mirror of
https://github.com/pacnpal/thrillwiki_django_no_react.git
synced 2025-12-24 19:11:08 -05:00
Add secret management guide, client-side performance monitoring, and search accessibility enhancements
- Introduced a comprehensive Secret Management Guide detailing best practices, secret classification, development setup, production management, rotation procedures, and emergency protocols. - Implemented a client-side performance monitoring script to track various metrics including page load performance, paint metrics, layout shifts, and memory usage. - Enhanced search accessibility with keyboard navigation support for search results, ensuring compliance with WCAG standards and improving user experience.
This commit is contained in:
pacnpal
164
docs/MIGRATION_GUIDE.md
Normal file
164
docs/MIGRATION_GUIDE.md
Normal file
@@ -0,0 +1,164 @@
|
||||
# Dependency Update Migration Guide
|
||||
|
||||
This guide covers the migration to updated dependencies including critical security patches.
|
||||
|
||||
## For Developers
|
||||
|
||||
### Local Development Setup
|
||||
|
||||
1. **Update Python to 3.13+**
|
||||
```bash
|
||||
python --version # Should be 3.13+
|
||||
```
|
||||
|
||||
2. **Install UV** (if not already installed)
|
||||
```bash
|
||||
curl -LsSf https://astral.sh/uv/install.sh | sh
|
||||
```
|
||||
|
||||
3. **Update Dependencies**
|
||||
```bash
|
||||
cd backend
|
||||
uv sync --frozen # Use locked versions
|
||||
```
|
||||
|
||||
4. **Run Tests**
|
||||
```bash
|
||||
uv run manage.py test
|
||||
```
|
||||
|
||||
## Security Patches Applied
|
||||
|
||||
### Critical (CVSS 9.0+)
|
||||
- **CVE-2025-64459** (Django) - SQL injection vulnerability
|
||||
- Fixed in: Django 5.2.8+
|
||||
- Previous version: 5.0.x
|
||||
|
||||
### High Severity
|
||||
- **CVE-2024-21520** (DRF) - XSS in break_long_headers filter
|
||||
- Fixed in: djangorestframework 3.15.2+
|
||||
- Previous version: 3.14.x
|
||||
|
||||
### Medium Severity
|
||||
- **CVE-2024-28219** (Pillow) - Buffer overflow
|
||||
- Fixed in: Pillow 10.4.0+
|
||||
- Previous version: 10.2.0
|
||||
|
||||
## Breaking Changes
|
||||
|
||||
### Python Version
|
||||
- **Minimum**: 3.13+ (previously 3.11+)
|
||||
- Update your local Python installation before proceeding
|
||||
|
||||
### django-allauth (0.60 → 65.3)
|
||||
Major version jump. Review your configuration:
|
||||
|
||||
```python
|
||||
# Check your SOCIALACCOUNT_PROVIDERS settings
|
||||
# Some provider configurations may have changed
|
||||
```
|
||||
|
||||
### sentry-sdk (1.x → 2.x)
|
||||
If using Sentry, review the SDK v2 migration guide:
|
||||
- https://docs.sentry.io/platforms/python/migration/
|
||||
|
||||
### Removed Packages
|
||||
These packages were removed (not used in codebase):
|
||||
- channels, channels-redis, daphne
|
||||
- django-simple-history (using django-pghistory)
|
||||
- django-oauth-toolkit (using dj-rest-auth)
|
||||
- django-webpack-loader
|
||||
- reactivated
|
||||
|
||||
## Dependency Groups
|
||||
|
||||
Dependencies are now organized into groups:
|
||||
|
||||
```bash
|
||||
# Production only
|
||||
uv sync
|
||||
|
||||
# Development (includes dev tools)
|
||||
uv sync --group dev
|
||||
|
||||
# Testing
|
||||
uv sync --group test
|
||||
|
||||
# Profiling (optional)
|
||||
uv sync --group profiling
|
||||
```
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Issue: `uv sync` fails with dependency conflicts
|
||||
**Solution:** Delete `uv.lock` and regenerate:
|
||||
```bash
|
||||
rm uv.lock
|
||||
uv lock
|
||||
uv sync
|
||||
```
|
||||
|
||||
### Issue: Tests fail after update
|
||||
**Solution:**
|
||||
1. Check for deprecated API usage in test files
|
||||
2. Review django-allauth changes for auth tests
|
||||
3. Run `uv run manage.py check` for specific warnings
|
||||
|
||||
### Issue: Import errors for removed packages
|
||||
**Solution:** Search for and remove any imports of:
|
||||
- `channels`
|
||||
- `simple_history`
|
||||
- `oauth2_provider`
|
||||
- `webpack_loader`
|
||||
- `reactivated`
|
||||
|
||||
### Issue: `ModuleNotFoundError: cryptography`
|
||||
**Solution:** This is now included. Run:
|
||||
```bash
|
||||
uv sync
|
||||
```
|
||||
|
||||
## CI/CD Changes
|
||||
|
||||
The CI/CD pipeline now uses UV:
|
||||
|
||||
```yaml
|
||||
- name: Install Dependencies
|
||||
working-directory: backend
|
||||
run: uv sync --frozen
|
||||
```
|
||||
|
||||
## Generating requirements.txt
|
||||
|
||||
For tools that need requirements.txt:
|
||||
|
||||
```bash
|
||||
cd backend
|
||||
./scripts/generate_requirements.sh
|
||||
```
|
||||
|
||||
This creates:
|
||||
- `requirements.txt` - Production
|
||||
- `requirements-dev.txt` - Development
|
||||
- `requirements-test.txt` - Testing
|
||||
|
||||
## Lock File
|
||||
|
||||
The project now uses `uv.lock` for reproducible builds:
|
||||
|
||||
```bash
|
||||
# Use locked versions (recommended for CI/deployment)
|
||||
uv sync --frozen
|
||||
|
||||
# Update lock file
|
||||
uv lock --upgrade
|
||||
```
|
||||
|
||||
## Rollback Procedure
|
||||
|
||||
If you need to rollback:
|
||||
|
||||
```bash
|
||||
git checkout HEAD~1 backend/pyproject.toml uv.lock
|
||||
uv sync --frozen
|
||||
```
|
||||
Reference in New Issue
Block a user