5f8d9cf21a42780f6e01 \
+    --hash=sha256:4c790331247081ea7c632a76d5b2a265e6d325ecd3179d06e9cf8d46d90dd151 \
-    --hash=sha256:498b0f36cc7054c1fead3d7fc59d2150f4d5c6c56ba7fb150c013fbc683a8d2d \
+    --hash=sha256:5dcfc2e264bd8a1db8b11a892bd1647154ce03eeba94b461effe68790d8b8e07 \
-    --hash=sha256:4e3e5da80ccbebfff202a67bf900d081906c358ccc3d5e3c8aea42fdfdfd51c1 \
+    --hash=sha256:7147e2a76c75f0f64c4319886e7639e490fee87c9d25cb1d4faef1d8cf83a440 \
-    --hash=sha256:6daac9731f172c2a22ade6ed0c00197ee7cc1221aa84cfdf9c31defeb059a907 \
+    --hash=sha256:7703620125e4fb79b64aa52427ec192822e9f45d37d4b6625ab37ef403e1df70 \
-    --hash=sha256:715ff2f2df46121071622063fc7543d9b1fd19ebfc4f5c8895af64a77a8c852c \
+    --hash=sha256:8368f83e93c7156ccd40e49a783a6a6850ca25b556c0fa0240ed0f659d2fe496 \
-    --hash=sha256:73d785a950fc82dd2a25897d525d003f6378d1cb23ab305578394694202a58c3 \
+    --hash=sha256:84aa6223d71012c68d577c83f4e7db50d11d6b1399a9c779046d75e24bed74ea \
-    --hash=sha256:8c8aaad94455178e3187ab22c8b01a3837f8ee50e09cf31f1ba129eb293ec30b \
+    --hash=sha256:85f95aa97a35bdb2f2f7d10ec5bbdac0aeb9dafdaf88e17492da0504de2e6400 \
-    --hash=sha256:8ce678dbaf790dbdb3eba24056d5364fb45944f33553dd5869b7580cdbb83614 \
+    --hash=sha256:8db0e856712f79c45956da0c9a40ca4246abc3485ae0d7ecc86a20f5e4c09abc \
-    --hash=sha256:aaee9905aee35ba5905cfb3c62f3e83b3bec7b39413f0a7f19be4e547ea01ebb \
+    --hash=sha256:9044ef2df88d7f33692ae3f18d3be63dec69c4fb1b5a4a9ac950f9b4ba571606 \
-    --hash=sha256:bcd3b13b56ea479b3650b82cabd6b5343a625b0ced5429e4ccad28a8973f301b \
+    --hash=sha256:963c80b583b0661918718b095e02303d8078950b26cc00b5e5ea9ababe0de1fc \
-    --hash=sha256:c9e348e02e4d2b4a8b2eedb48210430658df6951fa484e59de33ff773fbd4b41 \
+    --hash=sha256:987f15737aba2ab5f3928c617ccf1ce412e2e321c77ab16ca5a293e7bbffd581 \
-    --hash=sha256:d205b1b46085271b4e15f670058ce182bd1199e56b317bf2ec004b6a44f911f6 \
+    --hash=sha256:9ec45db0c766f196ae629e509f059ff05fc3148f9ffd28f3cfe75d4afb485412 \
-    --hash=sha256:d43943ef777f9a1c42bf4e552ba23ac77a6351de620aa9acf64ad54933ad4d34 \
+    --hash=sha256:9fc0b3cb5d1720e7141d103cf4819aea239f7d136acf9ee4a69b047b7986175a \
-    --hash=sha256:d5d33e9e7af3b34a40dc05f498939f0ebf187f07c385fd58d591c533ad8562fe \
+    --hash=sha256:a2c927c49f2029291fbabd673d51a2180038f8cd5a5b2f290f78c4516be48be2 \
-    --hash=sha256:fc0fea399acb12edbf8a628ba8d2312f583bdbdb3335635db062fa98cf71fca4 \
+    --hash=sha256:a38878a223bdd37c9709d07cd357bb79f4c760b29210e14ad0fb395294583787 \
-    --hash=sha256:fe460b922ec15dd205595c9b5b99e2f056fd98ae8f9f56b888e7a17dc2b757e7 \
+    --hash=sha256:b4fcdcfa302538f70929eb7b392f536a237cbe2ed9cba88e3bf5027b39f5f77f \
+    --hash=sha256:c0c74e5579af4b977c8b932f40a5464764b2f86681327410aa028a22d2f54937 \
+    --hash=sha256:c1c876fd795b36126f773db9cbb393f19808edd2637e00fd6caba0e25f2c7b64 \
+    --hash=sha256:c9aadc4924d4b5799112837b226160428524a9a45f830e0d0f184b19e4090487 \
+    --hash=sha256:cc7b98bf58167b7f2db91a4327da24fb93368838eb84a44c472283778fc2446b \
+    --hash=sha256:cf54cfa843f297991b7388c281cb3855d911137223c6b6d2dd82a47ae5125a41 \
+    --hash=sha256:d003156bb6a59cda9050e983441b7fa2487f7800d76bdc065566b7d728b4581a \
+    --hash=sha256:d175297e9533d8d37437abc14e8a83cbc68af93cc9c1c59c2c292ec59a0697a3 \
+    --hash=sha256:d746a437cdbca200622385305aedd9aef68e8a645e385cc483bdc5e488f07166 \
+    --hash=sha256:e683e409e5c45d5c9082dc1daf13f6374300806240719f95dc783d1fc942af10
     # via mypy
-typing-extensions==3.7.4.2 \
+typing-extensions==3.7.4.3 \
-    --hash=sha256:6e95524d8a547a91e08f404ae485bbb71962de46967e1b71a0cb89af24e761c5 \
+    --hash=sha256:7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918 \
-    --hash=sha256:79ee589a3caca649a9bfd2a8de4709837400dfa00b6cc81962a1e6a1815969ae \
+    --hash=sha256:99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c \
-    --hash=sha256:f8d2bd89d25bc39dabe7d23df520442fa1d8969b82544370e03d88b5a591c392 \
+    --hash=sha256:dafc7639cde7f1b6e1acc0f457842a83e722ccca8eef5270af2d74792619a89f
     # via mypy

requirements/pip.in

@@ -1,3 +1,3 @@
-pip
+pip==20.2.*  # Our hack for installing specific commits from Git fails in 20.3
 setuptools
 wheel

requirements/pip.txt

@@ -7,17 +7,17 @@
 #
 # For details, see requirements/README.md .
 #
-wheel==0.34.2 \
+wheel==0.36.2 \
-    --hash=sha256:8788e9155fe14f54164c1b9eb0a319d98ef02c160725587ad60f14ddc57b6f96 \
+    --hash=sha256:78b5b185f0e5763c26ca1e324373aadd49182ca90e825f7853f4b2509215dc0e \
-    --hash=sha256:df277cb51e61359aba502208d680f90c0493adec6f0e848af94948778aed386e \
+    --hash=sha256:e11eefd162658ea59a60a0f6c7d493a7190ea4b9a85e335b33489d9f17e0245e
     # via -r requirements/pip.in
 
 # The following packages are considered to be unsafe in a requirements file:
-pip==20.1.1 \
+pip==20.2.4 \
-    --hash=sha256:27f8dc29387dd83249e06e681ce087e6061826582198a425085e0bf4c1cf3a55 \
+    --hash=sha256:51f1c7514530bd5c145d8f13ed936ad6b8bfcb8cf74e10403d0890bc986f0033 \
-    --hash=sha256:b27c4dedae8c41aa59108f2fa38bf78e0890e590545bc8ece7cdceb4ba60f6e4 \
+    --hash=sha256:85c99a857ea0fb0aedf23833d9be5c40cf253fe24443f0829c7b472e23c364a1
     # via -r requirements/pip.in
-setuptools==49.1.0 \
+setuptools==52.0.0 \
-    --hash=sha256:60351853f8c093ef57224695ee989d5d074168f6b93dae000fa9996072adaba3 \
+    --hash=sha256:0a6f1f18249f78cffdad842efadf1ed7b039fa3355d93f3890f56bd66a48cf27 \
-    --hash=sha256:daf2e1c215f805b0ddc3b4262886bb6667ae0d4563887a8374fb766adc47c324 \
+    --hash=sha256:fb3a1ee622509550dbf1d419f241296169d7f09cb1eb5b1736f2f10965932b96
     # via -r requirements/pip.in

requirements/thumbor-dev.txt

@@ -7,146 +7,205 @@
 #
 # For details, see requirements/README.md .
 #
-aiobotocore==1.0.7 \
+aiobotocore==1.2.0 \
-    --hash=sha256:9589d812714a5b78f0b8249916c17374e507dd7edfd5038a85cd6f25028506f3 \
+    --hash=sha256:852b75ba7b7f50c89aba4693545d0c5450024886c55cd6ecefb736d474f9ea53
-    --hash=sha256:d3183a22a376a97ed0a739854408fcf4ee9f24a629b38f84451b7e2111622ae3 \
     # via tc-aws
-aiohttp==3.6.2 \
+aiohttp==3.7.3 \
-    --hash=sha256:1e984191d1ec186881ffaed4581092ba04f7c61582a177b187d3a2f07ed9719e \
+    --hash=sha256:0b795072bb1bf87b8620120a6373a3c61bfcb8da7e5c2377f4bb23ff4f0b62c9 \
-    --hash=sha256:259ab809ff0727d0e834ac5e8a283dc5e3e0ecc30c4d80b3cd17a4139ce1f326 \
+    --hash=sha256:0d438c8ca703b1b714e82ed5b7a4412c82577040dadff479c08405e2a715564f \
-    --hash=sha256:2f4d1a4fdce595c947162333353d4a44952a724fba9ca3205a3df99a33d1307a \
+    --hash=sha256:16a3cb5df5c56f696234ea9e65e227d1ebe9c18aa774d36ff42f532139066a5f \
-    --hash=sha256:32e5f3b7e511aa850829fbe5aa32eb455e5534eaa4b1ce93231d00e2f76e5654 \
+    --hash=sha256:1edfd82a98c5161497bbb111b2b70c0813102ad7e0aa81cbeb34e64c93863005 \
-    --hash=sha256:344c780466b73095a72c616fac5ea9c4665add7fc129f285fbdbca3cccf4612a \
+    --hash=sha256:2406dc1dda01c7f6060ab586e4601f18affb7a6b965c50a8c90ff07569cf782a \
-    --hash=sha256:460bd4237d2dbecc3b5ed57e122992f60188afe46e7319116da5eb8a9dfedba4 \
+    --hash=sha256:2858b2504c8697beb9357be01dc47ef86438cc1cb36ecb6991796d19475faa3e \
-    --hash=sha256:4c6efd824d44ae697814a2a85604d8e992b875462c6655da161ff18fd4f29f17 \
+    --hash=sha256:2a7b7640167ab536c3cb90cfc3977c7094f1c5890d7eeede8b273c175c3910fd \
-    --hash=sha256:50aaad128e6ac62e7bf7bd1f0c0a24bc968a0c0590a726d5a955af193544bcec \
+    --hash=sha256:3228b7a51e3ed533f5472f54f70fd0b0a64c48dc1649a0f0e809bec312934d7a \
-    --hash=sha256:6206a135d072f88da3e71cc501c59d5abffa9d0bb43269a6dcd28d66bfafdbdd \
+    --hash=sha256:328b552513d4f95b0a2eea4c8573e112866107227661834652a8984766aa7656 \
-    --hash=sha256:65f31b622af739a802ca6fd1a3076fd0ae523f8485c52924a89561ba10c49b48 \
+    --hash=sha256:39f4b0a6ae22a1c567cb0630c30dd082481f95c13ca528dc501a7766b9c718c0 \
-    --hash=sha256:ae55bac364c405caa23a4f2d6cfecc6a0daada500274ffca4a9230e7129eac59 \
+    --hash=sha256:3b0036c978cbcc4a4512278e98e3e6d9e6b834dc973206162eddf98b586ef1c6 \
-    --hash=sha256:b778ce0c909a2653741cb4b1ac7015b5c130ab9c897611df43ae6a58523cb965 \
+    --hash=sha256:3ea8c252d8df5e9166bcf3d9edced2af132f4ead8ac422eac723c5781063709a \
+    --hash=sha256:41608c0acbe0899c852281978492f9ce2c6fbfaf60aff0cefc54a7c4516b822c \
+    --hash=sha256:59d11674964b74a81b149d4ceaff2b674b3b0e4d0f10f0be1533e49c4a28408b \
+    --hash=sha256:5e479df4b2d0f8f02133b7e4430098699450e1b2a826438af6bec9a400530957 \
+    --hash=sha256:684850fb1e3e55c9220aad007f8386d8e3e477c4ec9211ae54d968ecdca8c6f9 \
+    --hash=sha256:6ccc43d68b81c424e46192a778f97da94ee0630337c9bbe5b2ecc9b0c1c59001 \
+    --hash=sha256:6d42debaf55450643146fabe4b6817bb2a55b23698b0434107e892a43117285e \
+    --hash=sha256:710376bf67d8ff4500a31d0c207b8941ff4fba5de6890a701d71680474fe2a60 \
+    --hash=sha256:756ae7efddd68d4ea7d89c636b703e14a0c686688d42f588b90778a3c2fc0564 \
+    --hash=sha256:77149002d9386fae303a4a162e6bce75cc2161347ad2ba06c2f0182561875d45 \
+    --hash=sha256:78e2f18a82b88cbc37d22365cf8d2b879a492faedb3f2975adb4ed8dfe994d3a \
+    --hash=sha256:7d9b42127a6c0bdcc25c3dcf252bb3ddc70454fac593b1b6933ae091396deb13 \
+    --hash=sha256:8389d6044ee4e2037dca83e3f6994738550f6ee8cfb746762283fad9b932868f \
+    --hash=sha256:9c1a81af067e72261c9cbe33ea792893e83bc6aa987bfbd6fdc1e5e7b22777c4 \
+    --hash=sha256:c1e0920909d916d3375c7a1fdb0b1c78e46170e8bb42792312b6eb6676b2f87f \
+    --hash=sha256:c68fdf21c6f3573ae19c7ee65f9ff185649a060c9a06535e9c3a0ee0bbac9235 \
+    --hash=sha256:c733ef3bdcfe52a1a75564389bad4064352274036e7e234730526d155f04d914 \
+    --hash=sha256:c9c58b0b84055d8bc27b7df5a9d141df4ee6ff59821f922dd73155861282f6a3 \
+    --hash=sha256:d03abec50df423b026a5aa09656bd9d37f1e6a49271f123f31f9b8aed5dc3ea3 \
+    --hash=sha256:d2cfac21e31e841d60dc28c0ec7d4ec47a35c608cb8906435d47ef83ffb22150 \
+    --hash=sha256:dcc119db14757b0c7bce64042158307b9b1c76471e655751a61b57f5a0e4d78e \
+    --hash=sha256:df3a7b258cc230a65245167a202dd07320a5af05f3d41da1488ba0fa05bc9347 \
+    --hash=sha256:df48a623c58180874d7407b4d9ec06a19b84ed47f60a3884345b1a5099c1818b \
+    --hash=sha256:e1b95972a0ae3f248a899cdbac92ba2e01d731225f566569311043ce2226f5e7 \
+    --hash=sha256:f326b3c1bbfda5b9308252ee0dcb30b612ee92b0e105d4abec70335fab5b1245 \
+    --hash=sha256:f411cb22115cb15452d099fec0ee636b06cf81bfb40ed9c02d30c8dc2bc2e3d1
     # via aiobotocore
-aioitertools==0.7.0 \
+aioitertools==0.7.1 \
-    --hash=sha256:341cb05a0903177ef1b73d4cc12c92aee18e81c364e0138f4efc7ec3c47b8177 \
+    --hash=sha256:54a56c7cf3b5290d1cb5e8974353c9f52c677612b5d69a859369a020c53414a3 \
-    --hash=sha256:e931a2f0dcabd4a8446b5cc2fc71b8bb14716e6adf37728a70869213f1f741cd \
+    --hash=sha256:8972308474c41ed5e0636819f948ebff32f2318e70f7e7d23cd208c4357cc773
     # via aiobotocore
 async-timeout==3.0.1 \
     --hash=sha256:0c3c816a028d47f659d6ff5c745cb2acf1f966da1fe5c19c77a70282b25f4c5f \
-    --hash=sha256:4291ca197d287d274d0b6cb5d6f8f8f82d434ed288f962539ff18cc9012f9ea3 \
+    --hash=sha256:4291ca197d287d274d0b6cb5d6f8f8f82d434ed288f962539ff18cc9012f9ea3
     # via aiohttp
-attrs==19.3.0 \
+attrs==20.3.0 \
-    --hash=sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c \
+    --hash=sha256:31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6 \
-    --hash=sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72 \
+    --hash=sha256:832aa3cde19744e49938b91fea06d69ecb9e649c93ba974535d08ad92164f700
     # via aiohttp
-botocore==1.15.32 \
+botocore==1.19.52 \
-    --hash=sha256:3ea89601ee452b65084005278bd832be854cfde5166685dcb14b6c8f19d3fc6d \
+    --hash=sha256:d8f50e4162012ccfab64c2db4fcc99313d46d57789072251bab56013d66546e2 \
-    --hash=sha256:a963af564d94107787ff3d2c534e8b7aed7f12e014cdd609f8fcb17bf9d9b19a \
+    --hash=sha256:dc5ec23deadbe9327d3c81d03fddf80805c549059baabd80dea605941fe6a221
     # via aiobotocore
 chardet==3.0.4 \
     --hash=sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae \
-    --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691 \
+    --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691
     # via aiohttp
 colorful==0.5.4 \
     --hash=sha256:86848ad4e2eda60cd2519d8698945d22f6f6551e23e95f3f14dfbb60997807ea \
-    --hash=sha256:8d264b52a39aae4c0ba3e2a46afbaec81b0559a99be0d2cfe2aba4cf94531348 \
+    --hash=sha256:8d264b52a39aae4c0ba3e2a46afbaec81b0559a99be0d2cfe2aba4cf94531348
     # via thumbor
 derpconf==0.8.3 \
-    --hash=sha256:1bb152d8a1cf5c2a6d629bf29acd4af0c00811339642fc0a56172b0a83b31a15 \
+    --hash=sha256:1bb152d8a1cf5c2a6d629bf29acd4af0c00811339642fc0a56172b0a83b31a15
     # via thumbor
 django-auth-ldap==2.2.0 \
     --hash=sha256:0ed2d88d81c39be915a9ab53b97ec0a33a3d16055518ab4c9bcffe8236d40370 \
-    --hash=sha256:11af1773b08613339d2c3a0cec1308a4d563518f17b1719c3759994d0b4d04bf \
+    --hash=sha256:11af1773b08613339d2c3a0cec1308a4d563518f17b1719c3759994d0b4d04bf
     # via -r requirements/thumbor.in
-django==2.2.14 \
+django==2.2.17 \
-    --hash=sha256:edf0ecf6657713b0435b6757e6069466925cae70d634a3283c96b80c01e06191 \
+    --hash=sha256:558cb27930defd9a6042133258caf797b2d1dee233959f537e3dc475cb49bd7c \
-    --hash=sha256:f2250bd35d0f6c23e930c544629934144e5dd39a4c06092e1050c731c1712ba8 \
+    --hash=sha256:cf5370a4d7765a9dd6d42a7b96b53c74f9446cd38209211304b210fe0404b861
-    # via -r requirements/thumbor.in, django-auth-ldap
+    # via
-docutils==0.15.2 \
+    #   -r requirements/thumbor.in
-    --hash=sha256:6c4f696463b79f1fb8ba0c594b63840ebd41f059e92b31957c46b74a4599b6d0 \
+    #   django-auth-ldap
-    --hash=sha256:9e4d7ecfc600058e07ba661411a2b7de2fd0fafa17d1a7f7361cd47b1175c827 \
-    --hash=sha256:a2aeea129088da402665e92e0b25b04b073c04b2dce4ab65caaa38b7ce2e1a99 \
-    # via botocore
 idna-ssl==1.1.0 \
-    --hash=sha256:a933e3bb13da54383f9e8f35dc4f9cb9eb9b3b78c6b36f311254d6d0d92c6c7c \
+    --hash=sha256:a933e3bb13da54383f9e8f35dc4f9cb9eb9b3b78c6b36f311254d6d0d92c6c7c
     # via aiohttp
-idna==2.10 \
+idna==3.1 \
-    --hash=sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6 \
+    --hash=sha256:5205d03e7bcbb919cc9c19885f9920d622ca52448306f2377daede5cf3faac16 \
-    --hash=sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0 \
+    --hash=sha256:c5b02147e01ea9920e6b0a3f1f7bb833612d507592c837a6c49552768f4054e1
-    # via idna-ssl, yarl
+    # via
+    #   idna-ssl
+    #   yarl
 jmespath==0.10.0 \
     --hash=sha256:b85d0567b8666149a93172712e68920734333c0ce7e89b78b3e987f71e5ed4f9 \
-    --hash=sha256:cdf6525904cc597730141d61b36f2e4b8ecc257c420fa2f4549bac2c2d0cb72f \
+    --hash=sha256:cdf6525904cc597730141d61b36f2e4b8ecc257c420fa2f4549bac2c2d0cb72f
     # via botocore
 libthumbor==2.0.1 \
     --hash=sha256:3c4e1a59c019d22f868d225315c06f97fad30fb5e78112d6a230b978e7d24e38 \
-    --hash=sha256:ed4fe5f27f8f90e7285b7e6dce99c1b67d43a140bf370e989080b43d80ce25f0 \
+    --hash=sha256:ed4fe5f27f8f90e7285b7e6dce99c1b67d43a140bf370e989080b43d80ce25f0
     # via thumbor
-multidict==4.7.6 \
+multidict==5.1.0 \
-    --hash=sha256:1ece5a3369835c20ed57adadc663400b5525904e53bae59ec854a5d36b39b21a \
+    --hash=sha256:018132dbd8688c7a69ad89c4a3f39ea2f9f33302ebe567a879da8f4ca73f0d0a \
-    --hash=sha256:275ca32383bc5d1894b6975bb4ca6a7ff16ab76fa622967625baeebcf8079000 \
+    --hash=sha256:051012ccee979b2b06be928a6150d237aec75dd6bf2d1eeeb190baf2b05abc93 \
-    --hash=sha256:3750f2205b800aac4bb03b5ae48025a64e474d2c6cc79547988ba1d4122a09e2 \
+    --hash=sha256:05c20b68e512166fddba59a918773ba002fdd77800cad9f55b59790030bab632 \
-    --hash=sha256:4538273208e7294b2659b1602490f4ed3ab1c8cf9dbdd817e0e9db8e64be2507 \
+    --hash=sha256:07b42215124aedecc6083f1ce6b7e5ec5b50047afa701f3442054373a6deb656 \
-    --hash=sha256:5141c13374e6b25fe6bf092052ab55c0c03d21bd66c94a0e3ae371d3e4d865a5 \
+    --hash=sha256:0e3c84e6c67eba89c2dbcee08504ba8644ab4284863452450520dad8f1e89b79 \
-    --hash=sha256:51a4d210404ac61d32dada00a50ea7ba412e6ea945bbe992e4d7a595276d2ec7 \
+    --hash=sha256:0e929169f9c090dae0646a011c8b058e5e5fb391466016b39d21745b48817fd7 \
-    --hash=sha256:5cf311a0f5ef80fe73e4f4c0f0998ec08f954a6ec72b746f3c179e37de1d210d \
+    --hash=sha256:1ab820665e67373de5802acae069a6a05567ae234ddb129f31d290fc3d1aa56d \
-    --hash=sha256:6513728873f4326999429a8b00fc7ceddb2509b01d5fd3f3be7881a257b8d463 \
+    --hash=sha256:25b4e5f22d3a37ddf3effc0710ba692cfc792c2b9edfb9c05aefe823256e84d5 \
-    --hash=sha256:7388d2ef3c55a8ba80da62ecfafa06a1c097c18032a501ffd4cabbc52d7f2b19 \
+    --hash=sha256:2e68965192c4ea61fff1b81c14ff712fc7dc15d2bd120602e4a3494ea6584224 \
-    --hash=sha256:9456e90649005ad40558f4cf51dbb842e32807df75146c6d940b6f5abb4a78f3 \
+    --hash=sha256:2f1a132f1c88724674271d636e6b7351477c27722f2ed789f719f9e3545a3d26 \
-    --hash=sha256:c026fe9a05130e44157b98fea3ab12969e5b60691a276150db9eda71710cd10b \
+    --hash=sha256:37e5438e1c78931df5d3c0c78ae049092877e5e9c02dd1ff5abb9cf27a5914ea \
-    --hash=sha256:d14842362ed4cf63751648e7672f7174c9818459d169231d03c56e84daf90b7c \
+    --hash=sha256:3a041b76d13706b7fff23b9fc83117c7b8fe8d5fe9e6be45eee72b9baa75f348 \
-    --hash=sha256:e0d072ae0f2a179c375f67e3da300b47e1a83293c554450b29c900e50afaae87 \
+    --hash=sha256:3a4f32116f8f72ecf2a29dabfb27b23ab7cdc0ba807e8459e59a93a9be9506f6 \
-    --hash=sha256:f07acae137b71af3bb548bd8da720956a3bc9f9a0b87733e0899226a2317aeb7 \
+    --hash=sha256:46c73e09ad374a6d876c599f2328161bcd95e280f84d2060cf57991dec5cfe76 \
-    --hash=sha256:fbb77a75e529021e7c4a8d4e823d88ef4d23674a202be4f5addffc72cbb91430 \
+    --hash=sha256:46dd362c2f045095c920162e9307de5ffd0a1bfbba0a6e990b344366f55a30c1 \
-    --hash=sha256:fcfbb44c59af3f8ea984de67ec7c306f618a3ec771c2843804069917a8f2e255 \
+    --hash=sha256:4b186eb7d6ae7c06eb4392411189469e6a820da81447f46c0072a41c748ab73f \
-    --hash=sha256:feed85993dbdb1dbc29102f50bca65bdc68f2c0c8d352468c25b54874f23c39d \
+    --hash=sha256:54fd1e83a184e19c598d5e70ba508196fd0bbdd676ce159feb412a4a6664f952 \
-    # via aiohttp, yarl
+    --hash=sha256:585fd452dd7782130d112f7ddf3473ffdd521414674c33876187e101b588738a \
-numpy==1.19.0 \
+    --hash=sha256:5cf3443199b83ed9e955f511b5b241fd3ae004e3cb81c58ec10f4fe47c7dce37 \
-    --hash=sha256:13af0184177469192d80db9bd02619f6fa8b922f9f327e077d6f2a6acb1ce1c0 \
+    --hash=sha256:6a4d5ce640e37b0efcc8441caeea8f43a06addace2335bd11151bc02d2ee31f9 \
-    --hash=sha256:26a45798ca2a4e168d00de75d4a524abf5907949231512f372b217ede3429e98 \
+    --hash=sha256:7df80d07818b385f3129180369079bd6934cf70469f99daaebfac89dca288359 \
-    --hash=sha256:26f509450db547e4dfa3ec739419b31edad646d21fb8d0ed0734188b35ff6b27 \
+    --hash=sha256:806068d4f86cb06af37cd65821554f98240a19ce646d3cd24e1c33587f313eb8 \
-    --hash=sha256:30a59fb41bb6b8c465ab50d60a1b298d1cd7b85274e71f38af5a75d6c475d2d2 \
+    --hash=sha256:830f57206cc96ed0ccf68304141fec9481a096c4d2e2831f311bde1c404401da \
-    --hash=sha256:33c623ef9ca5e19e05991f127c1be5aeb1ab5cdf30cb1c5cf3960752e58b599b \
+    --hash=sha256:929006d3c2d923788ba153ad0de8ed2e5ed39fdbe8e7be21e2f22ed06c6783d3 \
-    --hash=sha256:356f96c9fbec59974a592452ab6a036cd6f180822a60b529a975c9467fcd5f23 \
+    --hash=sha256:9436dc58c123f07b230383083855593550c4d301d2532045a17ccf6eca505f6d \
-    --hash=sha256:3c40c827d36c6d1c3cf413694d7dc843d50997ebffbc7c87d888a203ed6403a7 \
+    --hash=sha256:9dd6e9b1a913d096ac95d0399bd737e00f2af1e1594a787e00f7975778c8b2bf \
-    --hash=sha256:4d054f013a1983551254e2379385e359884e5af105e3efe00418977d02f634a7 \
+    --hash=sha256:ace010325c787c378afd7f7c1ac66b26313b3344628652eacd149bdd23c68841 \
-    --hash=sha256:63d971bb211ad3ca37b2adecdd5365f40f3b741a455beecba70fd0dde8b2a4cb \
+    --hash=sha256:b47a43177a5e65b771b80db71e7be76c0ba23cc8aa73eeeb089ed5219cdbe27d \
-    --hash=sha256:658624a11f6e1c252b2cd170d94bf28c8f9410acab9f2fd4369e11e1cd4e1aaf \
+    --hash=sha256:b797515be8743b771aa868f83563f789bbd4b236659ba52243b735d80b29ed93 \
-    --hash=sha256:76766cc80d6128750075378d3bb7812cf146415bd29b588616f72c943c00d598 \
+    --hash=sha256:b7993704f1a4b204e71debe6095150d43b2ee6150fa4f44d6d966ec356a8d61f \
-    --hash=sha256:7b57f26e5e6ee2f14f960db46bd58ffdca25ca06dd997729b1b179fddd35f5a3 \
+    --hash=sha256:d5c65bdf4484872c4af3150aeebe101ba560dcfb34488d9a8ff8dbcd21079647 \
-    --hash=sha256:7b852817800eb02e109ae4a9cef2beda8dd50d98b76b6cfb7b5c0099d27b52d4 \
+    --hash=sha256:d81eddcb12d608cc08081fa88d046c78afb1bf8107e6feab5d43503fea74a635 \
-    --hash=sha256:8cde829f14bd38f6da7b2954be0f2837043e8b8d7a9110ec5e318ae6bf706610 \
+    --hash=sha256:dc862056f76443a0db4509116c5cd480fe1b6a2d45512a653f9a855cc0517456 \
-    --hash=sha256:a2e3a39f43f0ce95204beb8fe0831199542ccab1e0c6e486a0b4947256215632 \
+    --hash=sha256:ecc771ab628ea281517e24fd2c52e8f31c41e66652d07599ad8818abaad38cda \
-    --hash=sha256:a86c962e211f37edd61d6e11bb4df7eddc4a519a38a856e20a6498c319efa6b0 \
+    --hash=sha256:f200755768dc19c6f4e2b672421e0ebb3dd54c38d5a4f262b872d8cfcc9e93b5 \
-    --hash=sha256:a8705c5073fe3fcc297fb8e0b31aa794e05af6a329e81b7ca4ffecab7f2b95ef \
+    --hash=sha256:f21756997ad8ef815d8ef3d34edd98804ab5ea337feedcd62fb52d22bf531281 \
-    --hash=sha256:b6aaeadf1e4866ca0fdf7bb4eed25e521ae21a7947c59f78154b24fc7abbe1dd \
+    --hash=sha256:fc13a9524bc18b6fb6e0dbec3533ba0496bbed167c56d0aabefd965584557d80
-    --hash=sha256:be62aeff8f2f054eff7725f502f6228298891fd648dc2630e03e44bf63e8cee0 \
+    # via
-    --hash=sha256:c2edbb783c841e36ca0fa159f0ae97a88ce8137fb3a6cd82eae77349ba4b607b \
+    #   aiohttp
-    --hash=sha256:cbe326f6d364375a8e5a8ccb7e9cd73f4b2f6dc3b2ed205633a0db8243e2a96a \
+    #   yarl
-    --hash=sha256:d34fbb98ad0d6b563b95de852a284074514331e6b9da0a9fc894fb1cdae7a79e \
+numpy==1.19.5 \
-    --hash=sha256:d97a86937cf9970453c3b62abb55a6475f173347b4cde7f8dcdb48c8e1b9952d \
+    --hash=sha256:012426a41bc9ab63bb158635aecccc7610e3eff5d31d1eb43bc099debc979d94 \
-    --hash=sha256:dd53d7c4a69e766e4900f29db5872f5824a06827d594427cf1a4aa542818b796 \
+    --hash=sha256:06fab248a088e439402141ea04f0fffb203723148f6ee791e9c75b3e9e82f080 \
-    --hash=sha256:df1889701e2dfd8ba4dc9b1a010f0a60950077fb5242bb92c8b5c7f1a6f2668a \
+    --hash=sha256:0eef32ca3132a48e43f6a0f5a82cb508f22ce5a3d6f67a8329c81c8e226d3f6e \
-    --hash=sha256:fa1fe75b4a9e18b66ae7f0b122543c42debcf800aaafa0212aaff3ad273c2596 \
+    --hash=sha256:1ded4fce9cfaaf24e7a0ab51b7a87be9038ea1ace7f34b841fe3b6894c721d1c \
+    --hash=sha256:2e55195bc1c6b705bfd8ad6f288b38b11b1af32f3c8289d6c50d47f950c12e76 \
+    --hash=sha256:2ea52bd92ab9f768cc64a4c3ef8f4b2580a17af0a5436f6126b08efbd1838371 \
+    --hash=sha256:36674959eed6957e61f11c912f71e78857a8d0604171dfd9ce9ad5cbf41c511c \
+    --hash=sha256:384ec0463d1c2671170901994aeb6dce126de0a95ccc3976c43b0038a37329c2 \
+    --hash=sha256:39b70c19ec771805081578cc936bbe95336798b7edf4732ed102e7a43ec5c07a \
+    --hash=sha256:400580cbd3cff6ffa6293df2278c75aef2d58d8d93d3c5614cd67981dae68ceb \
+    --hash=sha256:43d4c81d5ffdff6bae58d66a3cd7f54a7acd9a0e7b18d97abb255defc09e3140 \
+    --hash=sha256:50a4a0ad0111cc1b71fa32dedd05fa239f7fb5a43a40663269bb5dc7877cfd28 \
+    --hash=sha256:603aa0706be710eea8884af807b1b3bc9fb2e49b9f4da439e76000f3b3c6ff0f \
+    --hash=sha256:6149a185cece5ee78d1d196938b2a8f9d09f5a5ebfbba66969302a778d5ddd1d \
+    --hash=sha256:759e4095edc3c1b3ac031f34d9459fa781777a93ccc633a472a5468587a190ff \
+    --hash=sha256:7fb43004bce0ca31d8f13a6eb5e943fa73371381e53f7074ed21a4cb786c32f8 \
+    --hash=sha256:811daee36a58dc79cf3d8bdd4a490e4277d0e4b7d103a001a4e73ddb48e7e6aa \
+    --hash=sha256:8b5e972b43c8fc27d56550b4120fe6257fdc15f9301914380b27f74856299fea \
+    --hash=sha256:99abf4f353c3d1a0c7a5f27699482c987cf663b1eac20db59b8c7b061eabd7fc \
+    --hash=sha256:a0d53e51a6cb6f0d9082decb7a4cb6dfb33055308c4c44f53103c073f649af73 \
+    --hash=sha256:a12ff4c8ddfee61f90a1633a4c4afd3f7bcb32b11c52026c92a12e1325922d0d \
+    --hash=sha256:a4646724fba402aa7504cd48b4b50e783296b5e10a524c7a6da62e4a8ac9698d \
+    --hash=sha256:a76f502430dd98d7546e1ea2250a7360c065a5fdea52b2dffe8ae7180909b6f4 \
+    --hash=sha256:a9d17f2be3b427fbb2bce61e596cf555d6f8a56c222bd2ca148baeeb5e5c783c \
+    --hash=sha256:ab83f24d5c52d60dbc8cd0528759532736b56db58adaa7b5f1f76ad551416a1e \
+    --hash=sha256:aeb9ed923be74e659984e321f609b9ba54a48354bfd168d21a2b072ed1e833ea \
+    --hash=sha256:c843b3f50d1ab7361ca4f0b3639bf691569493a56808a0b0c54a051d260b7dbd \
+    --hash=sha256:cae865b1cae1ec2663d8ea56ef6ff185bad091a5e33ebbadd98de2cfa3fa668f \
+    --hash=sha256:cc6bd4fd593cb261332568485e20a0712883cf631f6f5e8e86a52caa8b2b50ff \
+    --hash=sha256:cf2402002d3d9f91c8b01e66fbb436a4ed01c6498fffed0e4c7566da1d40ee1e \
+    --hash=sha256:d051ec1c64b85ecc69531e1137bb9751c6830772ee5c1c426dbcfe98ef5788d7 \
+    --hash=sha256:d6631f2e867676b13026e2846180e2c13c1e11289d67da08d71cacb2cd93d4aa \
+    --hash=sha256:dbd18bcf4889b720ba13a27ec2f2aac1981bd41203b3a3b27ba7a33f88ae4827 \
+    --hash=sha256:df609c82f18c5b9f6cb97271f03315ff0dbe481a2a02e56aeb1b1a985ce38e60
     # via opencv-python-headless
-opencv-python-headless==4.3.0.36 \
+opencv-python-headless==4.5.1.48 \
-    --hash=sha256:065c6fc2efc61ebc3dd7de7774895e200b2c050d4e8b499cee717a9db526880e \
+    --hash=sha256:0e02809db2968e54f3c23340be6ff9a1428b3f03f5dca7cd5aceda66e319ce86 \
-    --hash=sha256:103c705540603f349e714edff93606c66d0e0a6a36d22aca8f4c2a3f8f25823c \
+    --hash=sha256:1f7c14f5d4e5af4dc4669fc6b4a983b36072a934c439ac11266b930496da8255 \
-    --hash=sha256:1b1dcdd4ccf4b71767add0b674f876aad666395471ccdce5455209329f036109 \
+    --hash=sha256:243aea91cc1e36a47c46da4cc408071af39444a48df1fe1539ea8d7990500fd2 \
-    --hash=sha256:271d7de7655f8d3a55100565b486d9f63da7465722e7a7ab834c853a2ee67b6e \
+    --hash=sha256:2560dcf3c1158226b066302f777bfe0f65282410b8d90871dd872306c967d1f1 \
-    --hash=sha256:2f71a14ccd109948f9c4c1761794e3512e7eff1e3b893619de6443467cec9052 \
+    --hash=sha256:2e6a9a88617a0ef7219cff24ba78a58416670a77e6ac63975f9009af3319ab63 \
-    --hash=sha256:325fc39fcee0d07df07b409cefe3868086ed60f7286798c32765dce393c6951d \
+    --hash=sha256:372149d007e20bf556b7687591d22b58b56b3c225f492da051d81587e5dc7411 \
-    --hash=sha256:3cf602a40750cbab284cb9d6f508d9110a3c79d4e18a261cb09957e2ca6f07d6 \
+    --hash=sha256:522f12dd994e064a30562adfd63b9439099bd7c80819f5261c37ebe593283c9e \
-    --hash=sha256:3d8b3e2b2dc5796cc1f34a6bd5e43d646818843a14554be55bb9e92dcb78ada0 \
+    --hash=sha256:526b9e19cf6300f0891d8f427eac1048091912332bb781eb4957a4994bfbe608 \
-    --hash=sha256:4b303ae6b207ed79071e2ab930a0f39d7e97bc176b730d552accdf7d0ea8ef5a \
+    --hash=sha256:5f0c7d34fa9953706c2a1a6d2760a91dc5a68cab3df16af61609894c6c8586f1 \
-    --hash=sha256:5fabfc789d6b8cffbb01f4e224d3583cce12666bbebafa15e8bca69111a21153 \
+    --hash=sha256:657cdd9fbbbbb7e898ae3d9b0649b367d0e440d429c714104d069c5612d578bb \
-    --hash=sha256:653459f61b44f1d7f20ce36c6112925b351e2abadb4be6f3007440b237bafffd \
+    --hash=sha256:65c9ea57be5ebcaed009b3fee14fe59f3b6aa1e573fe08c5039ff057ad593c53 \
-    --hash=sha256:8c496eb24af0ff16844f5b12fcbb28469151822fe19ece7b6cf66279c451981d \
+    --hash=sha256:777fb596e04331f73ef5b0c1faa4d33348f29ca58216d9286355c16f5489c939 \
-    --hash=sha256:9b0e9fa11f203c39a51044471f01d5db0dd493b13e6da209cc8945b12e6eef9e \
+    --hash=sha256:7c75680ffdf32d7044415a215d1fc60dbec14a7f2f0b59a85f0f74ef5efcb6ad \
-    --hash=sha256:baaeef03220c48430768503af990b3ca5582a3c1a1bf03519db122e2ddcd78a3 \
+    --hash=sha256:924aa4c34ead0b817309f42291dc526b2a7755476afe3009d1e275fc3090d92d \
-    --hash=sha256:d269133ebfe8c99b7abe096358c0644212103b4806ae6e8ef5149d4e0d5edb36 \
+    --hash=sha256:96d1da6ad061d8f3509668d398d14dd8265e529d6407f87eb26e7f4ddf043cc0 \
-    --hash=sha256:e204a75a00bee4c10875a94ccc8e102d9ab7e1259cc0f4ddf64cee777da6bbc9 \
+    --hash=sha256:9aa04a491c534531029fbac61da961fae0bf4abb1786eed9c91befde4ca7bd81 \
-    --hash=sha256:e217bbbbb7dc06d77c799edac196f2f706601f4f6a8b2d44ae25eda4cda23e08 \
+    --hash=sha256:a322d4df14c3a5f19701a023b3da91e9b8af8653b0d2ee0c50b0b341212f7343 \
-    --hash=sha256:f5a29918dd8d8c3f4d7710a324fd3c733a91ad269c4863b32b920cb90801e22b \
+    --hash=sha256:aa562c520f46283423ba8fac29099458e42deab697a9abd0491622e421c5c454 \
-    --hash=sha256:fe28cfc3b6285f7e92905c53d42426f4f03e7af134712061329333e8fb8ea3d6 \
+    --hash=sha256:ba2f0bd46e9534f29969e39f7895cbea9764173102b0c04b7818b8a9910d66e4 \
+    --hash=sha256:d16825755e7b5a6d8737f93e116670229e1510199e0af9213004e187ae0dbcc5 \
+    --hash=sha256:e3027e0d1b71b68b5cfe1ea9c627e323dff71112c854ba19805258d8fc6c630e \
+    --hash=sha256:f2011ecb3980bbed283d17d43e0f1221bac88c0cac1a6fb59a056544de2df2f7 \
+    --hash=sha256:f5e40a06116460ef2fd2d1c24be3b65f8bfb5fcdfe433f3fc01bcb4c2eb485bf \
+    --hash=sha256:f7f8e4f7c63c8e95eb210f4cba88d0069a0a964d6335d7a35b07f0d0baa13558 \
+    --hash=sha256:fe02a943b1a28b505e954fbce24e867119a3eb4351f93adad55c6cfe81a70484
     # via thumbor
 pillow==7.2.0 \
     --hash=sha256:0295442429645fa16d05bd567ef5cff178482439c9aad0411d3f0ce9b88b3a6f \
@@ -166,114 +225,185 @@ pillow==7.2.0 \
     --hash=sha256:94cf49723928eb6070a892cb39d6c156f7b5a2db4e8971cb958f7b6b104fb4c4 \
     --hash=sha256:97f9e7953a77d5a70f49b9a48da7776dc51e9b738151b22dacf101641594a626 \
     --hash=sha256:9ad7f865eebde135d526bb3163d0b23ffff365cf87e767c649550964ad72785d \
+    --hash=sha256:9c87ef410a58dd54b92424ffd7e28fd2ec65d2f7fc02b76f5e9b2067e355ebf6 \
     --hash=sha256:a060cf8aa332052df2158e5a119303965be92c3da6f2d93b6878f0ebca80b2f6 \
     --hash=sha256:c79f9c5fb846285f943aafeafda3358992d64f0ef58566e23484132ecd8d7d63 \
     --hash=sha256:c92302a33138409e8f1ad16731568c55c9053eee71bb05b6b744067e1b62380f \
     --hash=sha256:d08b23fdb388c0715990cbc06866db554e1822c4bdcf6d4166cf30ac82df8c41 \
     --hash=sha256:d350f0f2c2421e65fbc62690f26b59b0bcda1b614beb318c81e38647e0f673a1 \
+    --hash=sha256:e901964262a56d9ea3c2693df68bc9860b8bdda2b04768821e4c44ae797de117 \
     --hash=sha256:ec29604081f10f16a7aea809ad42e27764188fc258b02259a03a8ff7ded3808d \
     --hash=sha256:edf31f1150778abd4322444c393ab9c7bd2af271dd4dafb4208fb613b1f3cdc9 \
     --hash=sha256:f7e30c27477dffc3e85c2463b3e649f751789e0f6c8456099eea7ddd53be4a8a \
-    --hash=sha256:ffe538682dc19cc542ae7c3e504fdf54ca7f86fb8a135e59dd6bc8627eae6cce \
+    --hash=sha256:ffe538682dc19cc542ae7c3e504fdf54ca7f86fb8a135e59dd6bc8627eae6cce
     # via thumbor
 pyasn1-modules==0.2.8 \
     --hash=sha256:905f84c712230b2c592c19470d3ca8d552de726050d1d1716282a1f6146be65e \
-    --hash=sha256:a50b808ffeb97cb3601dd25981f6b016cbb3d31fbf57a8b8a87428e6158d0c74 \
+    --hash=sha256:a50b808ffeb97cb3601dd25981f6b016cbb3d31fbf57a8b8a87428e6158d0c74
     # via python-ldap
 pyasn1==0.4.8 \
     --hash=sha256:39c7e2ec30515947ff4e87fb6f456dfc6e84857d34be479c9d4a4ba4bf46aa5d \
-    --hash=sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba \
+    --hash=sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba
-    # via pyasn1-modules, python-ldap
+    # via
+    #   pyasn1-modules
+    #   python-ldap
+pycurl==7.43.0.6 \
+    --hash=sha256:8301518689daefa53726b59ded6b48f33751c383cf987b0ccfbbc4ed40281325
+    # via -r requirements/thumbor.in
 python-dateutil==2.8.1 \
     --hash=sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c \
-    --hash=sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a \
+    --hash=sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a
-    # via botocore, tc-aws
+    # via
+    #   botocore
+    #   tc-aws
 python-ldap==3.3.1 \
-    --hash=sha256:4711cacf013e298754abd70058ccc995758177fb425f1c2d30e71adfc1d00aa5 \
+    --hash=sha256:4711cacf013e298754abd70058ccc995758177fb425f1c2d30e71adfc1d00aa5
     # via django-auth-ldap
 pytz==2019.3 \
     --hash=sha256:1c557d7d0e871de1f5ccd5833f60fb2550652da6be2693c1e02300743d21500d \
-    --hash=sha256:b02c06db6cf09c12dd25137e563b31700d3b80fcc4ad23abb7a315f2789819be \
+    --hash=sha256:b02c06db6cf09c12dd25137e563b31700d3b80fcc4ad23abb7a315f2789819be
-    # via django, thumbor
+    # via
+    #   django
+    #   thumbor
 six==1.15.0 \
     --hash=sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259 \
-    --hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced \
+    --hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced
-    # via derpconf, libthumbor, python-dateutil
+    # via
-sqlparse==0.3.1 \
+    #   derpconf
-    --hash=sha256:022fb9c87b524d1f7862b3037e541f68597a730a8843245c349fc93e1643dc4e \
+    #   libthumbor
-    --hash=sha256:e162203737712307dfe78860cc56c8da8a852ab2ee33750e33aeadf38d12c548 \
+    #   python-dateutil
+sqlparse==0.4.1 \
+    --hash=sha256:017cde379adbd6a1f15a61873f43e8274179378e95ef3fede90b5aa64d304ed0 \
+    --hash=sha256:0f91fd2e829c44362cbcfab3e9ae12e22badaa8a29ad5ff599f9ec109f0454e8
     # via django
 statsd==3.3.0 \
     --hash=sha256:c610fb80347fca0ef62666d241bce64184bd7cc1efe582f9690e045c25535eaa \
-    --hash=sha256:e3e6db4c246f7c59003e51c9720a51a7f39a396541cb9b147ff4b14d15b5dd1f \
+    --hash=sha256:e3e6db4c246f7c59003e51c9720a51a7f39a396541cb9b147ff4b14d15b5dd1f
     # via thumbor
-https://github.com/kkopachev/aws/archive/0d02528b47273e143be750ba237f71a076e8f251.zip#egg=tc_aws==6.3 \
+https://github.com/kkopachev/aws/archive/b5058e6b9fec7354629acc6d5df423e0310bb0cd.zip#egg=tc_aws==6.3 \
-    --hash=sha256:866d18ffbfd5a1627ed3973757e4c282745de8f30ed85f5ce8e80ae04932f8f3 \
+    --hash=sha256:8a28437b0dfab88c89f280a2d6ec55a6abfa3e26d495dc15e1b3f38744e27f0c
     # via -r requirements/thumbor.in
 thumbor==7.0.0a5 \
-    --hash=sha256:5042c9c8facf0da028a22f1aee717f856d213ec037835ca0edaa0282217654bb \
+    --hash=sha256:5042c9c8facf0da028a22f1aee717f856d213ec037835ca0edaa0282217654bb
-    # via -r requirements/thumbor.in, tc-aws
+    # via
-tornado==6.0.4 \
+    #   -r requirements/thumbor.in
-    --hash=sha256:0fe2d45ba43b00a41cd73f8be321a44936dc1aba233dee979f17a042b83eb6dc \
+    #   tc-aws
-    --hash=sha256:22aed82c2ea340c3771e3babc5ef220272f6fd06b5108a53b4976d0d722bcd52 \
+tornado==6.1 \
-    --hash=sha256:2c027eb2a393d964b22b5c154d1a23a5f8727db6fda837118a776b29e2b8ebc6 \
+    --hash=sha256:0a00ff4561e2929a2c37ce706cb8233b7907e0cdc22eab98888aca5dd3775feb \
-    --hash=sha256:5217e601700f24e966ddab689f90b7ea4bd91ff3357c3600fa1045e26d68e55d \
+    --hash=sha256:0d321a39c36e5f2c4ff12b4ed58d41390460f798422c4504e09eb5678e09998c \
-    --hash=sha256:5618f72e947533832cbc3dec54e1dffc1747a5cb17d1fd91577ed14fa0dc081b \
+    --hash=sha256:1e8225a1070cd8eec59a996c43229fe8f95689cb16e552d130b9793cb570a288 \
-    --hash=sha256:5f6a07e62e799be5d2330e68d808c8ac41d4a259b9cea61da4101b83cb5dc673 \
+    --hash=sha256:20241b3cb4f425e971cb0a8e4ffc9b0a861530ae3c52f2b0434e6c1b57e9fd95 \
-    --hash=sha256:c58d56003daf1b616336781b26d184023ea4af13ae143d9dda65e31e534940b9 \
+    --hash=sha256:25ad220258349a12ae87ede08a7b04aca51237721f63b1808d39bdb4b2164558 \
-    --hash=sha256:c952975c8ba74f546ae6de2e226ab3cc3cc11ae47baf607459a6728585bb542a \
+    --hash=sha256:33892118b165401f291070100d6d09359ca74addda679b60390b09f8ef325ffe \
-    --hash=sha256:c98232a3ac391f5faea6821b53db8db461157baa788f5d6222a193e9456e1740 \
+    --hash=sha256:33c6e81d7bd55b468d2e793517c909b139960b6c790a60b7991b9b6b76fb9791 \
+    --hash=sha256:3447475585bae2e77ecb832fc0300c3695516a47d46cefa0528181a34c5b9d3d \
+    --hash=sha256:34ca2dac9e4d7afb0bed4677512e36a52f09caa6fded70b4e3e1c89dbd92c326 \
+    --hash=sha256:3e63498f680547ed24d2c71e6497f24bca791aca2fe116dbc2bd0ac7f191691b \
+    --hash=sha256:548430be2740e327b3fe0201abe471f314741efcb0067ec4f2d7dcfb4825f3e4 \
+    --hash=sha256:6196a5c39286cc37c024cd78834fb9345e464525d8991c21e908cc046d1cc02c \
+    --hash=sha256:61b32d06ae8a036a6607805e6720ef00a3c98207038444ba7fd3d169cd998910 \
+    --hash=sha256:6286efab1ed6e74b7028327365cf7346b1d777d63ab30e21a0f4d5b275fc17d5 \
+    --hash=sha256:65d98939f1a2e74b58839f8c4dab3b6b3c1ce84972ae712be02845e65391ac7c \
+    --hash=sha256:66324e4e1beede9ac79e60f88de548da58b1f8ab4b2f1354d8375774f997e6c0 \
+    --hash=sha256:6c77c9937962577a6a76917845d06af6ab9197702a42e1346d8ae2e76b5e3675 \
+    --hash=sha256:70dec29e8ac485dbf57481baee40781c63e381bebea080991893cd297742b8fd \
+    --hash=sha256:7250a3fa399f08ec9cb3f7b1b987955d17e044f1ade821b32e5f435130250d7f \
+    --hash=sha256:748290bf9112b581c525e6e6d3820621ff020ed95af6f17fedef416b27ed564c \
+    --hash=sha256:7da13da6f985aab7f6f28debab00c67ff9cbacd588e8477034c0652ac141feea \
+    --hash=sha256:8f959b26f2634a091bb42241c3ed8d3cedb506e7c27b8dd5c7b9f745318ddbb6 \
+    --hash=sha256:9de9e5188a782be6b1ce866e8a51bc76a0fbaa0e16613823fc38e4fc2556ad05 \
+    --hash=sha256:a48900ecea1cbb71b8c71c620dee15b62f85f7c14189bdeee54966fbd9a0c5bd \
+    --hash=sha256:b87936fd2c317b6ee08a5741ea06b9d11a6074ef4cc42e031bc6403f82a32575 \
+    --hash=sha256:c77da1263aa361938476f04c4b6c8916001b90b2c2fdd92d8d535e1af48fba5a \
+    --hash=sha256:cb5ec8eead331e3bb4ce8066cf06d2dfef1bfb1b2a73082dfe8a161301b76e37 \
+    --hash=sha256:cc0ee35043162abbf717b7df924597ade8e5395e7b66d18270116f8745ceb795 \
+    --hash=sha256:d14d30e7f46a0476efb0deb5b61343b1526f73ebb5ed84f23dc794bdb88f9d9f \
+    --hash=sha256:d371e811d6b156d82aa5f9a4e08b58debf97c302a35714f6f45e35139c332e32 \
+    --hash=sha256:d3d20ea5782ba63ed13bc2b8c291a053c8d807a8fa927d941bd718468f7b950c \
+    --hash=sha256:d3f7594930c423fd9f5d1a76bee85a2c36fd8b4b16921cae7e965f22575e9c01 \
+    --hash=sha256:dcef026f608f678c118779cd6591c8af6e9b4155c44e0d1bc0c87c036fb8c8c4 \
+    --hash=sha256:e0791ac58d91ac58f694d8d2957884df8e4e2f6687cdf367ef7eb7497f79eaa2 \
+    --hash=sha256:e385b637ac3acaae8022e7e47dfa7b83d3620e432e3ecb9a3f7f58f150e50921 \
+    --hash=sha256:e519d64089b0876c7b467274468709dadf11e41d65f63bba207e04217f47c085 \
+    --hash=sha256:e7229e60ac41a1202444497ddde70a48d33909e484f96eb0da9baf8dc68541df \
+    --hash=sha256:ed3ad863b1b40cd1d4bd21e7498329ccaece75db5a5bf58cd3c9f130843e7102 \
+    --hash=sha256:f0ba29bafd8e7e22920567ce0d232c26d4d47c8b5cf4ed7b562b5db39fa199c5 \
+    --hash=sha256:fa2ba70284fa42c2a5ecb35e322e68823288a4251f9ba9cc77be04ae15eada68 \
+    --hash=sha256:fba85b6cd9c39be262fcd23865652920832b61583de2a2ca907dbd8e8a8c81e5
     # via thumbor
-typing-extensions==3.7.4.2 \
+typing-extensions==3.7.4.3 \
-    --hash=sha256:6e95524d8a547a91e08f404ae485bbb71962de46967e1b71a0cb89af24e761c5 \
+    --hash=sha256:7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918 \
-    --hash=sha256:79ee589a3caca649a9bfd2a8de4709837400dfa00b6cc81962a1e6a1815969ae \
+    --hash=sha256:99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c \
-    --hash=sha256:f8d2bd89d25bc39dabe7d23df520442fa1d8969b82544370e03d88b5a591c392 \
+    --hash=sha256:dafc7639cde7f1b6e1acc0f457842a83e722ccca8eef5270af2d74792619a89f
-    # via aiohttp, aioitertools
+    # via
-urllib3==1.25.9 \
+    #   aiohttp
-    --hash=sha256:3018294ebefce6572a474f0604c2021e33b3fd8006ecd11d62107a5d2a963527 \
+    #   aioitertools
-    --hash=sha256:88206b0eb87e6d677d424843ac5209e3fb9d0190d0ee169599165ec25e9d9115 \
+    #   yarl
+urllib3==1.26.3 \
+    --hash=sha256:1b465e494e3e0d8939b50680403e3aedaa2bc434b7d5af64dfd3c958d7f5ae80 \
+    --hash=sha256:de3eedaad74a2683334e282005cd8d7f22f4d55fa690a2a1020a416cb0a47e73
     # via botocore
 virtualenv-clone==0.5.4 \
     --hash=sha256:07e74418b7cc64f4fda987bf5bc71ebd59af27a7bc9e8a8ee9fd54b1f2390a27 \
-    --hash=sha256:665e48dd54c84b98b71a657acb49104c54e7652bce9c1c4f6c6976ed4c827a29 \
+    --hash=sha256:665e48dd54c84b98b71a657acb49104c54e7652bce9c1c4f6c6976ed4c827a29
     # via -r requirements/thumbor.in
 webcolors==1.11.1 \
     --hash=sha256:76f360636957d1c976db7466bc71dcb713bb95ac8911944dffc55c01cb516de6 \
-    --hash=sha256:b8cd5d865a25c51ff1218f0c90d0c0781fc64312a49b746b320cf50de1648f6e \
+    --hash=sha256:b8cd5d865a25c51ff1218f0c90d0c0781fc64312a49b746b320cf50de1648f6e
     # via thumbor
-wheel==0.34.2 \
+wheel==0.36.2 \
-    --hash=sha256:8788e9155fe14f54164c1b9eb0a319d98ef02c160725587ad60f14ddc57b6f96 \
+    --hash=sha256:78b5b185f0e5763c26ca1e324373aadd49182ca90e825f7853f4b2509215dc0e \
-    --hash=sha256:df277cb51e61359aba502208d680f90c0493adec6f0e848af94948778aed386e \
+    --hash=sha256:e11eefd162658ea59a60a0f6c7d493a7190ea4b9a85e335b33489d9f17e0245e
     # via -r requirements/pip.in
 wrapt==1.12.1 \
-    --hash=sha256:b62ffa81fb85f4332a4f609cab4ac40709470da05643a082ec1eb88e6d9b97d7 \
+    --hash=sha256:b62ffa81fb85f4332a4f609cab4ac40709470da05643a082ec1eb88e6d9b97d7
     # via aiobotocore
-yarl==1.4.2 \
+yarl==1.6.3 \
-    --hash=sha256:0c2ab325d33f1b824734b3ef51d4d54a54e0e7a23d13b86974507602334c2cce \
+    --hash=sha256:00d7ad91b6583602eb9c1d085a2cf281ada267e9a197e8b7cae487dadbfa293e \
-    --hash=sha256:0ca2f395591bbd85ddd50a82eb1fde9c1066fafe888c5c7cc1d810cf03fd3cc6 \
+    --hash=sha256:0355a701b3998dcd832d0dc47cc5dedf3874f966ac7f870e0f3a6788d802d434 \
-    --hash=sha256:2098a4b4b9d75ee352807a95cdf5f10180db903bc5b7270715c6bbe2551f64ce \
+    --hash=sha256:15263c3b0b47968c1d90daa89f21fcc889bb4b1aac5555580d74565de6836366 \
-    --hash=sha256:25e66e5e2007c7a39541ca13b559cd8ebc2ad8fe00ea94a2aad28a9b1e44e5ae \
+    --hash=sha256:2ce4c621d21326a4a5500c25031e102af589edb50c09b321049e388b3934eec3 \
-    --hash=sha256:26d7c90cb04dee1665282a5d1a998defc1a9e012fdca0f33396f81508f49696d \
+    --hash=sha256:31ede6e8c4329fb81c86706ba8f6bf661a924b53ba191b27aa5fcee5714d18ec \
-    --hash=sha256:308b98b0c8cd1dfef1a0311dc5e38ae8f9b58349226aa0533f15a16717ad702f \
+    --hash=sha256:324ba3d3c6fee56e2e0b0d09bf5c73824b9f08234339d2b788af65e60040c959 \
-    --hash=sha256:3ce3d4f7c6b69c4e4f0704b32eca8123b9c58ae91af740481aa57d7857b5e41b \
+    --hash=sha256:329412812ecfc94a57cd37c9d547579510a9e83c516bc069470db5f75684629e \
-    --hash=sha256:58cd9c469eced558cd81aa3f484b2924e8897049e06889e8ff2510435b7ef74b \
+    --hash=sha256:4736eaee5626db8d9cda9eb5282028cc834e2aeb194e0d8b50217d707e98bb5c \
-    --hash=sha256:5b10eb0e7f044cf0b035112446b26a3a2946bca9d7d7edb5e54a2ad2f6652abb \
+    --hash=sha256:4953fb0b4fdb7e08b2f3b3be80a00d28c5c8a2056bb066169de00e6501b986b6 \
-    --hash=sha256:6faa19d3824c21bcbfdfce5171e193c8b4ddafdf0ac3f129ccf0cdfcb083e462 \
+    --hash=sha256:4c5bcfc3ed226bf6419f7a33982fb4b8ec2e45785a0561eb99274ebbf09fdd6a \
-    --hash=sha256:944494be42fa630134bf907714d40207e646fd5a94423c90d5b514f7b0713fea \
+    --hash=sha256:547f7665ad50fa8563150ed079f8e805e63dd85def6674c97efd78eed6c224a6 \
-    --hash=sha256:a161de7e50224e8e3de6e184707476b5a989037dcb24292b391a3d66ff158e70 \
+    --hash=sha256:5b883e458058f8d6099e4420f0cc2567989032b5f34b271c0827de9f1079a424 \
-    --hash=sha256:a4844ebb2be14768f7994f2017f70aca39d658a96c786211be5ddbe1c68794c1 \
+    --hash=sha256:63f90b20ca654b3ecc7a8d62c03ffa46999595f0167d6450fa8383bab252987e \
-    --hash=sha256:c2b509ac3d4b988ae8769901c66345425e361d518aecbe4acbfc2567e416626a \
+    --hash=sha256:68dc568889b1c13f1e4745c96b931cc94fdd0defe92a72c2b8ce01091b22e35f \
-    --hash=sha256:c9959d49a77b0e07559e579f38b2f3711c2b8716b8410b320bf9713013215a1b \
+    --hash=sha256:69ee97c71fee1f63d04c945f56d5d726483c4762845400a6795a3b75d56b6c50 \
-    --hash=sha256:d8cdee92bc930d8b09d8bd2043cedd544d9c8bd7436a77678dd602467a993080 \
+    --hash=sha256:6d6283d8e0631b617edf0fd726353cb76630b83a089a40933043894e7f6721e2 \
-    --hash=sha256:e15199cdb423316e15f108f51249e44eb156ae5dba232cb73be555324a1d49c2 \
+    --hash=sha256:72a660bdd24497e3e84f5519e57a9ee9220b6f3ac4d45056961bf22838ce20cc \
+    --hash=sha256:73494d5b71099ae8cb8754f1df131c11d433b387efab7b51849e7e1e851f07a4 \
+    --hash=sha256:7356644cbed76119d0b6bd32ffba704d30d747e0c217109d7979a7bc36c4d970 \
+    --hash=sha256:8a9066529240171b68893d60dca86a763eae2139dd42f42106b03cf4b426bf10 \
+    --hash=sha256:8aa3decd5e0e852dc68335abf5478a518b41bf2ab2f330fe44916399efedfae0 \
+    --hash=sha256:97b5bdc450d63c3ba30a127d018b866ea94e65655efaf889ebeabc20f7d12406 \
+    --hash=sha256:9ede61b0854e267fd565e7527e2f2eb3ef8858b301319be0604177690e1a3896 \
+    --hash=sha256:b2e9a456c121e26d13c29251f8267541bd75e6a1ccf9e859179701c36a078643 \
+    --hash=sha256:b5dfc9a40c198334f4f3f55880ecf910adebdcb2a0b9a9c23c9345faa9185721 \
+    --hash=sha256:bafb450deef6861815ed579c7a6113a879a6ef58aed4c3a4be54400ae8871478 \
+    --hash=sha256:c49ff66d479d38ab863c50f7bb27dee97c6627c5fe60697de15529da9c3de724 \
+    --hash=sha256:ce3beb46a72d9f2190f9e1027886bfc513702d748047b548b05dab7dfb584d2e \
+    --hash=sha256:d26608cf178efb8faa5ff0f2d2e77c208f471c5a3709e577a7b3fd0445703ac8 \
+    --hash=sha256:d597767fcd2c3dc49d6eea360c458b65643d1e4dbed91361cf5e36e53c1f8c96 \
+    --hash=sha256:d5c32c82990e4ac4d8150fd7652b972216b204de4e83a122546dce571c1bdf25 \
+    --hash=sha256:d8d07d102f17b68966e2de0e07bfd6e139c7c02ef06d3a0f8d2f0f055e13bb76 \
+    --hash=sha256:e46fba844f4895b36f4c398c5af062a9808d1f26b2999c58909517384d5deda2 \
+    --hash=sha256:e6b5460dc5ad42ad2b36cca524491dfcaffbfd9c8df50508bddc354e787b8dc2 \
+    --hash=sha256:f040bcc6725c821a4c0665f3aa96a4d0805a7aaf2caf266d256b8ed71b9f041c \
+    --hash=sha256:f0b059678fd549c66b89bed03efcabb009075bd131c248ecdf087bdb6faba24a \
+    --hash=sha256:fcbb48a93e8699eae920f8d92f7160c03567b421bc17362a9ffbbd706a816f71
     # via aiohttp
 
 # The following packages are considered to be unsafe in a requirements file:
-pip==20.1.1 \
+pip==20.2.4 \
-    --hash=sha256:27f8dc29387dd83249e06e681ce087e6061826582198a425085e0bf4c1cf3a55 \
+    --hash=sha256:51f1c7514530bd5c145d8f13ed936ad6b8bfcb8cf74e10403d0890bc986f0033 \
-    --hash=sha256:b27c4dedae8c41aa59108f2fa38bf78e0890e590545bc8ece7cdceb4ba60f6e4 \
+    --hash=sha256:85c99a857ea0fb0aedf23833d9be5c40cf253fe24443f0829c7b472e23c364a1
     # via -r requirements/pip.in
-setuptools==49.1.0 \
+setuptools==52.0.0 \
-    --hash=sha256:60351853f8c093ef57224695ee989d5d074168f6b93dae000fa9996072adaba3 \
+    --hash=sha256:0a6f1f18249f78cffdad842efadf1ed7b039fa3355d93f3890f56bd66a48cf27 \
-    --hash=sha256:daf2e1c215f805b0ddc3b4262886bb6667ae0d4563887a8374fb766adc47c324 \
+    --hash=sha256:fb3a1ee622509550dbf1d419f241296169d7f09cb1eb5b1736f2f10965932b96
     # via -r requirements/pip.in

requirements/thumbor.in

@@ -1,6 +1,9 @@
-https://github.com/kkopachev/aws/archive/0d02528b47273e143be750ba237f71a076e8f251.zip#egg=tc_aws==6.3
+https://github.com/kkopachev/aws/archive/b5058e6b9fec7354629acc6d5df423e0310bb0cd.zip#egg=tc_aws==6.3
 thumbor>=7.dev
 
+# Not required by Thumbor, but recommended
+pycurl
+
 # Required for just importing settings from our main django app.
 django-auth-ldap
 Django==2.2.*

requirements/thumbor.txt

@@ -7,146 +7,205 @@
 #
 # For details, see requirements/README.md .
 #
-aiobotocore==1.0.7 \
+aiobotocore==1.2.0 \
-    --hash=sha256:9589d812714a5b78f0b8249916c17374e507dd7edfd5038a85cd6f25028506f3 \
+    --hash=sha256:852b75ba7b7f50c89aba4693545d0c5450024886c55cd6ecefb736d474f9ea53
-    --hash=sha256:d3183a22a376a97ed0a739854408fcf4ee9f24a629b38f84451b7e2111622ae3 \
     # via tc-aws
-aiohttp==3.6.2 \
+aiohttp==3.7.3 \
-    --hash=sha256:1e984191d1ec186881ffaed4581092ba04f7c61582a177b187d3a2f07ed9719e \
+    --hash=sha256:0b795072bb1bf87b8620120a6373a3c61bfcb8da7e5c2377f4bb23ff4f0b62c9 \
-    --hash=sha256:259ab809ff0727d0e834ac5e8a283dc5e3e0ecc30c4d80b3cd17a4139ce1f326 \
+    --hash=sha256:0d438c8ca703b1b714e82ed5b7a4412c82577040dadff479c08405e2a715564f \
-    --hash=sha256:2f4d1a4fdce595c947162333353d4a44952a724fba9ca3205a3df99a33d1307a \
+    --hash=sha256:16a3cb5df5c56f696234ea9e65e227d1ebe9c18aa774d36ff42f532139066a5f \
-    --hash=sha256:32e5f3b7e511aa850829fbe5aa32eb455e5534eaa4b1ce93231d00e2f76e5654 \
+    --hash=sha256:1edfd82a98c5161497bbb111b2b70c0813102ad7e0aa81cbeb34e64c93863005 \
-    --hash=sha256:344c780466b73095a72c616fac5ea9c4665add7fc129f285fbdbca3cccf4612a \
+    --hash=sha256:2406dc1dda01c7f6060ab586e4601f18affb7a6b965c50a8c90ff07569cf782a \
-    --hash=sha256:460bd4237d2dbecc3b5ed57e122992f60188afe46e7319116da5eb8a9dfedba4 \
+    --hash=sha256:2858b2504c8697beb9357be01dc47ef86438cc1cb36ecb6991796d19475faa3e \
-    --hash=sha256:4c6efd824d44ae697814a2a85604d8e992b875462c6655da161ff18fd4f29f17 \
+    --hash=sha256:2a7b7640167ab536c3cb90cfc3977c7094f1c5890d7eeede8b273c175c3910fd \
-    --hash=sha256:50aaad128e6ac62e7bf7bd1f0c0a24bc968a0c0590a726d5a955af193544bcec \
+    --hash=sha256:3228b7a51e3ed533f5472f54f70fd0b0a64c48dc1649a0f0e809bec312934d7a \
-    --hash=sha256:6206a135d072f88da3e71cc501c59d5abffa9d0bb43269a6dcd28d66bfafdbdd \
+    --hash=sha256:328b552513d4f95b0a2eea4c8573e112866107227661834652a8984766aa7656 \
-    --hash=sha256:65f31b622af739a802ca6fd1a3076fd0ae523f8485c52924a89561ba10c49b48 \
+    --hash=sha256:39f4b0a6ae22a1c567cb0630c30dd082481f95c13ca528dc501a7766b9c718c0 \
-    --hash=sha256:ae55bac364c405caa23a4f2d6cfecc6a0daada500274ffca4a9230e7129eac59 \
+    --hash=sha256:3b0036c978cbcc4a4512278e98e3e6d9e6b834dc973206162eddf98b586ef1c6 \
-    --hash=sha256:b778ce0c909a2653741cb4b1ac7015b5c130ab9c897611df43ae6a58523cb965 \
+    --hash=sha256:3ea8c252d8df5e9166bcf3d9edced2af132f4ead8ac422eac723c5781063709a \
+    --hash=sha256:41608c0acbe0899c852281978492f9ce2c6fbfaf60aff0cefc54a7c4516b822c \
+    --hash=sha256:59d11674964b74a81b149d4ceaff2b674b3b0e4d0f10f0be1533e49c4a28408b \
+    --hash=sha256:5e479df4b2d0f8f02133b7e4430098699450e1b2a826438af6bec9a400530957 \
+    --hash=sha256:684850fb1e3e55c9220aad007f8386d8e3e477c4ec9211ae54d968ecdca8c6f9 \
+    --hash=sha256:6ccc43d68b81c424e46192a778f97da94ee0630337c9bbe5b2ecc9b0c1c59001 \
+    --hash=sha256:6d42debaf55450643146fabe4b6817bb2a55b23698b0434107e892a43117285e \
+    --hash=sha256:710376bf67d8ff4500a31d0c207b8941ff4fba5de6890a701d71680474fe2a60 \
+    --hash=sha256:756ae7efddd68d4ea7d89c636b703e14a0c686688d42f588b90778a3c2fc0564 \
+    --hash=sha256:77149002d9386fae303a4a162e6bce75cc2161347ad2ba06c2f0182561875d45 \
+    --hash=sha256:78e2f18a82b88cbc37d22365cf8d2b879a492faedb3f2975adb4ed8dfe994d3a \
+    --hash=sha256:7d9b42127a6c0bdcc25c3dcf252bb3ddc70454fac593b1b6933ae091396deb13 \
+    --hash=sha256:8389d6044ee4e2037dca83e3f6994738550f6ee8cfb746762283fad9b932868f \
+    --hash=sha256:9c1a81af067e72261c9cbe33ea792893e83bc6aa987bfbd6fdc1e5e7b22777c4 \
+    --hash=sha256:c1e0920909d916d3375c7a1fdb0b1c78e46170e8bb42792312b6eb6676b2f87f \
+    --hash=sha256:c68fdf21c6f3573ae19c7ee65f9ff185649a060c9a06535e9c3a0ee0bbac9235 \
+    --hash=sha256:c733ef3bdcfe52a1a75564389bad4064352274036e7e234730526d155f04d914 \
+    --hash=sha256:c9c58b0b84055d8bc27b7df5a9d141df4ee6ff59821f922dd73155861282f6a3 \
+    --hash=sha256:d03abec50df423b026a5aa09656bd9d37f1e6a49271f123f31f9b8aed5dc3ea3 \
+    --hash=sha256:d2cfac21e31e841d60dc28c0ec7d4ec47a35c608cb8906435d47ef83ffb22150 \
+    --hash=sha256:dcc119db14757b0c7bce64042158307b9b1c76471e655751a61b57f5a0e4d78e \
+    --hash=sha256:df3a7b258cc230a65245167a202dd07320a5af05f3d41da1488ba0fa05bc9347 \
+    --hash=sha256:df48a623c58180874d7407b4d9ec06a19b84ed47f60a3884345b1a5099c1818b \
+    --hash=sha256:e1b95972a0ae3f248a899cdbac92ba2e01d731225f566569311043ce2226f5e7 \
+    --hash=sha256:f326b3c1bbfda5b9308252ee0dcb30b612ee92b0e105d4abec70335fab5b1245 \
+    --hash=sha256:f411cb22115cb15452d099fec0ee636b06cf81bfb40ed9c02d30c8dc2bc2e3d1
     # via aiobotocore
-aioitertools==0.7.0 \
+aioitertools==0.7.1 \
-    --hash=sha256:341cb05a0903177ef1b73d4cc12c92aee18e81c364e0138f4efc7ec3c47b8177 \
+    --hash=sha256:54a56c7cf3b5290d1cb5e8974353c9f52c677612b5d69a859369a020c53414a3 \
-    --hash=sha256:e931a2f0dcabd4a8446b5cc2fc71b8bb14716e6adf37728a70869213f1f741cd \
+    --hash=sha256:8972308474c41ed5e0636819f948ebff32f2318e70f7e7d23cd208c4357cc773
     # via aiobotocore
 async-timeout==3.0.1 \
     --hash=sha256:0c3c816a028d47f659d6ff5c745cb2acf1f966da1fe5c19c77a70282b25f4c5f \
-    --hash=sha256:4291ca197d287d274d0b6cb5d6f8f8f82d434ed288f962539ff18cc9012f9ea3 \
+    --hash=sha256:4291ca197d287d274d0b6cb5d6f8f8f82d434ed288f962539ff18cc9012f9ea3
     # via aiohttp
-attrs==19.3.0 \
+attrs==20.3.0 \
-    --hash=sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c \
+    --hash=sha256:31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6 \
-    --hash=sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72 \
+    --hash=sha256:832aa3cde19744e49938b91fea06d69ecb9e649c93ba974535d08ad92164f700
     # via aiohttp
-botocore==1.15.32 \
+botocore==1.19.52 \
-    --hash=sha256:3ea89601ee452b65084005278bd832be854cfde5166685dcb14b6c8f19d3fc6d \
+    --hash=sha256:d8f50e4162012ccfab64c2db4fcc99313d46d57789072251bab56013d66546e2 \
-    --hash=sha256:a963af564d94107787ff3d2c534e8b7aed7f12e014cdd609f8fcb17bf9d9b19a \
+    --hash=sha256:dc5ec23deadbe9327d3c81d03fddf80805c549059baabd80dea605941fe6a221
     # via aiobotocore
 chardet==3.0.4 \
     --hash=sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae \
-    --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691 \
+    --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691
     # via aiohttp
 colorful==0.5.4 \
     --hash=sha256:86848ad4e2eda60cd2519d8698945d22f6f6551e23e95f3f14dfbb60997807ea \
-    --hash=sha256:8d264b52a39aae4c0ba3e2a46afbaec81b0559a99be0d2cfe2aba4cf94531348 \
+    --hash=sha256:8d264b52a39aae4c0ba3e2a46afbaec81b0559a99be0d2cfe2aba4cf94531348
     # via thumbor
 derpconf==0.8.3 \
-    --hash=sha256:1bb152d8a1cf5c2a6d629bf29acd4af0c00811339642fc0a56172b0a83b31a15 \
+    --hash=sha256:1bb152d8a1cf5c2a6d629bf29acd4af0c00811339642fc0a56172b0a83b31a15
     # via thumbor
 django-auth-ldap==2.2.0 \
     --hash=sha256:0ed2d88d81c39be915a9ab53b97ec0a33a3d16055518ab4c9bcffe8236d40370 \
-    --hash=sha256:11af1773b08613339d2c3a0cec1308a4d563518f17b1719c3759994d0b4d04bf \
+    --hash=sha256:11af1773b08613339d2c3a0cec1308a4d563518f17b1719c3759994d0b4d04bf
     # via -r requirements/thumbor.in
-django==2.2.14 \
+django==2.2.17 \
-    --hash=sha256:edf0ecf6657713b0435b6757e6069466925cae70d634a3283c96b80c01e06191 \
+    --hash=sha256:558cb27930defd9a6042133258caf797b2d1dee233959f537e3dc475cb49bd7c \
-    --hash=sha256:f2250bd35d0f6c23e930c544629934144e5dd39a4c06092e1050c731c1712ba8 \
+    --hash=sha256:cf5370a4d7765a9dd6d42a7b96b53c74f9446cd38209211304b210fe0404b861
-    # via -r requirements/thumbor.in, django-auth-ldap
+    # via
-docutils==0.15.2 \
+    #   -r requirements/thumbor.in
-    --hash=sha256:6c4f696463b79f1fb8ba0c594b63840ebd41f059e92b31957c46b74a4599b6d0 \
+    #   django-auth-ldap
-    --hash=sha256:9e4d7ecfc600058e07ba661411a2b7de2fd0fafa17d1a7f7361cd47b1175c827 \
-    --hash=sha256:a2aeea129088da402665e92e0b25b04b073c04b2dce4ab65caaa38b7ce2e1a99 \
-    # via botocore
 idna-ssl==1.1.0 \
-    --hash=sha256:a933e3bb13da54383f9e8f35dc4f9cb9eb9b3b78c6b36f311254d6d0d92c6c7c \
+    --hash=sha256:a933e3bb13da54383f9e8f35dc4f9cb9eb9b3b78c6b36f311254d6d0d92c6c7c
     # via aiohttp
-idna==2.10 \
+idna==3.1 \
-    --hash=sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6 \
+    --hash=sha256:5205d03e7bcbb919cc9c19885f9920d622ca52448306f2377daede5cf3faac16 \
-    --hash=sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0 \
+    --hash=sha256:c5b02147e01ea9920e6b0a3f1f7bb833612d507592c837a6c49552768f4054e1
-    # via idna-ssl, yarl
+    # via
+    #   idna-ssl
+    #   yarl
 jmespath==0.10.0 \
     --hash=sha256:b85d0567b8666149a93172712e68920734333c0ce7e89b78b3e987f71e5ed4f9 \
-    --hash=sha256:cdf6525904cc597730141d61b36f2e4b8ecc257c420fa2f4549bac2c2d0cb72f \
+    --hash=sha256:cdf6525904cc597730141d61b36f2e4b8ecc257c420fa2f4549bac2c2d0cb72f
     # via botocore
 libthumbor==2.0.1 \
     --hash=sha256:3c4e1a59c019d22f868d225315c06f97fad30fb5e78112d6a230b978e7d24e38 \
-    --hash=sha256:ed4fe5f27f8f90e7285b7e6dce99c1b67d43a140bf370e989080b43d80ce25f0 \
+    --hash=sha256:ed4fe5f27f8f90e7285b7e6dce99c1b67d43a140bf370e989080b43d80ce25f0
     # via thumbor
-multidict==4.7.6 \
+multidict==5.1.0 \
-    --hash=sha256:1ece5a3369835c20ed57adadc663400b5525904e53bae59ec854a5d36b39b21a \
+    --hash=sha256:018132dbd8688c7a69ad89c4a3f39ea2f9f33302ebe567a879da8f4ca73f0d0a \
-    --hash=sha256:275ca32383bc5d1894b6975bb4ca6a7ff16ab76fa622967625baeebcf8079000 \
+    --hash=sha256:051012ccee979b2b06be928a6150d237aec75dd6bf2d1eeeb190baf2b05abc93 \
-    --hash=sha256:3750f2205b800aac4bb03b5ae48025a64e474d2c6cc79547988ba1d4122a09e2 \
+    --hash=sha256:05c20b68e512166fddba59a918773ba002fdd77800cad9f55b59790030bab632 \
-    --hash=sha256:4538273208e7294b2659b1602490f4ed3ab1c8cf9dbdd817e0e9db8e64be2507 \
+    --hash=sha256:07b42215124aedecc6083f1ce6b7e5ec5b50047afa701f3442054373a6deb656 \
-    --hash=sha256:5141c13374e6b25fe6bf092052ab55c0c03d21bd66c94a0e3ae371d3e4d865a5 \
+    --hash=sha256:0e3c84e6c67eba89c2dbcee08504ba8644ab4284863452450520dad8f1e89b79 \
-    --hash=sha256:51a4d210404ac61d32dada00a50ea7ba412e6ea945bbe992e4d7a595276d2ec7 \
+    --hash=sha256:0e929169f9c090dae0646a011c8b058e5e5fb391466016b39d21745b48817fd7 \
-    --hash=sha256:5cf311a0f5ef80fe73e4f4c0f0998ec08f954a6ec72b746f3c179e37de1d210d \
+    --hash=sha256:1ab820665e67373de5802acae069a6a05567ae234ddb129f31d290fc3d1aa56d \
-    --hash=sha256:6513728873f4326999429a8b00fc7ceddb2509b01d5fd3f3be7881a257b8d463 \
+    --hash=sha256:25b4e5f22d3a37ddf3effc0710ba692cfc792c2b9edfb9c05aefe823256e84d5 \
-    --hash=sha256:7388d2ef3c55a8ba80da62ecfafa06a1c097c18032a501ffd4cabbc52d7f2b19 \
+    --hash=sha256:2e68965192c4ea61fff1b81c14ff712fc7dc15d2bd120602e4a3494ea6584224 \
-    --hash=sha256:9456e90649005ad40558f4cf51dbb842e32807df75146c6d940b6f5abb4a78f3 \
+    --hash=sha256:2f1a132f1c88724674271d636e6b7351477c27722f2ed789f719f9e3545a3d26 \
-    --hash=sha256:c026fe9a05130e44157b98fea3ab12969e5b60691a276150db9eda71710cd10b \
+    --hash=sha256:37e5438e1c78931df5d3c0c78ae049092877e5e9c02dd1ff5abb9cf27a5914ea \
-    --hash=sha256:d14842362ed4cf63751648e7672f7174c9818459d169231d03c56e84daf90b7c \
+    --hash=sha256:3a041b76d13706b7fff23b9fc83117c7b8fe8d5fe9e6be45eee72b9baa75f348 \
-    --hash=sha256:e0d072ae0f2a179c375f67e3da300b47e1a83293c554450b29c900e50afaae87 \
+    --hash=sha256:3a4f32116f8f72ecf2a29dabfb27b23ab7cdc0ba807e8459e59a93a9be9506f6 \
-    --hash=sha256:f07acae137b71af3bb548bd8da720956a3bc9f9a0b87733e0899226a2317aeb7 \
+    --hash=sha256:46c73e09ad374a6d876c599f2328161bcd95e280f84d2060cf57991dec5cfe76 \
-    --hash=sha256:fbb77a75e529021e7c4a8d4e823d88ef4d23674a202be4f5addffc72cbb91430 \
+    --hash=sha256:46dd362c2f045095c920162e9307de5ffd0a1bfbba0a6e990b344366f55a30c1 \
-    --hash=sha256:fcfbb44c59af3f8ea984de67ec7c306f618a3ec771c2843804069917a8f2e255 \
+    --hash=sha256:4b186eb7d6ae7c06eb4392411189469e6a820da81447f46c0072a41c748ab73f \
-    --hash=sha256:feed85993dbdb1dbc29102f50bca65bdc68f2c0c8d352468c25b54874f23c39d \
+    --hash=sha256:54fd1e83a184e19c598d5e70ba508196fd0bbdd676ce159feb412a4a6664f952 \
-    # via aiohttp, yarl
+    --hash=sha256:585fd452dd7782130d112f7ddf3473ffdd521414674c33876187e101b588738a \
-numpy==1.19.0 \
+    --hash=sha256:5cf3443199b83ed9e955f511b5b241fd3ae004e3cb81c58ec10f4fe47c7dce37 \
-    --hash=sha256:13af0184177469192d80db9bd02619f6fa8b922f9f327e077d6f2a6acb1ce1c0 \
+    --hash=sha256:6a4d5ce640e37b0efcc8441caeea8f43a06addace2335bd11151bc02d2ee31f9 \
-    --hash=sha256:26a45798ca2a4e168d00de75d4a524abf5907949231512f372b217ede3429e98 \
+    --hash=sha256:7df80d07818b385f3129180369079bd6934cf70469f99daaebfac89dca288359 \
-    --hash=sha256:26f509450db547e4dfa3ec739419b31edad646d21fb8d0ed0734188b35ff6b27 \
+    --hash=sha256:806068d4f86cb06af37cd65821554f98240a19ce646d3cd24e1c33587f313eb8 \
-    --hash=sha256:30a59fb41bb6b8c465ab50d60a1b298d1cd7b85274e71f38af5a75d6c475d2d2 \
+    --hash=sha256:830f57206cc96ed0ccf68304141fec9481a096c4d2e2831f311bde1c404401da \
-    --hash=sha256:33c623ef9ca5e19e05991f127c1be5aeb1ab5cdf30cb1c5cf3960752e58b599b \
+    --hash=sha256:929006d3c2d923788ba153ad0de8ed2e5ed39fdbe8e7be21e2f22ed06c6783d3 \
-    --hash=sha256:356f96c9fbec59974a592452ab6a036cd6f180822a60b529a975c9467fcd5f23 \
+    --hash=sha256:9436dc58c123f07b230383083855593550c4d301d2532045a17ccf6eca505f6d \
-    --hash=sha256:3c40c827d36c6d1c3cf413694d7dc843d50997ebffbc7c87d888a203ed6403a7 \
+    --hash=sha256:9dd6e9b1a913d096ac95d0399bd737e00f2af1e1594a787e00f7975778c8b2bf \
-    --hash=sha256:4d054f013a1983551254e2379385e359884e5af105e3efe00418977d02f634a7 \
+    --hash=sha256:ace010325c787c378afd7f7c1ac66b26313b3344628652eacd149bdd23c68841 \
-    --hash=sha256:63d971bb211ad3ca37b2adecdd5365f40f3b741a455beecba70fd0dde8b2a4cb \
+    --hash=sha256:b47a43177a5e65b771b80db71e7be76c0ba23cc8aa73eeeb089ed5219cdbe27d \
-    --hash=sha256:658624a11f6e1c252b2cd170d94bf28c8f9410acab9f2fd4369e11e1cd4e1aaf \
+    --hash=sha256:b797515be8743b771aa868f83563f789bbd4b236659ba52243b735d80b29ed93 \
-    --hash=sha256:76766cc80d6128750075378d3bb7812cf146415bd29b588616f72c943c00d598 \
+    --hash=sha256:b7993704f1a4b204e71debe6095150d43b2ee6150fa4f44d6d966ec356a8d61f \
-    --hash=sha256:7b57f26e5e6ee2f14f960db46bd58ffdca25ca06dd997729b1b179fddd35f5a3 \
+    --hash=sha256:d5c65bdf4484872c4af3150aeebe101ba560dcfb34488d9a8ff8dbcd21079647 \
-    --hash=sha256:7b852817800eb02e109ae4a9cef2beda8dd50d98b76b6cfb7b5c0099d27b52d4 \
+    --hash=sha256:d81eddcb12d608cc08081fa88d046c78afb1bf8107e6feab5d43503fea74a635 \
-    --hash=sha256:8cde829f14bd38f6da7b2954be0f2837043e8b8d7a9110ec5e318ae6bf706610 \
+    --hash=sha256:dc862056f76443a0db4509116c5cd480fe1b6a2d45512a653f9a855cc0517456 \
-    --hash=sha256:a2e3a39f43f0ce95204beb8fe0831199542ccab1e0c6e486a0b4947256215632 \
+    --hash=sha256:ecc771ab628ea281517e24fd2c52e8f31c41e66652d07599ad8818abaad38cda \
-    --hash=sha256:a86c962e211f37edd61d6e11bb4df7eddc4a519a38a856e20a6498c319efa6b0 \
+    --hash=sha256:f200755768dc19c6f4e2b672421e0ebb3dd54c38d5a4f262b872d8cfcc9e93b5 \
-    --hash=sha256:a8705c5073fe3fcc297fb8e0b31aa794e05af6a329e81b7ca4ffecab7f2b95ef \
+    --hash=sha256:f21756997ad8ef815d8ef3d34edd98804ab5ea337feedcd62fb52d22bf531281 \
-    --hash=sha256:b6aaeadf1e4866ca0fdf7bb4eed25e521ae21a7947c59f78154b24fc7abbe1dd \
+    --hash=sha256:fc13a9524bc18b6fb6e0dbec3533ba0496bbed167c56d0aabefd965584557d80
-    --hash=sha256:be62aeff8f2f054eff7725f502f6228298891fd648dc2630e03e44bf63e8cee0 \
+    # via
-    --hash=sha256:c2edbb783c841e36ca0fa159f0ae97a88ce8137fb3a6cd82eae77349ba4b607b \
+    #   aiohttp
-    --hash=sha256:cbe326f6d364375a8e5a8ccb7e9cd73f4b2f6dc3b2ed205633a0db8243e2a96a \
+    #   yarl
-    --hash=sha256:d34fbb98ad0d6b563b95de852a284074514331e6b9da0a9fc894fb1cdae7a79e \
+numpy==1.19.5 \
-    --hash=sha256:d97a86937cf9970453c3b62abb55a6475f173347b4cde7f8dcdb48c8e1b9952d \
+    --hash=sha256:012426a41bc9ab63bb158635aecccc7610e3eff5d31d1eb43bc099debc979d94 \
-    --hash=sha256:dd53d7c4a69e766e4900f29db5872f5824a06827d594427cf1a4aa542818b796 \
+    --hash=sha256:06fab248a088e439402141ea04f0fffb203723148f6ee791e9c75b3e9e82f080 \
-    --hash=sha256:df1889701e2dfd8ba4dc9b1a010f0a60950077fb5242bb92c8b5c7f1a6f2668a \
+    --hash=sha256:0eef32ca3132a48e43f6a0f5a82cb508f22ce5a3d6f67a8329c81c8e226d3f6e \
-    --hash=sha256:fa1fe75b4a9e18b66ae7f0b122543c42debcf800aaafa0212aaff3ad273c2596 \
+    --hash=sha256:1ded4fce9cfaaf24e7a0ab51b7a87be9038ea1ace7f34b841fe3b6894c721d1c \
+    --hash=sha256:2e55195bc1c6b705bfd8ad6f288b38b11b1af32f3c8289d6c50d47f950c12e76 \
+    --hash=sha256:2ea52bd92ab9f768cc64a4c3ef8f4b2580a17af0a5436f6126b08efbd1838371 \
+    --hash=sha256:36674959eed6957e61f11c912f71e78857a8d0604171dfd9ce9ad5cbf41c511c \
+    --hash=sha256:384ec0463d1c2671170901994aeb6dce126de0a95ccc3976c43b0038a37329c2 \
+    --hash=sha256:39b70c19ec771805081578cc936bbe95336798b7edf4732ed102e7a43ec5c07a \
+    --hash=sha256:400580cbd3cff6ffa6293df2278c75aef2d58d8d93d3c5614cd67981dae68ceb \
+    --hash=sha256:43d4c81d5ffdff6bae58d66a3cd7f54a7acd9a0e7b18d97abb255defc09e3140 \
+    --hash=sha256:50a4a0ad0111cc1b71fa32dedd05fa239f7fb5a43a40663269bb5dc7877cfd28 \
+    --hash=sha256:603aa0706be710eea8884af807b1b3bc9fb2e49b9f4da439e76000f3b3c6ff0f \
+    --hash=sha256:6149a185cece5ee78d1d196938b2a8f9d09f5a5ebfbba66969302a778d5ddd1d \
+    --hash=sha256:759e4095edc3c1b3ac031f34d9459fa781777a93ccc633a472a5468587a190ff \
+    --hash=sha256:7fb43004bce0ca31d8f13a6eb5e943fa73371381e53f7074ed21a4cb786c32f8 \
+    --hash=sha256:811daee36a58dc79cf3d8bdd4a490e4277d0e4b7d103a001a4e73ddb48e7e6aa \
+    --hash=sha256:8b5e972b43c8fc27d56550b4120fe6257fdc15f9301914380b27f74856299fea \
+    --hash=sha256:99abf4f353c3d1a0c7a5f27699482c987cf663b1eac20db59b8c7b061eabd7fc \
+    --hash=sha256:a0d53e51a6cb6f0d9082decb7a4cb6dfb33055308c4c44f53103c073f649af73 \
+    --hash=sha256:a12ff4c8ddfee61f90a1633a4c4afd3f7bcb32b11c52026c92a12e1325922d0d \
+    --hash=sha256:a4646724fba402aa7504cd48b4b50e783296b5e10a524c7a6da62e4a8ac9698d \
+    --hash=sha256:a76f502430dd98d7546e1ea2250a7360c065a5fdea52b2dffe8ae7180909b6f4 \
+    --hash=sha256:a9d17f2be3b427fbb2bce61e596cf555d6f8a56c222bd2ca148baeeb5e5c783c \
+    --hash=sha256:ab83f24d5c52d60dbc8cd0528759532736b56db58adaa7b5f1f76ad551416a1e \
+    --hash=sha256:aeb9ed923be74e659984e321f609b9ba54a48354bfd168d21a2b072ed1e833ea \
+    --hash=sha256:c843b3f50d1ab7361ca4f0b3639bf691569493a56808a0b0c54a051d260b7dbd \
+    --hash=sha256:cae865b1cae1ec2663d8ea56ef6ff185bad091a5e33ebbadd98de2cfa3fa668f \
+    --hash=sha256:cc6bd4fd593cb261332568485e20a0712883cf631f6f5e8e86a52caa8b2b50ff \
+    --hash=sha256:cf2402002d3d9f91c8b01e66fbb436a4ed01c6498fffed0e4c7566da1d40ee1e \
+    --hash=sha256:d051ec1c64b85ecc69531e1137bb9751c6830772ee5c1c426dbcfe98ef5788d7 \
+    --hash=sha256:d6631f2e867676b13026e2846180e2c13c1e11289d67da08d71cacb2cd93d4aa \
+    --hash=sha256:dbd18bcf4889b720ba13a27ec2f2aac1981bd41203b3a3b27ba7a33f88ae4827 \
+    --hash=sha256:df609c82f18c5b9f6cb97271f03315ff0dbe481a2a02e56aeb1b1a985ce38e60
     # via opencv-python-headless
-opencv-python-headless==4.3.0.36 \
+opencv-python-headless==4.5.1.48 \
-    --hash=sha256:065c6fc2efc61ebc3dd7de7774895e200b2c050d4e8b499cee717a9db526880e \
+    --hash=sha256:0e02809db2968e54f3c23340be6ff9a1428b3f03f5dca7cd5aceda66e319ce86 \
-    --hash=sha256:103c705540603f349e714edff93606c66d0e0a6a36d22aca8f4c2a3f8f25823c \
+    --hash=sha256:1f7c14f5d4e5af4dc4669fc6b4a983b36072a934c439ac11266b930496da8255 \
-    --hash=sha256:1b1dcdd4ccf4b71767add0b674f876aad666395471ccdce5455209329f036109 \
+    --hash=sha256:243aea91cc1e36a47c46da4cc408071af39444a48df1fe1539ea8d7990500fd2 \
-    --hash=sha256:271d7de7655f8d3a55100565b486d9f63da7465722e7a7ab834c853a2ee67b6e \
+    --hash=sha256:2560dcf3c1158226b066302f777bfe0f65282410b8d90871dd872306c967d1f1 \
-    --hash=sha256:2f71a14ccd109948f9c4c1761794e3512e7eff1e3b893619de6443467cec9052 \
+    --hash=sha256:2e6a9a88617a0ef7219cff24ba78a58416670a77e6ac63975f9009af3319ab63 \
-    --hash=sha256:325fc39fcee0d07df07b409cefe3868086ed60f7286798c32765dce393c6951d \
+    --hash=sha256:372149d007e20bf556b7687591d22b58b56b3c225f492da051d81587e5dc7411 \
-    --hash=sha256:3cf602a40750cbab284cb9d6f508d9110a3c79d4e18a261cb09957e2ca6f07d6 \
+    --hash=sha256:522f12dd994e064a30562adfd63b9439099bd7c80819f5261c37ebe593283c9e \
-    --hash=sha256:3d8b3e2b2dc5796cc1f34a6bd5e43d646818843a14554be55bb9e92dcb78ada0 \
+    --hash=sha256:526b9e19cf6300f0891d8f427eac1048091912332bb781eb4957a4994bfbe608 \
-    --hash=sha256:4b303ae6b207ed79071e2ab930a0f39d7e97bc176b730d552accdf7d0ea8ef5a \
+    --hash=sha256:5f0c7d34fa9953706c2a1a6d2760a91dc5a68cab3df16af61609894c6c8586f1 \
-    --hash=sha256:5fabfc789d6b8cffbb01f4e224d3583cce12666bbebafa15e8bca69111a21153 \
+    --hash=sha256:657cdd9fbbbbb7e898ae3d9b0649b367d0e440d429c714104d069c5612d578bb \
-    --hash=sha256:653459f61b44f1d7f20ce36c6112925b351e2abadb4be6f3007440b237bafffd \
+    --hash=sha256:65c9ea57be5ebcaed009b3fee14fe59f3b6aa1e573fe08c5039ff057ad593c53 \
-    --hash=sha256:8c496eb24af0ff16844f5b12fcbb28469151822fe19ece7b6cf66279c451981d \
+    --hash=sha256:777fb596e04331f73ef5b0c1faa4d33348f29ca58216d9286355c16f5489c939 \
-    --hash=sha256:9b0e9fa11f203c39a51044471f01d5db0dd493b13e6da209cc8945b12e6eef9e \
+    --hash=sha256:7c75680ffdf32d7044415a215d1fc60dbec14a7f2f0b59a85f0f74ef5efcb6ad \
-    --hash=sha256:baaeef03220c48430768503af990b3ca5582a3c1a1bf03519db122e2ddcd78a3 \
+    --hash=sha256:924aa4c34ead0b817309f42291dc526b2a7755476afe3009d1e275fc3090d92d \
-    --hash=sha256:d269133ebfe8c99b7abe096358c0644212103b4806ae6e8ef5149d4e0d5edb36 \
+    --hash=sha256:96d1da6ad061d8f3509668d398d14dd8265e529d6407f87eb26e7f4ddf043cc0 \
-    --hash=sha256:e204a75a00bee4c10875a94ccc8e102d9ab7e1259cc0f4ddf64cee777da6bbc9 \
+    --hash=sha256:9aa04a491c534531029fbac61da961fae0bf4abb1786eed9c91befde4ca7bd81 \
-    --hash=sha256:e217bbbbb7dc06d77c799edac196f2f706601f4f6a8b2d44ae25eda4cda23e08 \
+    --hash=sha256:a322d4df14c3a5f19701a023b3da91e9b8af8653b0d2ee0c50b0b341212f7343 \
-    --hash=sha256:f5a29918dd8d8c3f4d7710a324fd3c733a91ad269c4863b32b920cb90801e22b \
+    --hash=sha256:aa562c520f46283423ba8fac29099458e42deab697a9abd0491622e421c5c454 \
-    --hash=sha256:fe28cfc3b6285f7e92905c53d42426f4f03e7af134712061329333e8fb8ea3d6 \
+    --hash=sha256:ba2f0bd46e9534f29969e39f7895cbea9764173102b0c04b7818b8a9910d66e4 \
+    --hash=sha256:d16825755e7b5a6d8737f93e116670229e1510199e0af9213004e187ae0dbcc5 \
+    --hash=sha256:e3027e0d1b71b68b5cfe1ea9c627e323dff71112c854ba19805258d8fc6c630e \
+    --hash=sha256:f2011ecb3980bbed283d17d43e0f1221bac88c0cac1a6fb59a056544de2df2f7 \
+    --hash=sha256:f5e40a06116460ef2fd2d1c24be3b65f8bfb5fcdfe433f3fc01bcb4c2eb485bf \
+    --hash=sha256:f7f8e4f7c63c8e95eb210f4cba88d0069a0a964d6335d7a35b07f0d0baa13558 \
+    --hash=sha256:fe02a943b1a28b505e954fbce24e867119a3eb4351f93adad55c6cfe81a70484
     # via thumbor
 pillow==7.2.0 \
     --hash=sha256:0295442429645fa16d05bd567ef5cff178482439c9aad0411d3f0ce9b88b3a6f \
@@ -166,100 +225,171 @@ pillow==7.2.0 \
     --hash=sha256:94cf49723928eb6070a892cb39d6c156f7b5a2db4e8971cb958f7b6b104fb4c4 \
     --hash=sha256:97f9e7953a77d5a70f49b9a48da7776dc51e9b738151b22dacf101641594a626 \
     --hash=sha256:9ad7f865eebde135d526bb3163d0b23ffff365cf87e767c649550964ad72785d \
+    --hash=sha256:9c87ef410a58dd54b92424ffd7e28fd2ec65d2f7fc02b76f5e9b2067e355ebf6 \
     --hash=sha256:a060cf8aa332052df2158e5a119303965be92c3da6f2d93b6878f0ebca80b2f6 \
     --hash=sha256:c79f9c5fb846285f943aafeafda3358992d64f0ef58566e23484132ecd8d7d63 \
     --hash=sha256:c92302a33138409e8f1ad16731568c55c9053eee71bb05b6b744067e1b62380f \
     --hash=sha256:d08b23fdb388c0715990cbc06866db554e1822c4bdcf6d4166cf30ac82df8c41 \
     --hash=sha256:d350f0f2c2421e65fbc62690f26b59b0bcda1b614beb318c81e38647e0f673a1 \
+    --hash=sha256:e901964262a56d9ea3c2693df68bc9860b8bdda2b04768821e4c44ae797de117 \
     --hash=sha256:ec29604081f10f16a7aea809ad42e27764188fc258b02259a03a8ff7ded3808d \
     --hash=sha256:edf31f1150778abd4322444c393ab9c7bd2af271dd4dafb4208fb613b1f3cdc9 \
     --hash=sha256:f7e30c27477dffc3e85c2463b3e649f751789e0f6c8456099eea7ddd53be4a8a \
-    --hash=sha256:ffe538682dc19cc542ae7c3e504fdf54ca7f86fb8a135e59dd6bc8627eae6cce \
+    --hash=sha256:ffe538682dc19cc542ae7c3e504fdf54ca7f86fb8a135e59dd6bc8627eae6cce
     # via thumbor
 pyasn1-modules==0.2.8 \
     --hash=sha256:905f84c712230b2c592c19470d3ca8d552de726050d1d1716282a1f6146be65e \
-    --hash=sha256:a50b808ffeb97cb3601dd25981f6b016cbb3d31fbf57a8b8a87428e6158d0c74 \
+    --hash=sha256:a50b808ffeb97cb3601dd25981f6b016cbb3d31fbf57a8b8a87428e6158d0c74
     # via python-ldap
 pyasn1==0.4.8 \
     --hash=sha256:39c7e2ec30515947ff4e87fb6f456dfc6e84857d34be479c9d4a4ba4bf46aa5d \
-    --hash=sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba \
+    --hash=sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba
-    # via pyasn1-modules, python-ldap
+    # via
+    #   pyasn1-modules
+    #   python-ldap
+pycurl==7.43.0.6 \
+    --hash=sha256:8301518689daefa53726b59ded6b48f33751c383cf987b0ccfbbc4ed40281325
+    # via -r requirements/thumbor.in
 python-dateutil==2.8.1 \
     --hash=sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c \
-    --hash=sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a \
+    --hash=sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a
-    # via botocore, tc-aws
+    # via
+    #   botocore
+    #   tc-aws
 python-ldap==3.3.1 \
-    --hash=sha256:4711cacf013e298754abd70058ccc995758177fb425f1c2d30e71adfc1d00aa5 \
+    --hash=sha256:4711cacf013e298754abd70058ccc995758177fb425f1c2d30e71adfc1d00aa5
     # via django-auth-ldap
 pytz==2019.3 \
     --hash=sha256:1c557d7d0e871de1f5ccd5833f60fb2550652da6be2693c1e02300743d21500d \
-    --hash=sha256:b02c06db6cf09c12dd25137e563b31700d3b80fcc4ad23abb7a315f2789819be \
+    --hash=sha256:b02c06db6cf09c12dd25137e563b31700d3b80fcc4ad23abb7a315f2789819be
-    # via django, thumbor
+    # via
+    #   django
+    #   thumbor
 six==1.15.0 \
     --hash=sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259 \
-    --hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced \
+    --hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced
-    # via derpconf, libthumbor, python-dateutil
+    # via
-sqlparse==0.3.1 \
+    #   derpconf
-    --hash=sha256:022fb9c87b524d1f7862b3037e541f68597a730a8843245c349fc93e1643dc4e \
+    #   libthumbor
-    --hash=sha256:e162203737712307dfe78860cc56c8da8a852ab2ee33750e33aeadf38d12c548 \
+    #   python-dateutil
+sqlparse==0.4.1 \
+    --hash=sha256:017cde379adbd6a1f15a61873f43e8274179378e95ef3fede90b5aa64d304ed0 \
+    --hash=sha256:0f91fd2e829c44362cbcfab3e9ae12e22badaa8a29ad5ff599f9ec109f0454e8
     # via django
 statsd==3.3.0 \
     --hash=sha256:c610fb80347fca0ef62666d241bce64184bd7cc1efe582f9690e045c25535eaa \
-    --hash=sha256:e3e6db4c246f7c59003e51c9720a51a7f39a396541cb9b147ff4b14d15b5dd1f \
+    --hash=sha256:e3e6db4c246f7c59003e51c9720a51a7f39a396541cb9b147ff4b14d15b5dd1f
     # via thumbor
-https://github.com/kkopachev/aws/archive/0d02528b47273e143be750ba237f71a076e8f251.zip#egg=tc_aws==6.3 \
+https://github.com/kkopachev/aws/archive/b5058e6b9fec7354629acc6d5df423e0310bb0cd.zip#egg=tc_aws==6.3 \
-    --hash=sha256:866d18ffbfd5a1627ed3973757e4c282745de8f30ed85f5ce8e80ae04932f8f3 \
+    --hash=sha256:8a28437b0dfab88c89f280a2d6ec55a6abfa3e26d495dc15e1b3f38744e27f0c
     # via -r requirements/thumbor.in
 thumbor==7.0.0a5 \
-    --hash=sha256:5042c9c8facf0da028a22f1aee717f856d213ec037835ca0edaa0282217654bb \
+    --hash=sha256:5042c9c8facf0da028a22f1aee717f856d213ec037835ca0edaa0282217654bb
-    # via -r requirements/thumbor.in, tc-aws
+    # via
-tornado==6.0.4 \
+    #   -r requirements/thumbor.in
-    --hash=sha256:0fe2d45ba43b00a41cd73f8be321a44936dc1aba233dee979f17a042b83eb6dc \
+    #   tc-aws
-    --hash=sha256:22aed82c2ea340c3771e3babc5ef220272f6fd06b5108a53b4976d0d722bcd52 \
+tornado==6.1 \
-    --hash=sha256:2c027eb2a393d964b22b5c154d1a23a5f8727db6fda837118a776b29e2b8ebc6 \
+    --hash=sha256:0a00ff4561e2929a2c37ce706cb8233b7907e0cdc22eab98888aca5dd3775feb \
-    --hash=sha256:5217e601700f24e966ddab689f90b7ea4bd91ff3357c3600fa1045e26d68e55d \
+    --hash=sha256:0d321a39c36e5f2c4ff12b4ed58d41390460f798422c4504e09eb5678e09998c \
-    --hash=sha256:5618f72e947533832cbc3dec54e1dffc1747a5cb17d1fd91577ed14fa0dc081b \
+    --hash=sha256:1e8225a1070cd8eec59a996c43229fe8f95689cb16e552d130b9793cb570a288 \
-    --hash=sha256:5f6a07e62e799be5d2330e68d808c8ac41d4a259b9cea61da4101b83cb5dc673 \
+    --hash=sha256:20241b3cb4f425e971cb0a8e4ffc9b0a861530ae3c52f2b0434e6c1b57e9fd95 \
-    --hash=sha256:c58d56003daf1b616336781b26d184023ea4af13ae143d9dda65e31e534940b9 \
+    --hash=sha256:25ad220258349a12ae87ede08a7b04aca51237721f63b1808d39bdb4b2164558 \
-    --hash=sha256:c952975c8ba74f546ae6de2e226ab3cc3cc11ae47baf607459a6728585bb542a \
+    --hash=sha256:33892118b165401f291070100d6d09359ca74addda679b60390b09f8ef325ffe \
-    --hash=sha256:c98232a3ac391f5faea6821b53db8db461157baa788f5d6222a193e9456e1740 \
+    --hash=sha256:33c6e81d7bd55b468d2e793517c909b139960b6c790a60b7991b9b6b76fb9791 \
+    --hash=sha256:3447475585bae2e77ecb832fc0300c3695516a47d46cefa0528181a34c5b9d3d \
+    --hash=sha256:34ca2dac9e4d7afb0bed4677512e36a52f09caa6fded70b4e3e1c89dbd92c326 \
+    --hash=sha256:3e63498f680547ed24d2c71e6497f24bca791aca2fe116dbc2bd0ac7f191691b \
+    --hash=sha256:548430be2740e327b3fe0201abe471f314741efcb0067ec4f2d7dcfb4825f3e4 \
+    --hash=sha256:6196a5c39286cc37c024cd78834fb9345e464525d8991c21e908cc046d1cc02c \
+    --hash=sha256:61b32d06ae8a036a6607805e6720ef00a3c98207038444ba7fd3d169cd998910 \
+    --hash=sha256:6286efab1ed6e74b7028327365cf7346b1d777d63ab30e21a0f4d5b275fc17d5 \
+    --hash=sha256:65d98939f1a2e74b58839f8c4dab3b6b3c1ce84972ae712be02845e65391ac7c \
+    --hash=sha256:66324e4e1beede9ac79e60f88de548da58b1f8ab4b2f1354d8375774f997e6c0 \
+    --hash=sha256:6c77c9937962577a6a76917845d06af6ab9197702a42e1346d8ae2e76b5e3675 \
+    --hash=sha256:70dec29e8ac485dbf57481baee40781c63e381bebea080991893cd297742b8fd \
+    --hash=sha256:7250a3fa399f08ec9cb3f7b1b987955d17e044f1ade821b32e5f435130250d7f \
+    --hash=sha256:748290bf9112b581c525e6e6d3820621ff020ed95af6f17fedef416b27ed564c \
+    --hash=sha256:7da13da6f985aab7f6f28debab00c67ff9cbacd588e8477034c0652ac141feea \
+    --hash=sha256:8f959b26f2634a091bb42241c3ed8d3cedb506e7c27b8dd5c7b9f745318ddbb6 \
+    --hash=sha256:9de9e5188a782be6b1ce866e8a51bc76a0fbaa0e16613823fc38e4fc2556ad05 \
+    --hash=sha256:a48900ecea1cbb71b8c71c620dee15b62f85f7c14189bdeee54966fbd9a0c5bd \
+    --hash=sha256:b87936fd2c317b6ee08a5741ea06b9d11a6074ef4cc42e031bc6403f82a32575 \
+    --hash=sha256:c77da1263aa361938476f04c4b6c8916001b90b2c2fdd92d8d535e1af48fba5a \
+    --hash=sha256:cb5ec8eead331e3bb4ce8066cf06d2dfef1bfb1b2a73082dfe8a161301b76e37 \
+    --hash=sha256:cc0ee35043162abbf717b7df924597ade8e5395e7b66d18270116f8745ceb795 \
+    --hash=sha256:d14d30e7f46a0476efb0deb5b61343b1526f73ebb5ed84f23dc794bdb88f9d9f \
+    --hash=sha256:d371e811d6b156d82aa5f9a4e08b58debf97c302a35714f6f45e35139c332e32 \
+    --hash=sha256:d3d20ea5782ba63ed13bc2b8c291a053c8d807a8fa927d941bd718468f7b950c \
+    --hash=sha256:d3f7594930c423fd9f5d1a76bee85a2c36fd8b4b16921cae7e965f22575e9c01 \
+    --hash=sha256:dcef026f608f678c118779cd6591c8af6e9b4155c44e0d1bc0c87c036fb8c8c4 \
+    --hash=sha256:e0791ac58d91ac58f694d8d2957884df8e4e2f6687cdf367ef7eb7497f79eaa2 \
+    --hash=sha256:e385b637ac3acaae8022e7e47dfa7b83d3620e432e3ecb9a3f7f58f150e50921 \
+    --hash=sha256:e519d64089b0876c7b467274468709dadf11e41d65f63bba207e04217f47c085 \
+    --hash=sha256:e7229e60ac41a1202444497ddde70a48d33909e484f96eb0da9baf8dc68541df \
+    --hash=sha256:ed3ad863b1b40cd1d4bd21e7498329ccaece75db5a5bf58cd3c9f130843e7102 \
+    --hash=sha256:f0ba29bafd8e7e22920567ce0d232c26d4d47c8b5cf4ed7b562b5db39fa199c5 \
+    --hash=sha256:fa2ba70284fa42c2a5ecb35e322e68823288a4251f9ba9cc77be04ae15eada68 \
+    --hash=sha256:fba85b6cd9c39be262fcd23865652920832b61583de2a2ca907dbd8e8a8c81e5
     # via thumbor
-typing-extensions==3.7.4.2 \
+typing-extensions==3.7.4.3 \
-    --hash=sha256:6e95524d8a547a91e08f404ae485bbb71962de46967e1b71a0cb89af24e761c5 \
+    --hash=sha256:7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918 \
-    --hash=sha256:79ee589a3caca649a9bfd2a8de4709837400dfa00b6cc81962a1e6a1815969ae \
+    --hash=sha256:99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c \
-    --hash=sha256:f8d2bd89d25bc39dabe7d23df520442fa1d8969b82544370e03d88b5a591c392 \
+    --hash=sha256:dafc7639cde7f1b6e1acc0f457842a83e722ccca8eef5270af2d74792619a89f
-    # via aiohttp, aioitertools
+    # via
-urllib3==1.25.9 \
+    #   aiohttp
-    --hash=sha256:3018294ebefce6572a474f0604c2021e33b3fd8006ecd11d62107a5d2a963527 \
+    #   aioitertools
-    --hash=sha256:88206b0eb87e6d677d424843ac5209e3fb9d0190d0ee169599165ec25e9d9115 \
+    #   yarl
+urllib3==1.26.3 \
+    --hash=sha256:1b465e494e3e0d8939b50680403e3aedaa2bc434b7d5af64dfd3c958d7f5ae80 \
+    --hash=sha256:de3eedaad74a2683334e282005cd8d7f22f4d55fa690a2a1020a416cb0a47e73
     # via botocore
 virtualenv-clone==0.5.4 \
     --hash=sha256:07e74418b7cc64f4fda987bf5bc71ebd59af27a7bc9e8a8ee9fd54b1f2390a27 \
-    --hash=sha256:665e48dd54c84b98b71a657acb49104c54e7652bce9c1c4f6c6976ed4c827a29 \
+    --hash=sha256:665e48dd54c84b98b71a657acb49104c54e7652bce9c1c4f6c6976ed4c827a29
     # via -r requirements/thumbor.in
 webcolors==1.11.1 \
     --hash=sha256:76f360636957d1c976db7466bc71dcb713bb95ac8911944dffc55c01cb516de6 \
-    --hash=sha256:b8cd5d865a25c51ff1218f0c90d0c0781fc64312a49b746b320cf50de1648f6e \
+    --hash=sha256:b8cd5d865a25c51ff1218f0c90d0c0781fc64312a49b746b320cf50de1648f6e
     # via thumbor
 wrapt==1.12.1 \
-    --hash=sha256:b62ffa81fb85f4332a4f609cab4ac40709470da05643a082ec1eb88e6d9b97d7 \
+    --hash=sha256:b62ffa81fb85f4332a4f609cab4ac40709470da05643a082ec1eb88e6d9b97d7
     # via aiobotocore
-yarl==1.4.2 \
+yarl==1.6.3 \
-    --hash=sha256:0c2ab325d33f1b824734b3ef51d4d54a54e0e7a23d13b86974507602334c2cce \
+    --hash=sha256:00d7ad91b6583602eb9c1d085a2cf281ada267e9a197e8b7cae487dadbfa293e \
-    --hash=sha256:0ca2f395591bbd85ddd50a82eb1fde9c1066fafe888c5c7cc1d810cf03fd3cc6 \
+    --hash=sha256:0355a701b3998dcd832d0dc47cc5dedf3874f966ac7f870e0f3a6788d802d434 \
-    --hash=sha256:2098a4b4b9d75ee352807a95cdf5f10180db903bc5b7270715c6bbe2551f64ce \
+    --hash=sha256:15263c3b0b47968c1d90daa89f21fcc889bb4b1aac5555580d74565de6836366 \
-    --hash=sha256:25e66e5e2007c7a39541ca13b559cd8ebc2ad8fe00ea94a2aad28a9b1e44e5ae \
+    --hash=sha256:2ce4c621d21326a4a5500c25031e102af589edb50c09b321049e388b3934eec3 \
-    --hash=sha256:26d7c90cb04dee1665282a5d1a998defc1a9e012fdca0f33396f81508f49696d \
+    --hash=sha256:31ede6e8c4329fb81c86706ba8f6bf661a924b53ba191b27aa5fcee5714d18ec \
-    --hash=sha256:308b98b0c8cd1dfef1a0311dc5e38ae8f9b58349226aa0533f15a16717ad702f \
+    --hash=sha256:324ba3d3c6fee56e2e0b0d09bf5c73824b9f08234339d2b788af65e60040c959 \
-    --hash=sha256:3ce3d4f7c6b69c4e4f0704b32eca8123b9c58ae91af740481aa57d7857b5e41b \
+    --hash=sha256:329412812ecfc94a57cd37c9d547579510a9e83c516bc069470db5f75684629e \
-    --hash=sha256:58cd9c469eced558cd81aa3f484b2924e8897049e06889e8ff2510435b7ef74b \
+    --hash=sha256:4736eaee5626db8d9cda9eb5282028cc834e2aeb194e0d8b50217d707e98bb5c \
-    --hash=sha256:5b10eb0e7f044cf0b035112446b26a3a2946bca9d7d7edb5e54a2ad2f6652abb \
+    --hash=sha256:4953fb0b4fdb7e08b2f3b3be80a00d28c5c8a2056bb066169de00e6501b986b6 \
-    --hash=sha256:6faa19d3824c21bcbfdfce5171e193c8b4ddafdf0ac3f129ccf0cdfcb083e462 \
+    --hash=sha256:4c5bcfc3ed226bf6419f7a33982fb4b8ec2e45785a0561eb99274ebbf09fdd6a \
-    --hash=sha256:944494be42fa630134bf907714d40207e646fd5a94423c90d5b514f7b0713fea \
+    --hash=sha256:547f7665ad50fa8563150ed079f8e805e63dd85def6674c97efd78eed6c224a6 \
-    --hash=sha256:a161de7e50224e8e3de6e184707476b5a989037dcb24292b391a3d66ff158e70 \
+    --hash=sha256:5b883e458058f8d6099e4420f0cc2567989032b5f34b271c0827de9f1079a424 \
-    --hash=sha256:a4844ebb2be14768f7994f2017f70aca39d658a96c786211be5ddbe1c68794c1 \
+    --hash=sha256:63f90b20ca654b3ecc7a8d62c03ffa46999595f0167d6450fa8383bab252987e \
-    --hash=sha256:c2b509ac3d4b988ae8769901c66345425e361d518aecbe4acbfc2567e416626a \
+    --hash=sha256:68dc568889b1c13f1e4745c96b931cc94fdd0defe92a72c2b8ce01091b22e35f \
-    --hash=sha256:c9959d49a77b0e07559e579f38b2f3711c2b8716b8410b320bf9713013215a1b \
+    --hash=sha256:69ee97c71fee1f63d04c945f56d5d726483c4762845400a6795a3b75d56b6c50 \
-    --hash=sha256:d8cdee92bc930d8b09d8bd2043cedd544d9c8bd7436a77678dd602467a993080 \
+    --hash=sha256:6d6283d8e0631b617edf0fd726353cb76630b83a089a40933043894e7f6721e2 \
-    --hash=sha256:e15199cdb423316e15f108f51249e44eb156ae5dba232cb73be555324a1d49c2 \
+    --hash=sha256:72a660bdd24497e3e84f5519e57a9ee9220b6f3ac4d45056961bf22838ce20cc \
+    --hash=sha256:73494d5b71099ae8cb8754f1df131c11d433b387efab7b51849e7e1e851f07a4 \
+    --hash=sha256:7356644cbed76119d0b6bd32ffba704d30d747e0c217109d7979a7bc36c4d970 \
+    --hash=sha256:8a9066529240171b68893d60dca86a763eae2139dd42f42106b03cf4b426bf10 \
+    --hash=sha256:8aa3decd5e0e852dc68335abf5478a518b41bf2ab2f330fe44916399efedfae0 \
+    --hash=sha256:97b5bdc450d63c3ba30a127d018b866ea94e65655efaf889ebeabc20f7d12406 \
+    --hash=sha256:9ede61b0854e267fd565e7527e2f2eb3ef8858b301319be0604177690e1a3896 \
+    --hash=sha256:b2e9a456c121e26d13c29251f8267541bd75e6a1ccf9e859179701c36a078643 \
+    --hash=sha256:b5dfc9a40c198334f4f3f55880ecf910adebdcb2a0b9a9c23c9345faa9185721 \
+    --hash=sha256:bafb450deef6861815ed579c7a6113a879a6ef58aed4c3a4be54400ae8871478 \
+    --hash=sha256:c49ff66d479d38ab863c50f7bb27dee97c6627c5fe60697de15529da9c3de724 \
+    --hash=sha256:ce3beb46a72d9f2190f9e1027886bfc513702d748047b548b05dab7dfb584d2e \
+    --hash=sha256:d26608cf178efb8faa5ff0f2d2e77c208f471c5a3709e577a7b3fd0445703ac8 \
+    --hash=sha256:d597767fcd2c3dc49d6eea360c458b65643d1e4dbed91361cf5e36e53c1f8c96 \
+    --hash=sha256:d5c32c82990e4ac4d8150fd7652b972216b204de4e83a122546dce571c1bdf25 \
+    --hash=sha256:d8d07d102f17b68966e2de0e07bfd6e139c7c02ef06d3a0f8d2f0f055e13bb76 \
+    --hash=sha256:e46fba844f4895b36f4c398c5af062a9808d1f26b2999c58909517384d5deda2 \
+    --hash=sha256:e6b5460dc5ad42ad2b36cca524491dfcaffbfd9c8df50508bddc354e787b8dc2 \
+    --hash=sha256:f040bcc6725c821a4c0665f3aa96a4d0805a7aaf2caf266d256b8ed71b9f041c \
+    --hash=sha256:f0b059678fd549c66b89bed03efcabb009075bd131c248ecdf087bdb6faba24a \
+    --hash=sha256:fcbb48a93e8699eae920f8d92f7160c03567b421bc17362a9ffbbd706a816f71
     # via aiohttp

scripts/lib/certbot-maybe-renew

@@ -6,7 +6,7 @@ zulip_conf_get_boolean() {
     # Treat absent and invalid values as false.
     value=$(crudini --get /etc/zulip/zulip.conf "$1" "$2" 2>/dev/null)
     case "$(echo "$value" | tr '[:upper:]' '[:lower:]')" in
-        1|yes|true|on) return 0 ;;
+        1 | yes | true | on) return 0 ;;
         *) return 1 ;;
     esac
 }
@@ -18,5 +18,5 @@ fi
 deploy_hook="${ZULIP_CERTBOT_DEPLOY_HOOK:-service nginx reload}"
 
 certbot renew --quiet \
-  --webroot --webroot-path=/var/lib/zulip/certbot-webroot/ \
+    --webroot --webroot-path=/var/lib/zulip/certbot-webroot/ \
-  --deploy-hook "$deploy_hook"
+    --deploy-hook "$deploy_hook"

scripts/lib/install

@@ -43,7 +43,7 @@ Options:
       Skip the initial `apt-get dist-upgrade`.
 
 EOF
-};
+}
 
 # Shell option parsing.  Over time, we'll want to move some of the
 # environment variables below into this self-documenting system.
@@ -51,22 +51,62 @@ args="$(getopt -o '' --long help,hostname:,email:,certbot,self-signed-cert,cacer
 eval "set -- $args"
 while true; do
     case "$1" in
-        --help) usage; exit 0;;
+        --help)
+            usage
+            exit 0
+            ;;
 
-        --hostname) EXTERNAL_HOST="$2"; shift; shift;;
+        --hostname)
-        --email) ZULIP_ADMINISTRATOR="$2"; shift; shift;;
+            EXTERNAL_HOST="$2"
+            shift
+            shift
+            ;;
+        --email)
+            ZULIP_ADMINISTRATOR="$2"
+            shift
+            shift
+            ;;
 
-        --certbot) USE_CERTBOT=1; shift;;
+        --certbot)
-        --cacert) export CUSTOM_CA_CERTIFICATES="$2"; shift; shift;;
+            USE_CERTBOT=1
-        --self-signed-cert) SELF_SIGNED_CERT=1; shift;;
+            shift
+            ;;
+        --cacert)
+            export CUSTOM_CA_CERTIFICATES="$2"
+            shift
+            shift
+            ;;
+        --self-signed-cert)
+            SELF_SIGNED_CERT=1
+            shift
+            ;;
 
-        --postgres-version) POSTGRES_VERSION="$2"; shift; shift;;
+        --postgres-version)
-        --postgres-missing-dictionaries) POSTGRES_MISSING_DICTIONARIES=1; shift;;
+            POSTGRES_VERSION="$2"
-        --no-init-db) NO_INIT_DB=1; shift;;
+            shift
+            shift
+            ;;
+        --postgres-missing-dictionaries)
+            POSTGRES_MISSING_DICTIONARIES=1
+            shift
+            ;;
+        --no-init-db)
+            NO_INIT_DB=1
+            shift
+            ;;
 
-        --no-overwrite-settings) NO_OVERWRITE_SETTINGS=1; shift;;
+        --no-overwrite-settings)
-        --no-dist-upgrade) NO_DIST_UPGRADE=1; shift;;
+            NO_OVERWRITE_SETTINGS=1
-        --) shift; break;;
+            shift
+            ;;
+        --no-dist-upgrade)
+            NO_DIST_UPGRADE=1
+            shift
+            ;;
+        --)
+            shift
+            break
+            ;;
     esac
 done
 
@@ -78,9 +118,9 @@ fi
 ## Options from environment variables.
 #
 # Specify options for apt.
-read -r -a APT_OPTIONS <<< "${APT_OPTIONS:-}"
+read -r -a APT_OPTIONS <<<"${APT_OPTIONS:-}"
 # Install additional packages.
-read -r -a ADDITIONAL_PACKAGES <<< "${ADDITIONAL_PACKAGES:-}"
+read -r -a ADDITIONAL_PACKAGES <<<"${ADDITIONAL_PACKAGES:-}"
 # Comma-separated list of puppet manifests to install.  default is
 # zulip::voyager for an all-in-one system or zulip::dockervoyager for
 # Docker.  Use e.g. zulip::app_frontend for a Zulip frontend server.
@@ -111,8 +151,8 @@ if [ -z "$EXTERNAL_HOST" ] || [ -z "$ZULIP_ADMINISTRATOR" ]; then
     fi
 fi
 
-if [ "$EXTERNAL_HOST" = zulip.example.com ] ||
+if [ "$EXTERNAL_HOST" = zulip.example.com ] \
-   [ "$ZULIP_ADMINISTRATOR" = zulip-admin@example.com ]; then
+    || [ "$ZULIP_ADMINISTRATOR" = zulip-admin@example.com ]; then
     # These example values are specifically checked for and would fail
     # later; see check_config in zerver/lib/management.py.
     echo 'error: The example hostname and email must be replaced with real values.' >&2
@@ -134,8 +174,16 @@ export LANGUAGE="en_US.UTF-8"
 
 # Check for a supported OS release.
 if [ -f /etc/os-release ]; then
-    os_info="$(. /etc/os-release; printf '%s\n' "$ID" "$ID_LIKE" "$VERSION_ID" "$VERSION_CODENAME")"
+    os_info="$(
-    { read -r os_id; read -r os_id_like; read -r os_version_id; read -r os_version_codename || true; } <<< "$os_info"
+        . /etc/os-release
+        printf '%s\n' "$ID" "$ID_LIKE" "$VERSION_ID" "$VERSION_CODENAME"
+    )"
+    {
+        read -r os_id
+        read -r os_id_like
+        read -r os_version_id
+        read -r os_version_codename || true
+    } <<<"$os_info"
     case " $os_id $os_id_like " in
         *' debian '*)
             package_system="apt"
@@ -147,7 +195,7 @@ if [ -f /etc/os-release ]; then
 fi
 
 case "$os_id$os_version_id" in
-    debian10|ubuntu18.04|ubuntu20.04) ;;
+    debian10 | ubuntu18.04 | ubuntu20.04) ;;
     *)
         set +x
         cat <<EOF
@@ -163,10 +211,11 @@ For more information, see:
   https://zulip.readthedocs.io/en/latest/production/requirements.html
 EOF
         exit 1
+        ;;
 esac
 
-if [ "$os_id" = ubuntu ] && ! apt-cache policy |
+if [ "$os_id" = ubuntu ] && ! apt-cache policy \
-           grep -q "^     release v=$os_version_id,o=Ubuntu,a=$os_version_codename,n=$os_version_codename,l=Ubuntu,c=universe"; then
+    | grep -q "^     release v=$os_version_id,o=Ubuntu,a=$os_version_codename,n=$os_version_codename,l=Ubuntu,c=universe"; then
     set +x
     cat <<'EOF'
 
@@ -187,10 +236,10 @@ case ",$PUPPET_CLASSES," in
         if [ "$package_system" = apt ]; then
             # We're going to install Postgres from the postgres apt
             # repository; this may conflict with the existing postgres.
-            OTHER_PG="$(dpkg --get-selections |
+            OTHER_PG="$(dpkg --get-selections \
-                             grep -E '^postgresql-[0-9]+\s+install$' |
+                | grep -E '^postgresql-[0-9]+\s+install$' \
-                             grep -v "^postgresql-$POSTGRES_VERSION\b" |
+                | grep -v "^postgresql-$POSTGRES_VERSION\b" \
-                             cut -f 1)" || true
+                | cut -f 1)" || true
             if [ -n "$OTHER_PG" ]; then
                 INDENTED="${OTHER_PG//$'\n'/$'\n'    }"
                 SPACED="${OTHER_PG//$'\n'/ }"
@@ -274,9 +323,9 @@ fi
 
 if [ "$package_system" = apt ]; then
     if ! apt-get install -y \
-         puppet git curl wget jq \
+        puppet git curl wget jq \
-         python3 crudini \
+        python3 crudini \
-         "${ADDITIONAL_PACKAGES[@]}"; then
+        "${ADDITIONAL_PACKAGES[@]}"; then
         set +x
         echo -e '\033[0;31m' >&2
         echo "Installing packages failed; is network working and (on Ubuntu) the universe repository enabled?" >&2
@@ -286,9 +335,9 @@ if [ "$package_system" = apt ]; then
     fi
 elif [ "$package_system" = yum ]; then
     if ! yum install -y \
-         puppet git curl wget jq \
+        puppet git curl wget jq \
-         python3 crudini \
+        python3 crudini \
-         "${ADDITIONAL_PACKAGES[@]}"; then
+        "${ADDITIONAL_PACKAGES[@]}"; then
         set +x
         echo -e '\033[0;31m' >&2
         echo "Installing packages failed; is network working?" >&2
@@ -328,13 +377,13 @@ has_class() {
 id -u zulip &>/dev/null || useradd -m zulip --home-dir /home/zulip
 if [ -n "$NO_OVERWRITE_SETTINGS" ] && [ -e "/etc/zulip/zulip.conf" ]; then
     "$ZULIP_PATH"/scripts/zulip-puppet-apply --force --noop \
-                 --write-catalog-summary \
+        --write-catalog-summary \
-                 --classfile=/var/lib/puppet/classes.txt \
+        --classfile=/var/lib/puppet/classes.txt \
-                 >/dev/null
+        >/dev/null
 else
     # Write out more than we need, and remove sections that are not
     # applicable to the classes that are actually necessary.
-    cat <<EOF > /etc/zulip/zulip.conf
+    cat <<EOF >/etc/zulip/zulip.conf
 [machine]
 puppet_classes = $PUPPET_CLASSES
 deploy_type = production
@@ -352,9 +401,9 @@ EOF
     fi
 
     "$ZULIP_PATH"/scripts/zulip-puppet-apply --force --noop \
-                 --write-catalog-summary \
+        --write-catalog-summary \
-                 --classfile=/var/lib/puppet/classes.txt \
+        --classfile=/var/lib/puppet/classes.txt \
-                 >/dev/null
+        >/dev/null
 
     # We only need the postgres version setting on database hosts; but
     # we don't know if this is a database host until we have the catalog summary.

scripts/lib/install-node

@@ -31,7 +31,10 @@ fi
 if [ "$current_node_version" != "v$node_version" ] || ! [ -L "$node_wrapper_path" ]; then
     export NVM_DIR=/usr/local/nvm
     # shellcheck source=/dev/null
-    if ! [ -e "$NVM_DIR/nvm.sh" ] || { . "$NVM_DIR/nvm.sh"; [ "$(nvm --version)" != "$nvm_version" ]; }; then
+    if ! [ -e "$NVM_DIR/nvm.sh" ] || {
+        . "$NVM_DIR/nvm.sh"
+        [ "$(nvm --version)" != "$nvm_version" ]
+    }; then
         mkdir -p "$NVM_DIR"
         wget_opts=(-nv)
         if [ -n "${CUSTOM_CA_CERTIFICATES:-}" ]; then

scripts/lib/setup-apt-repo

@@ -36,7 +36,7 @@ apt-get -y install "${pre_setup_deps[@]}"
 SCRIPTS_PATH="$(dirname "$(dirname "$0")")"
 
 release=$(lsb_release -sc)
-if [[ "$release" =~ ^(bionic|cosmic|disco|eoan|focal)$ ]] ; then
+if [[ "$release" =~ ^(bionic|cosmic|disco|eoan|focal)$ ]]; then
     apt-key add "$SCRIPTS_PATH"/setup/pgdg.asc
     apt-key add "$SCRIPTS_PATH"/setup/pgroonga-ppa.asc
     cat >$SOURCES_FILE <<EOF
@@ -46,7 +46,7 @@ deb-src http://apt.postgresql.org/pub/repos/apt/ $release-pgdg main
 deb http://ppa.launchpad.net/groonga/ppa/ubuntu $release main
 deb-src http://ppa.launchpad.net/groonga/ppa/ubuntu $release main
 EOF
-elif [[ "$release" =~ ^(buster)$ ]] ; then
+elif [[ "$release" =~ ^(buster)$ ]]; then
     apt-key add "$SCRIPTS_PATH"/setup/pgdg.asc
     apt-key add "$SCRIPTS_PATH"/setup/pgroonga-debian.asc
     cat >$SOURCES_FILE <<EOF
@@ -71,4 +71,4 @@ else
     apt-get update && rm -f "$STAMP_FILE"
 fi
 
-echo "$DEPENDENCIES_HASH" > "$DEPENDENCIES_HASH_FILE"
+echo "$DEPENDENCIES_HASH" >"$DEPENDENCIES_HASH_FILE"

scripts/lib/setup-apt-repo-debathena

@@ -54,4 +54,4 @@ else
     apt-get update && rm -f "$STAMP_FILE"
 fi
 
-echo "$DEPENDENCIES_HASH" > "$DEPENDENCIES_HASH_FILE"
+echo "$DEPENDENCIES_HASH" >"$DEPENDENCIES_HASH_FILE"

scripts/lib/setup-yum-repo

@@ -7,14 +7,19 @@ args="$(getopt -o '' --long prod -- "$@")"
 eval "set -- $args"
 while true; do
     case "$1" in
-        --prod) is_prod=true; shift;;
+        --prod)
-        --) shift; break;;
+            is_prod=true
+            shift
+            ;;
+        --)
+            shift
+            break
+            ;;
     esac
 done
 
 is_centos=false
 is_rhel=false
-is_rhel_registered=false
 if [ -e /etc/centos-release ]; then
     is_centos=true
     yum install -y epel-release
@@ -27,12 +32,6 @@ if [ -e /etc/centos-release ]; then
 elif grep -q "Red Hat" /etc/redhat-release; then
     is_rhel=true
     yum localinstall -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-    if subscription-manager status; then
-        # See https://access.redhat.com/discussions/2217891#comment-1032701
-        is_rhel_registered=true
-        # libmemcached-devel can be installed directly if the machine is registered
-        subscription-manager repos --enable "rhel-*-optional-rpms" --enable "rhel-*-extras-rpms"
-    fi
 fi
 
 yum update -y
@@ -51,10 +50,6 @@ if [ "$is_centos" = true ]; then
     # https://pgroonga.github.io/install/centos.html
     yum localinstall -y https://packages.groonga.org/centos/groonga-release-latest.noarch.rpm
 elif [ "$is_rhel" = true ]; then
-    if [ "$is_rhel_registered" = false ]; then
-        echo "This machine is unregistered; installing libmemcached-devel from a CentOS mirror ..."
-        yum localinstall -y http://mirror.centos.org/centos/7/os/x86_64/Packages/libmemcached-devel-1.0.16-5.el7.x86_64.rpm
-    fi
     yum localinstall -y https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-latest-x86_64/pgdg-redhat10-10-2.noarch.rpm
     yum localinstall -y https://packages.groonga.org/centos/groonga-release-latest.noarch.rpm
 else

scripts/lib/setup_venv.py

@@ -17,7 +17,6 @@ VENV_DEPENDENCIES = [
     "zlib1g-dev",             # Needed to handle compressed PNGs with Pillow
     "libjpeg-dev",          # Needed to handle JPEGs with Pillow
     "libldap2-dev",
-    "libmemcached-dev",
     "python3-dev",          # Needed to install typed-ast dependency of mypy
     "python3-pip",
     "virtualenv",
@@ -35,6 +34,8 @@ VENV_DEPENDENCIES = [
     # on upgrade of a production server, and it's not worth adding
     # another call to `apt install` for.
     "jq",                   # Used by scripts/lib/install-node to check yarn version
+
+    "libsasl2-dev",         # For building python-ldap from source
 ]
 
 COMMON_YUM_VENV_DEPENDENCIES = [
@@ -43,7 +44,6 @@ COMMON_YUM_VENV_DEPENDENCIES = [
     "zlib-devel",
     "libjpeg-turbo-devel",
     "openldap-devel",
-    "libmemcached-devel",
     # Needed by python-xmlsec:
     "gcc"
     "python3-devel",

scripts/setup/flush-memcached

@@ -9,15 +9,10 @@ from scripts.lib.setup_path import setup_path
 
 setup_path()
 
-import pylibmc
+import bmemcached
 
 from zproject import settings
 
-assert isinstance(settings.CACHES["default"], dict)  # for mypy
+cache = settings.CACHES["default"]
-pylibmc.Client(
+assert isinstance(cache, dict)  # for mypy
-    [settings.MEMCACHED_LOCATION],
+bmemcached.Client((cache["LOCATION"],), **cache["OPTIONS"]).flush_all()
-    binary=True,
-    username=settings.MEMCACHED_USERNAME,
-    password=settings.MEMCACHED_PASSWORD,
-    behaviors=settings.CACHES["default"]["OPTIONS"],
-).flush_all()

scripts/setup/generate-self-signed-cert

@@ -10,11 +10,20 @@ args="$(getopt -o '' --long help,force,exists-ok -- "$@")"
 eval "set -- $args"
 while true; do
     case "$1" in
-        --help) usage;;
+        --help) usage ;;
-        --force) FORCE=1; shift;;
+        --force)
-        --exists-ok) EXISTS_OK=1; shift;;
+            FORCE=1
-        --) shift; break;;
+            shift
-        *) usage;;
+            ;;
+        --exists-ok)
+            EXISTS_OK=1
+            shift
+            ;;
+        --)
+            shift
+            break
+            ;;
+        *) usage ;;
     esac
 done
 EXTERNAL_HOST="$1"
@@ -51,9 +60,9 @@ fi
 rm -f "$KEYFILE" "$CERTFILE"
 
 if [[ "$EXTERNAL_HOST" =~ ^(([0-9]+\.){3}[0-9]+)(:[0-9]+)?$ ]]; then
-    subjectAltName="IP:${BASH_REMATCH[1]}"  # IPv4 address
+    subjectAltName="IP:${BASH_REMATCH[1]}" # IPv4 address
 elif [[ "$EXTERNAL_HOST" =~ ^\[([^][]*)\](:[0-9]+)?$ ]]; then
-    subjectAltName="IP:${BASH_REMATCH[1]}"  # IPv6 address
+    subjectAltName="IP:${BASH_REMATCH[1]}" # IPv6 address
 elif [[ "$EXTERNAL_HOST" =~ ^([^:]+)(:[0-9]+)?$ ]]; then
     subjectAltName="DNS:${BASH_REMATCH[1]}"
 else
@@ -94,8 +103,8 @@ fi
 
 # Based on /usr/sbin/make-ssl-cert from Debian's `ssl-cert` package.
 openssl req -new -x509 \
-        -config "$config" -days 3650 -nodes -sha256 \
+    -config "$config" -days 3650 -nodes -sha256 \
-        -out "$CERTFILE" -keyout "$KEYFILE"
+    -out "$CERTFILE" -keyout "$KEYFILE"
 
 chmod 644 "$CERTFILE"
 chmod 640 "$KEYFILE"

scripts/setup/initialize-database

@@ -10,10 +10,16 @@ args="$(getopt -o '' --long help,quiet -- "$@")"
 eval "set -- $args"
 while true; do
     case "$1" in
-        --help) usage;;
+        --help) usage ;;
-        --quiet) QUIET=1; shift;;
+        --quiet)
-        --) shift; break;;
+            QUIET=1
-        *) usage;;
+            shift
+            ;;
+        --)
+            shift
+            break
+            ;;
+        *) usage ;;
     esac
 done
 

scripts/setup/install-wal-g.sh

@@ -8,11 +8,11 @@ HASH="$2"
 
 cd /tmp
 wget -qO "wal-g-$VERSION.tar.gz" \
-     "https://github.com/wal-g/wal-g/releases/download/v$VERSION/wal-g.linux-amd64.tar.gz"
+    "https://github.com/wal-g/wal-g/releases/download/v$VERSION/wal-g.linux-amd64.tar.gz"
 
 # Check not against the arbitrary provided sha256 on Github, but
 # against the (same) sha256 that we hardcode as "known good".
-echo "$HASH  wal-g-$VERSION.tar.gz" > "wal-g-$VERSION.tar.gz.sha256"
+echo "$HASH  wal-g-$VERSION.tar.gz" >"wal-g-$VERSION.tar.gz.sha256"
 sha256sum -c "wal-g-$VERSION.tar.gz.sha256"
 
 tar xzf "wal-g-$VERSION.tar.gz"

scripts/setup/postgres-init-db

@@ -13,15 +13,14 @@ POSTGRES_USER="${POSTGRES_USER:-postgres}"
 # This psql command may fail because the zulip database doesn’t exist,
 # hence the &&.
 if records="$(
-    cd /  # Make sure the current working directory is readable by postgres
+    cd / # Make sure the current working directory is readable by postgres
     su "$POSTGRES_USER" -c "psql -v ON_ERROR_STOP=1 -Atc 'SELECT COUNT(*) FROM zulip.zerver_message;' zulip"
 )" && [ "$records" -gt 200 ]; then
     set +x
     echo "WARNING: This will delete your Zulip database which currently contains $records messages."
     read -p "Do you want to proceed? [y/N] " -r
     echo
-    if [[ ! $REPLY =~ ^[Yy]$ ]]
+    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
-    then
         exit 1
     fi
     set -x
@@ -35,12 +34,12 @@ fi
 # Drop any open connections to any old database.
 # Send the script via stdin in case the postgres user lacks permission to read it.
 su -s /usr/bin/env - -- "$POSTGRES_USER" \
-    bash -s - zulip zulip_base < "$(dirname "$0")/terminate-psql-sessions"
+    bash -s - zulip zulip_base <"$(dirname "$0")/terminate-psql-sessions"
 
 (
-    cd /  # Make sure the current working directory is readable by postgres
+    cd / # Make sure the current working directory is readable by postgres
     su "$POSTGRES_USER" -c 'psql -v ON_ERROR_STOP=1 -e'
-) < "$(dirname "$0")/create-db.sql"
+) <"$(dirname "$0")/create-db.sql"
 
 # Clear memcached to avoid contamination from previous database state
 "$(dirname "$0")/flush-memcached"

scripts/setup/setup-certbot

@@ -83,14 +83,21 @@ esac
 
 # Check for a supported OS release.
 if [ -f /etc/os-release ]; then
-    os_info="$(. /etc/os-release; printf '%s\n' "$ID" "$ID_LIKE")"
+    os_info="$(
-    { read -r os_id; read -r os_id_like|| true; } <<< "$os_info"
+        . /etc/os-release
+        printf '%s\n' "$ID" "$ID_LIKE"
+    )"
+    {
+        read -r os_id
+        read -r os_id_like || true
+    } <<<"$os_info"
 fi
 
 set -x
 
 case " $os_id $os_id_like " in
     *' debian '*)
+        apt-get update
         apt-get install -y certbot
         ;;
     *' rhel '*)
@@ -103,10 +110,10 @@ esac
 # Passing --force-interactive suppresses a warning, but also brings up
 # an annoying prompt we stifle with --no-eff-email.
 certbot certonly "${method_args[@]}" \
-                "${HOSTNAMES[@]}" -m "$EMAIL" \
+    "${HOSTNAMES[@]}" -m "$EMAIL" \
-                $agree_tos \
+    $agree_tos \
-                "${deploy_hook[@]}" \
+    "${deploy_hook[@]}" \
-                --force-interactive --no-eff-email
+    --force-interactive --no-eff-email
 
 symlink_with_backup() {
     if [ -e "$2" ]; then

scripts/setup/upgrade-postgres

@@ -40,7 +40,7 @@ fi
 
 # Capture the output so we know where the path to the post-upgrade scripts is
 UPGRADE_LOG=$(mktemp "/var/log/zulip/postgres-upgrade-$UPGRADE_FROM-$UPGRADE_TO.XXXXXXXXX.log")
-pg_upgradecluster "$UPGRADE_FROM" main --method=upgrade --link | tee "$UPGRADE_LOG"
+pg_upgradecluster -v "$UPGRADE_TO" "$UPGRADE_FROM" main --method=upgrade --link | tee "$UPGRADE_LOG"
 SCRIPTS_PATH=$(grep -o "/var/log/postgresql/pg_upgradecluster-$UPGRADE_FROM-$UPGRADE_TO-main.*" "$UPGRADE_LOG" || true)
 
 # If the upgrade completed successfully, lock in the new version in

static/js/bundles/app.js

@@ -199,6 +199,7 @@ import "../search_pill.js";
 import "../search_pill_widget.js";
 import "../stream_ui_updates.js";
 import "../spoilers.js";
+import "../desktop_integration.js";
 
 // Import Styles
 

static/js/compose.js

@@ -535,10 +535,15 @@ function validate_stream_message_post_policy(sub) {
         return false;
     }
 
+    if (page_params.is_guest && stream_post_policy !== stream_post_permission_type.everyone.code) {
+        compose_error(i18n.t("Guests are not allowed to post to this stream."));
+        return false;
+    }
+
     const person = people.get_by_user_id(page_params.user_id);
     const current_datetime = new Date(Date.now());
     const person_date_joined = new Date(person.date_joined);
-    const days = new Date(current_datetime - person_date_joined).getDate();
+    const days = (current_datetime - person_date_joined) / 1000 / 86400;
     let error_text;
     if (
         stream_post_policy === stream_post_permission_type.non_new_members.code &&

static/js/desktop_integration.js

@@ -0,0 +1,15 @@
+if (window.electron_bridge !== undefined) {
+    window.electron_bridge.on_event("logout", () => {
+        $("#logout_form").trigger("submit");
+    });
+
+    window.electron_bridge.on_event("show-keyboard-shortcuts", () => {
+        hashchange.go_to_location("keyboard-shortcuts");
+    });
+
+    window.electron_bridge.on_event("show-notification-settings", () => {
+        hashchange.go_to_location("settings/notifications");
+    });
+}
+
+export {};

static/js/message_util.js

@@ -16,16 +16,25 @@ function add_messages(messages, msg_list, opts) {
     return render_info;
 }
 
+// We need to check if the message content contains the specified HTML
+// elements.  We wrap the message.content in a <div>; this is
+// important because $("Text <a>link</a>").find("a") returns nothing;
+// one needs an outer element wrapping an object to use this
+// construction.
+function is_element_in_message_content(message, element_selector) {
+    return $(`<div>${message.content}</div>`).find(element_selector).length > 0;
+}
+
 exports.message_has_link = function (message) {
-    return $(message.content).find("a").length > 0;
+    return is_element_in_message_content(message, "a");
 };
 
 exports.message_has_image = function (message) {
-    return $(message.content).find(".message_inline_image").length > 0;
+    return is_element_in_message_content(message, ".message_inline_image");
 };
 
 exports.message_has_attachment = function (message) {
-    return $(message.content).find("a[href^='/user_uploads']").length > 0;
+    return is_element_in_message_content(message, "a[href^='/user_uploads']");
 };
 
 exports.add_old_messages = function (messages, msg_list) {

static/js/reactions.js

@@ -288,7 +288,12 @@ exports.view.insert_new_reaction = function (opts) {
 
     if (opts.reaction_type !== "unicode_emoji") {
         context.is_realm_emoji = true;
-        context.url = emoji.all_realm_emojis.get(emoji_code).emoji_url;
+        const emoji_info = emoji.all_realm_emojis.get(emoji_code);
+        if (!emoji_info) {
+            blueslip.error(`Cannot find/insert realm emoji for code '${emoji_code}'.`);
+            return;
+        }
+        context.url = emoji_info.emoji_url;
     }
 
     context.count = 1;
@@ -492,7 +497,12 @@ exports.add_clean_reaction = function (opts) {
 
     if (r.reaction_type !== "unicode_emoji") {
         r.is_realm_emoji = true;
-        r.url = emoji.all_realm_emojis.get(r.emoji_code).emoji_url;
+        const emoji_info = emoji.all_realm_emojis.get(r.emoji_code);
+        if (!emoji_info) {
+            blueslip.error(`Cannot find/add realm emoji for code '${r.emoji_code}'.`);
+            return;
+        }
+        r.url = emoji_info.emoji_url;
     }
 
     opts.message.clean_reactions.set(opts.local_id, r);

static/js/stream_edit.js

@@ -480,11 +480,22 @@ exports.set_stream_property = function (sub, property, value, status_element) {
     exports.bulk_set_stream_property([sub_data], status_element);
 };
 
+function get_message_retention_days_from_sub(sub) {
+    if (sub.message_retention_days === null) {
+        return "realm_default";
+    }
+    if (sub.message_retention_days === -1) {
+        return "forever";
+    }
+    return sub.message_retention_days;
+}
+
 function change_stream_privacy(e) {
     e.stopPropagation();
 
     const stream_id = $(e.target).data("stream-id");
     const sub = stream_data.get_sub_by_id(stream_id);
+    const data = {};
 
     const privacy_setting = $("#stream_privacy_modal input[name=privacy]:checked").val();
     const stream_post_policy = parseInt(
@@ -492,6 +503,10 @@ function change_stream_privacy(e) {
         10,
     );
 
+    if (sub.stream_post_policy !== stream_post_policy) {
+        data.stream_post_policy = JSON.stringify(stream_post_policy);
+    }
+
     let invite_only;
     let history_public_to_subscribers;
 
@@ -506,28 +521,38 @@ function change_stream_privacy(e) {
         history_public_to_subscribers = true;
     }
 
-    $(".stream_change_property_info").hide();
+    if (
-    const data = {
+        sub.invite_only !== invite_only ||
-        stream_name: sub.name,
+        sub.history_public_to_subscribers !== history_public_to_subscribers
-        // toggle the privacy setting
+    ) {
-        is_private: JSON.stringify(invite_only),
+        data.is_private = JSON.stringify(invite_only);
-        stream_post_policy: JSON.stringify(stream_post_policy),
+        data.history_public_to_subscribers = JSON.stringify(history_public_to_subscribers);
-        history_public_to_subscribers: JSON.stringify(history_public_to_subscribers),
+    }
-    };
 
-    if (page_params.is_owner) {
+    let message_retention_days = $(
-        let message_retention_days = $(
+        "#stream_privacy_modal select[name=stream_message_retention_setting]",
-            "#stream_privacy_modal select[name=stream_message_retention_setting]",
+    ).val();
-        ).val();
+    if (message_retention_days === "retain_for_period") {
-        if (message_retention_days === "retain_for_period") {
+        message_retention_days = parseInt(
-            message_retention_days = parseInt(
+            $("#stream_privacy_modal input[name=stream-message-retention-days]").val(),
-                $("#stream_privacy_modal input[name=stream-message-retention-days]").val(),
+            10,
-                10,
+        );
-            );
+    }
-        }
+
+    const message_retention_days_from_sub = get_message_retention_days_from_sub(sub);
+
+    if (message_retention_days_from_sub !== message_retention_days) {
         data.message_retention_days = JSON.stringify(message_retention_days);
     }
 
+    $(".stream_change_property_info").hide();
+
+    if (Object.keys(data).length === 0) {
+        overlays.close_modal("#stream_privacy_modal");
+        $("#stream_privacy_modal").remove();
+        return;
+    }
+
     channel.patch({
         url: "/json/streams/" + stream_id,
         data: data,

static/js/upload.js

@@ -228,7 +228,7 @@ exports.setup_upload = function (config) {
         }
         const split_uri = uri.split("/");
         const filename = split_uri[split_uri.length - 1];
-        if (!compose_state.composing()) {
+        if (config.mode === "compose" && !compose_state.composing()) {
             compose_actions.start("stream");
         }
         const absolute_uri = exports.make_upload_absolute(uri);

static/styles/zulip.scss

@@ -2133,8 +2133,6 @@ div.topic_edit_spinner .loading_indicator_spinner {
 }
 
 #do_delete_message_spinner {
-    display: none;
-    width: 0;
     margin: 0 auto;
 }
 

templates/zerver/help/start-a-call.md

@@ -39,9 +39,9 @@ just set `JITSI_SERVER_URL` in `/etc/zulip/settings.py`.
 
 {tab|bigbluebutton}
 
-In order to use Big Blue Button as the video call provider, you need
+Using Big Blue Button as a video chat provider is currently only
-to first configure the `BIG_BLUE_BUTTON_URL` setting in
+possible on self-hosted Zulip installations.  See the [detailed
-`/etc/zulip/settings.py`.
+configuration instructions][big-blue-button-configuration].
 
 {tab|zoom}
 
@@ -75,4 +75,5 @@ setting the provider to "None".
 
 {end_tabs}
 
-[zoom-configuration]: https://zulip.readthedocs.io/en/latest/production/zoom-configuration.html
+[big-blue-button-configuration]: https://zulip.readthedocs.io/en/latest/production/video-calls.html#big-blue-button
+[zoom-configuration]: https://zulip.readthedocs.io/en/latest/production/video-calls.html#zoom

tools/build-release-tarball

@@ -11,8 +11,11 @@ eval "set -- $args"
 
 while true; do
     case "$1" in
-        --) shift; break;;
+        --)
-        *) usage;;
+            shift
+            break
+            ;;
+        *) usage ;;
     esac
 done
 
@@ -47,8 +50,8 @@ git archive -o "$TARBALL" "--prefix=$prefix/" HEAD
 cd "$TMPDIR"
 tar -xf "$TARBALL"
 while read -r i; do
-    rm -r --interactive=never "${TMPDIR:?}/$prefix/$i";
+    rm -r --interactive=never "${TMPDIR:?}/$prefix/$i"
-done < "$TMPDIR/$prefix/tools/release-tarball-exclude.txt"
+done <"$TMPDIR/$prefix/tools/release-tarball-exclude.txt"
 tar -cf "$TARBALL" "$prefix"
 rm -rf "$prefix"
 
@@ -78,10 +81,10 @@ mkdir -p "var/log"
 # TODO: Would be much better to instead run the below tools with some
 # sort of environment hack so that we don't need to create this dummy
 # secrets file.
-cat >> zproject/prod_settings_template.py <<EOF
+cat >>zproject/prod_settings_template.py <<EOF
 DEBUG = False
 EOF
-cat >> zproject/dev-secrets.conf <<EOF
+cat >>zproject/dev-secrets.conf <<EOF
 [secrets]
 local_database_password = ''
 secret_key = 'not_used_here'
@@ -96,8 +99,8 @@ EOF
 # We don't need duplicate copies of emoji with hashed paths, and they would break markdown
 find prod-static/serve/generated/emoji/images/emoji/ -regex '.*\.[0-9a-f]+\.png' -delete
 
-echo "$GITID" > build_id
+echo "$GITID" >build_id
-echo "$version" > version
+echo "$version" >version
 
 cd "$TMPDIR"
 

tools/cache-zulip-git-version

@@ -2,4 +2,4 @@
 set -e
 
 cd "$(dirname "$0")/.."
-git describe --tags --match='[0-9]*' > zulip-git-version || true
+git describe --tags --match='[0-9]*' >zulip-git-version || true

tools/ci/Dockerfile.template

@@ -92,7 +92,7 @@ RUN apt-get update \
     memcached rabbitmq-server redis-server \
     hunspell-en-us supervisor libssl-dev puppet \
     gettext libffi-dev libfreetype6-dev zlib1g-dev \
-    libjpeg-dev libldap2-dev libmemcached-dev \
+    libjpeg-dev libldap2-dev \
     libxml2-dev libxslt1-dev libpq-dev moreutils \
     {extra_packages}
 

tools/ci/backend

@@ -6,7 +6,7 @@ echo "Test suite is running under $(python --version)."
 set -e
 set -x
 
-./tools/lint --groups=backend --skip=gitlint,mypy  # gitlint disabled because flaky
+./tools/lint --groups=backend --skip=gitlint,mypy # gitlint disabled because flaky
 ./tools/test-tools
 # We need to pass a parallel level to test-backend because CircleCI's
 # docker setup means the auto-detection logic sees the ~36 processes

tools/ci/frontend

@@ -5,7 +5,7 @@ source tools/ci/activate-venv
 set -e
 set -x
 
-./tools/lint --groups=frontend --skip=gitlint  # gitlint disabled because flaky
+./tools/lint --groups=frontend --skip=gitlint # gitlint disabled because flaky
 
 # Run the node tests first, since they're fast and deterministic
 ./tools/test-js-with-node --coverage

tools/ci/production-build

@@ -32,10 +32,10 @@ fi
 # .circleci/config.yml
 mv /tmp/tmp.*/zulip-server-test.tar.gz /tmp/
 cp -a \
-   tools/ci/success-http-headers.template.txt \
+    tools/ci/success-http-headers.template.txt \
-   tools/ci/production-install \
+    tools/ci/production-install \
-   tools/ci/production-verify \
+    tools/ci/production-verify \
-   tools/ci/production-upgrade-pg \
+    tools/ci/production-upgrade-pg \
-   tools/ci/production-extract-tarball \
+    tools/ci/production-extract-tarball \
-   \
+    \
-   /tmp/
+    /tmp/

tools/ci/production-install

@@ -11,8 +11,11 @@ APT_OPTIONS=(-o 'Dpkg::Options::=--force-confdef' -o 'Dpkg::Options::=--force-co
 apt-get update
 
 if [ -f /etc/os-release ]; then
-    os_info="$(. /etc/os-release; printf '%s\n' "$VERSION_CODENAME")"
+    os_info="$(
-    { read -r os_version_codename || true; } <<< "$os_info"
+        . /etc/os-release
+        printf '%s\n' "$VERSION_CODENAME"
+    )"
+    { read -r os_version_codename || true; } <<<"$os_info"
 fi
 
 if ! apt-get dist-upgrade -y "${APT_OPTIONS[@]}"; then

tools/ci/production-verify

@@ -12,7 +12,9 @@ NOREPLY_EMAIL_ADDRESS = 'noreply@circleci.example.com'
 ALLOWED_HOSTS = []
 EOF
 
-echo; echo "Now testing that the supervisord jobs are running properly"; echo
+echo
+echo "Now testing that the supervisord jobs are running properly"
+echo
 sleep 15 # Guaranteed to have a working supervisord process get an extra digit
 if supervisorctl status | grep -vq RUNNING || supervisorctl status | sed 's/^.*uptime //' | grep -q 0:00:0; then
     set +x
@@ -33,16 +35,18 @@ if supervisorctl status | grep -vq RUNNING || supervisorctl status | sed 's/^.*u
 fi
 
 # TODO: Ideally this would test actually logging in, but this is a start.
-echo; echo "Now testing that the newly installed server's homepage loads"; echo
+echo
+echo "Now testing that the newly installed server's homepage loads"
+echo
 
-wget https://localhost -O /tmp/index.html --no-check-certificate -S 2> /tmp/wget-output || true # || true so we see errors.log if this 500s
+wget https://localhost -O /tmp/index.html --no-check-certificate -S 2>/tmp/wget-output || true # || true so we see errors.log if this 500s
-grep -vi '\(Vary\|Content-Language\|expires\|issued by\|modified\|saved\|[.][.][.]\|Date\|[-][-]\)' /tmp/wget-output > /tmp/http-headers-processed
+grep -vi '\(Vary\|Content-Language\|expires\|issued by\|modified\|saved\|[.][.][.]\|Date\|[-][-]\)' /tmp/wget-output >/tmp/http-headers-processed
 
 nginx_version="$(nginx -v 2>&1 | awk '{print $3, $4}')"
 
 # Simplify the diff by getting replacing 4-5 digit length numbers with <Length>.
 sed -i 's|Length: [0-9]\+\( [(][0-9]\+[.][0-9]K[)]\)\?|Length: <Length>|' /tmp/http-headers-processed
-sed -i -e 's|Length: [0-9]\+\( [(][0-9]\+[.][0-9]K[)]\)\?|Length: <Length>|' -e "s|{nginx_version_string}|$nginx_version|g"  /tmp/success-http-headers.template.txt
+sed -i -e 's|Length: [0-9]\+\( [(][0-9]\+[.][0-9]K[)]\)\?|Length: <Length>|' -e "s|{nginx_version_string}|$nginx_version|g" /tmp/success-http-headers.template.txt
 if ! diff -ur /tmp/http-headers-processed /tmp/success-http-headers.template.txt; then
     set +x
     echo
@@ -58,10 +62,12 @@ if ! diff -ur /tmp/http-headers-processed /tmp/success-http-headers.template.txt
 fi
 
 # Start the RabbitMQ queue worker related section
-echo; echo "Now confirming all the RabbitMQ queue processors are correctly registered!"; echo
+echo
+echo "Now confirming all the RabbitMQ queue processors are correctly registered!"
+echo
 # These hacky shell scripts just extract the sorted list of queue processors, running and expected
-supervisorctl status | cut -f1 -dR | cut -f2- -d: | grep events | cut -f1 -d" " | cut -f3- -d_ | cut -f1 -d- | sort -u > /tmp/running_queue_processors.txt
+supervisorctl status | cut -f1 -dR | cut -f2- -d: | grep events | cut -f1 -d" " | cut -f3- -d_ | cut -f1 -d- | sort -u >/tmp/running_queue_processors.txt
-su zulip -c /home/zulip/deployments/current/scripts/lib/queue_workers.py | grep -v ^test$ | sort -u > /tmp/expected_queue_processors.txt
+su zulip -c /home/zulip/deployments/current/scripts/lib/queue_workers.py | grep -v ^test$ | sort -u >/tmp/expected_queue_processors.txt
 if ! diff /tmp/expected_queue_processors.txt /tmp/running_queue_processors.txt >/dev/null; then
     set +x
     echo "FAILURE: Runnable queue processors declared in zerver/worker/queue_processors.py "
@@ -72,7 +78,9 @@ if ! diff /tmp/expected_queue_processors.txt /tmp/running_queue_processors.txt >
     exit 1
 fi
 
-echo; echo "Now running RabbitMQ consumer Nagios tests"; echo
+echo
+echo "Now running RabbitMQ consumer Nagios tests"
+echo
 # First run the check that usually runs in cron and populates the state files
 /home/zulip/deployments/current/scripts/nagios/check-rabbitmq-consumers
 
@@ -93,10 +101,12 @@ done
 
 # Some of the Nagios tests have been temporarily disabled to work
 # around a Travis CI infrastructure issue.
-echo; echo "Now running additional Nagios tests"; echo
+echo
-if ! /usr/lib/nagios/plugins/zulip_app_frontend/check_queue_worker_errors || \
+echo "Now running additional Nagios tests"
-   ! su zulip -c /usr/lib/nagios/plugins/zulip_postgres_appdb/check_fts_update_log; then # || \
+echo
-#   ! su zulip -c "/usr/lib/nagios/plugins/zulip_app_frontend/check_send_receive_time --site=https://127.0.0.1/api --nagios --insecure"; then
+if ! /usr/lib/nagios/plugins/zulip_app_frontend/check_queue_worker_errors \
+    || ! su zulip -c /usr/lib/nagios/plugins/zulip_postgres_appdb/check_fts_update_log; then # || \
+    #   ! su zulip -c "/usr/lib/nagios/plugins/zulip_app_frontend/check_send_receive_time --site=https://127.0.0.1/api --nagios --insecure"; then
     set +x
     echo
     echo "FAILURE: Nagios checks don't pass:"

tools/clean-branches

@@ -17,11 +17,11 @@ if [ $# -ne 0 ] && [ "$1" == "--reviews" ]; then
 fi
 push_args=()
 
-function is_merged {
+function is_merged() {
     ! git rev-list -n 1 origin/master.."$1" | grep -q .
 }
 
-function clean_ref {
+function clean_ref() {
     ref="$1"
     case "$ref" in
         */master | */HEAD)

tools/commit-msg

@@ -8,12 +8,12 @@
 # Do not invoke gitlint if commit message is empty
 if grep -q '^[^#]' "$1"; then
     lint_cmd="cd ~/zulip && python -m gitlint.cli"
-    if \
+    if
-        if [ -z "$VIRTUAL_ENV" ] && command -v vagrant > /dev/null && [ -e .vagrant ]; then
+        if [ -z "$VIRTUAL_ENV" ] && command -v vagrant >/dev/null && [ -e .vagrant ]; then
             ! vagrant ssh -c "$lint_cmd"
         else
             ! eval "$lint_cmd"
-        fi < "$1"
+        fi <"$1"
     then
         echo "WARNING: Your commit message does not match Zulip's style guide."
     fi

tools/deploy-branch

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-function error_out {
+function error_out() {
     echo -en '\e[0;31m'
     echo "$1"
     echo -en '\e[0m'

tools/lib/provision.py

@@ -390,6 +390,8 @@ def main(options: argparse.Namespace) -> "NoReturn":
 
     # Install shellcheck.
     run_as_root(["tools/setup/install-shellcheck"])
+    # Install shfmt.
+    run_as_root(["tools/setup/install-shfmt"])
 
     # Install semgrep.
     run_as_root(["tools/setup/install-semgrep"])

tools/lint

@@ -77,6 +77,9 @@ def run() -> None:
                                   "(zerver/openapi/zulip.yaml) ")
     linter_config.external_linter('shellcheck', ['shellcheck', '-x', '-P', 'SCRIPTDIR'], ['sh'],
                                   description="Standard shell script linter.")
+    linter_config.external_linter('shfmt', ['shfmt'], ['sh'],
+                                  check_arg='-d', fix_arg='-w',
+                                  description="Formats shell scripts")
     command = ['tools/run-mypy', '--quiet']
     if args.force:
         command.append('--force')

tools/pre-commit

@@ -18,7 +18,7 @@ if [ ${#changed_files} -eq 0 ]; then
     exit 0
 fi
 
-if [ -z "$VIRTUAL_ENV" ] && command -v vagrant > /dev/null && [ -e .vagrant ]; then
+if [ -z "$VIRTUAL_ENV" ] && command -v vagrant >/dev/null && [ -e .vagrant ]; then
     vcmd="/srv/zulip/tools/lint --skip=gitlint --force $(printf '%q ' "${changed_files[@]}") || true"
     echo "Running lint using vagrant..."
     vagrant ssh -c "$vcmd"

tools/provision

@@ -15,12 +15,15 @@ WARNING='\033[93m'
 ENDC='\033[0m'
 
 # Make the script independent of the location from where it is executed
-PARENT_PATH=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
+PARENT_PATH=$(
+    cd "$(dirname "${BASH_SOURCE[0]}")"
+    pwd -P
+)
 cd "$PARENT_PATH"
 mkdir -p ../var/log
 LOG_PATH="../var/log/provision.log"
 
-echo "PROVISIONING STARTING." >> $LOG_PATH
+echo "PROVISIONING STARTING." >>$LOG_PATH
 
 # PYTHONUNBUFFERED is important to ensure that tracebacks don't get
 # lost far above where they should be in the output.

tools/push-to-pull-request

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -e
 
-usage () {
+usage() {
     cat >&2 <<EOF
 usage: $0 PULL_REQUEST_ID [REMOTE]
 
@@ -69,7 +69,7 @@ fi
 pr_url=https://api.github.com/repos/"${repo_fq}"/pulls/"${pr_id}"
 pr_details="$(curl -s "$pr_url")"
 
-pr_jq () {
+pr_jq() {
     echo "$pr_details" | jq "$@"
 }
 

tools/rebuild-test-database

@@ -4,17 +4,15 @@ set -x
 
 export DJANGO_SETTINGS_MODULE=zproject.test_settings
 
-create_zulip_test()
+create_zulip_test() {
-{
+    psql -v ON_ERROR_STOP=1 -h localhost postgres zulip_test <<EOF
-psql -v ON_ERROR_STOP=1 -h localhost postgres zulip_test <<EOF
 DROP DATABASE IF EXISTS zulip_test;
 CREATE DATABASE zulip_test TEMPLATE zulip_test_base;
 EOF
 }
 
-create_zulip_test_template()
+create_zulip_test_template() {
-{
+    psql -v ON_ERROR_STOP=1 -h localhost postgres zulip_test <<EOF
-    psql -v ON_ERROR_STOP=1 -h localhost postgres zulip_test << EOF
 DROP DATABASE IF EXISTS zulip_test_template;
 CREATE DATABASE zulip_test_template TEMPLATE zulip_test;
 EOF
@@ -41,7 +39,7 @@ create_zulip_test
     zerver.UserProfile zerver.Stream zerver.Recipient \
     zerver.Subscription zerver.Message zerver.Huddle zerver.Realm \
     zerver.UserMessage zerver.Client \
-    zerver.DefaultStream > zerver/tests/fixtures/messages.json
+    zerver.DefaultStream >zerver/tests/fixtures/messages.json
 
 # create pristine template database, for fast fixture restoration after tests are run.
 create_zulip_test_template

tools/reset-to-pull-request

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -e
 
-usage () {
+usage() {
     cat >&2 <<EOF
 usage: $0 PULL_REQUEST_ID [REMOTE]
 

tools/setup-git-repo

@@ -6,7 +6,6 @@ if ! [ -d ".git/hooks/" ]; then
     exit 1
 fi
 
-for hook in pre-commit commit-msg
+for hook in pre-commit commit-msg; do
-do
     ln -snf ../../tools/"$hook" .git/hooks/
 done

tools/setup/generate-fixtures

@@ -1,11 +1,10 @@
 #!/usr/bin/env bash
 set -e
 
-run()
+run() {
-{
     PGHOST=localhost PGUSER=zulip \
         "$(dirname "$0")/../../scripts/setup/terminate-psql-sessions" zulip_test zulip_test_base zulip_test_template
-    psql -v ON_ERROR_STOP=1 -h localhost postgres zulip_test << EOF
+    psql -v ON_ERROR_STOP=1 -h localhost postgres zulip_test <<EOF
 DROP DATABASE IF EXISTS zulip_test;
 CREATE DATABASE zulip_test TEMPLATE zulip_test_template;
 EOF

tools/setup/generate-test-credentials

@@ -8,7 +8,7 @@ email=iago@zulip.com
 mkdir -p var/casper
 
 password=$(./manage.py print_initial_password "$email" | grep -F "$email" | awk '{ print $2 }')
-cat > var/casper/test_credentials.js <<EOF
+cat >var/casper/test_credentials.js <<EOF
 // Generated by tools/setup/generate-test-credentials
 var test_credentials = {default_user: {username: '$email', password: '$password'}};
 try { exports.test_credentials = test_credentials; } catch (e) {}

tools/setup/install-semgrep

@@ -6,7 +6,7 @@ tarball=semgrep-v$version-ubuntu-16.04.tgz
 sha256=8b9437af0540ed9664904f9603d9d6ad011dad46433cba74e524c7753c7732c9
 tarball_url=https://github.com/returntocorp/semgrep/releases/download/v$version/$tarball
 
-check_version () {
+check_version() {
     out="$(semgrep --version 2>/dev/null)" && [ "$out" = "$version" ]
 }
 
@@ -15,7 +15,7 @@ if ! check_version; then
     trap 'rm -r "$tmpdir"' EXIT
     cd "$tmpdir"
     wget -nv "$tarball_url"
-    sha256sum -c <<< "$sha256  $tarball"
+    sha256sum -c <<<"$sha256  $tarball"
     tar -xzf "$tarball" -C /usr/local/lib/ semgrep-files/
     ln -sf /usr/local/lib/semgrep-files/semgrep /usr/local/bin/semgrep
     ln -sf /usr/local/lib/semgrep-files/semgrep-core /usr/local/bin/semgrep-core

tools/setup/install-shellcheck

@@ -5,7 +5,7 @@ version=0.7.1
 tarball="shellcheck-v$version.linux.x86_64.tar.xz"
 sha256=64f17152d96d7ec261ad3086ed42d18232fcb65148b44571b564d688269d36c8
 
-check_version () {
+check_version() {
     out="$(shellcheck --version 2>/dev/null)" && [[ "$out" = *"
 version: $version
 "* ]]
@@ -16,7 +16,7 @@ if ! check_version; then
     trap 'rm -r "$tmpdir"' EXIT
     cd "$tmpdir"
     wget -nv "https://github.com/koalaman/shellcheck/releases/download/v$version/$tarball"
-    sha256sum -c <<< "$sha256 $tarball"
+    sha256sum -c <<<"$sha256 $tarball"
     tar -xJf "$tarball" --no-same-owner --strip-components=1 -C /usr/local/bin "shellcheck-v$version/shellcheck"
     check_version
 fi

tools/setup/install-shfmt

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -eu
+
+version=3.1.2
+binary="shfmt_v${version}_linux_amd64"
+sha256=c5794c1ac081f0028d60317454fe388068ab5af7740a83e393515170a7157dce
+
+check_version() {
+    out="$(shfmt --version 2>/dev/null)" && [ "$out" = "v$version" ]
+}
+
+if ! check_version; then
+    tmpdir="$(mktemp -d)"
+    trap 'rm -r "$tmpdir"' EXIT
+    cd "$tmpdir"
+    wget -nv "https://github.com/mvdan/sh/releases/download/v3.1.2/$binary"
+    sha256sum -c <<<"$sha256 $binary"
+    chmod +x "$binary"
+    mv "$binary" /usr/local/bin/shfmt
+    check_version
+fi