Skip to content

chore(deps): Upgrade django-axes from 5.9.0 to 8.0.0 #38937

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

chore(deps): Upgrade django-axes from 5.9.0 to 8.0.0 #38937

wants to merge 3 commits into from
+46 −23

Conversation

webjunkie
Copy link
Contributor

Summary

  • Upgrades django-axes from 5.9.0 to 8.0.0 for Django 5 compatibility
  • Applies 3 new migrations (0007, 0008, 0009)
  • Fixes deprecated setting warning

Changes

  1. Upgraded django-axes to 8.0.0

    • Supports Django 4.2, 5.1, 5.2 and Python 3.9-3.13
    • Required for subsequent Django 5 upgrade

  2. Applied 3 new migrations

    • 0007_alter_accessattempt_unique_together - Deduplicates attempts and adds unique constraint
    • 0008_accessfailurelog - Creates new AccessFailureLog model
    • 0009_add_session_hash - Adds session_hash field to AccessLog
    • Note: We use AxesCacheHandler, so these tables won't be actively used

  3. Fixed deprecated setting

    • Renamed AXES_META_PRECEDENCE_ORDERAXES_IPWARE_META_PRECEDENCE_ORDER

  4. Improved migration risk analyzer

    • Added POSTHOG_OWNED_APPS and is_posthog_app() helper
    • PostHog policies (UUID PKs, single migration) now only enforced on posthog/ee/products apps
    • Third-party dependency migrations can use their own conventions

Migration Risk

Low - Migrations are safe:

  • ✅ 0009: Adds nullable field with default (safe)
  • ⚠️ 0007: RunPython dedupe + unique constraint (low risk, small table)
  • ✅ 0008: Creates new table (safe)

Test plan

  • Migrations applied successfully locally
  • Migration risk analyzer passes
  • CI tests pass

@webjunkie
chore(deps): Upgrade django-axes from 5.9.0 to 8.0.0
301f798 
- Upgraded django-axes to 8.0.0 for Django 5 compatibility
- Applied 3 new migrations (0007, 0008, 0009)
- Fixed deprecated AXES_META_PRECEDENCE_ORDER → AXES_IPWARE_META_PRECEDENCE_ORDER
- Updated migration risk analyzer to skip PostHog policy checks on third-party apps
  - Added POSTHOG_OWNED_APPS list and is_posthog_app() helper
  - UUID primary key and single migration policies now only apply to posthog/ee/products apps
  - Allows third-party dependency migrations without policy violations
greptile-apps[bot]
greptile-apps bot reviewed Oct 1, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

5 files reviewed, no comments

Edit Code Review Agent Settings | Greptile

@webjunkie
fix(ci): Run migration risk analysis independently of PostHog migrati…
82c8996 
…on file changes

The migration risk analyzer detects ALL unapplied migrations including third-party
dependencies, but it was only running when PostHog's own migration files changed.

Split into two separate steps:
1. SQL comment - only for PostHog migration files
2. Risk analysis - runs for all PRs to catch third-party migrations
@webjunkie
chore(axes): Add AXES_HTTP_RESPONSE_CODE=403 setting
677881c 
Keep legacy 403 status code for lockouts, as django-axes 6.0+ changed default to 429.
This maintains consistency with existing behavior and tests.
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 1, 2025

🔍 Migration Risk Analysis

We've analyzed your migrations for potential risks.

Summary: 2 Safe | 1 Needs Review | 0 Blocked

Legend: ✅ Safe = No locks, backwards compatible | ⚠️ Needs Review = May have performance impact | ❌ Blocked = Causes locks or breaks compatibility

⚠️ Needs Review

axes.0007_alter_accessattempt_unique_together
  └─ #1 ⚠️ RunPython: RunPython data migration needs review for performance
  └─ #2 ⚠️ AlterUniqueTogether: Altering unique constraints may lock table

✅ Safe

axes.0008_accessfailurelog
  └─ #1 ✅ CreateModel
     Creating new table is safe
     model: AccessFailureLog

axes.0009_add_session_hash
  └─ #1 ✅ AddField
     Adding NOT NULL field with constant default (safe in PG11+)
     model: accesslog, field: session_hash

📚 How to Deploy These Changes Safely

RunPython:

Large-scale considerations for data migrations:

  • Use .iterator() for large querysets to avoid loading all rows into memory
  • Process in batches: for obj in Model.objects.all().iterator(chunk_size=1000)
  • Use .bulk_update() instead of saving individual objects
  • Add progress logging every N rows for visibility
  • Test on production-sized data before deploying
  • Consider timeout limits - migrations blocking deployment for >10min are problematic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@webjunkie