📌(back) pin django-storages to version 1.14.3

In version 1.14.4 there are at least two modifications made that lead to a breaking change in Marsha. The most annoying one is linked to this issue: jschneier/django-storages#1430 and we have to wait a newer version with a fix to have the previous behaviour. This fix is related to a security issue in django. This security is fixed in version 4.2.14 and we already use this version, so we are safe. The second one is related to how the signature in computed when an url is generated. Previously the signature was generated no matter if we need it or not and then we choose to remove the signautre part using the private method `_strip_signing_parameters`. This private does not exists anymore, instead a new setting is used, we have to set the setting `querystring_auth` to False to not compute the signature, it's real improvement as it saves the cost of computing the signature.
openfun · Jul 30, 2024 · 280fe99 · 280fe99
1 parent 595b70d
commit 280fe99
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 6 deletions.
diff --git a/renovate.json b/renovate.json
@@ -68,6 +68,16 @@
         "pytest"
       ],
       "allowedVersions": "<8.0.0"
+    },
+    {
+      "enable": false,
+      "groupName": "ignored python dependencies",
+      "matchManagers": [
+        "setup-cfg"
+      ],
+      "matchPackageNames": [
+        "django-storages"
+      ]
     }
   ]
 }
diff --git a/src/backend/marsha/core/tests/serializers/test_video.py b/src/backend/marsha/core/tests/serializers/test_video.py
@@ -58,12 +58,10 @@ def test_video_serializer_urls_with_peertube_pipeline(self):
             uploaded_on=date,
         )
 
+        storage = import_string("marsha.core.storage.s3.S3VideoStorage")()
         with mock.patch(
-            "marsha.core.serializers.video.video_storage"
-        ) as mock_video_storage:
-            mock_video_storage.url = import_string(
-                "marsha.core.storage.s3.S3VideoStorage"
-            )().url
+            "marsha.core.serializers.video.video_storage", new=storage
+        ):
             serializer = VideoBaseSerializer(video)
 
             self.assertEqual(

diff --git a/src/backend/setup.cfg b/src/backend/setup.cfg
@@ -44,7 +44,7 @@ install_requires =
     django-parler==2.3
     django-redis==5.4.0
     django-safedelete==1.4.0
-    django-storages==1.14.4
+    django-storages==1.14.3
     django-peertube-runner-connector==0.6.0
     django-waffle==4.1.0
     Django<5