fix: propagate --upgrade flag to all pip-compile calls in make upgrade

The PIP_COMPILE macro did not include \${COMPILE_OPTS}, so only
pip.txt and pip-tools.txt were compiled with --upgrade. All other
files (base.txt, test.txt, quality.txt, etc.) were compiled without
it, keeping their existing pinned versions.

When a transitive dependency releases a new version, pip-tools.txt
would upgrade but the rest of the chain would not, causing version
conflicts in dev.txt (which includes both as -r inputs).

Aligns the Makefile with the pattern from openedx/openedx-core:
- Add --rebuild to the PIP_COMPILE macro
- Pass --upgrade via PIP_COMPILE_OPTS so all files get it uniformly
- Remove the split code path for pip.txt and pip-tools.txt

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

Author: mariajgrimaldi

Makefile

@@ -33,13 +33,15 @@ docs: ## generate Sphinx HTML documentation, including API docs
 	$(BROWSER)docs/_build/html/index.html
 
 # Define PIP_COMPILE_OPTS=-v to get more information during make upgrade.
-PIP_COMPILE = pip-compile $(PIP_COMPILE_OPTS)
+PIP_COMPILE = pip-compile --rebuild $(PIP_COMPILE_OPTS)
 
-compile-requirements: ## compile the requirements/*.txt files with the latest packages satisfying requirements/*.in
+compile-requirements: export CUSTOM_COMPILE_COMMAND=make upgrade
+compile-requirements: ## update the requirements/*.txt files with the latest packages satisfying requirements/*.in
 	pip install -qr requirements/pip-tools.txt
 	pip install -qr requirements/pip.txt
-	pip-compile -v ${COMPILE_OPTS} --allow-unsafe --rebuild -o requirements/pip.txt requirements/pip.in
-	pip-compile -v ${COMPILE_OPTS} -o requirements/pip-tools.txt requirements/pip-tools.in
+	# Make sure to compile files after any other files they include!
+	$(PIP_COMPILE) --allow-unsafe -o requirements/pip.txt requirements/pip.in
+	$(PIP_COMPILE) -o requirements/pip-tools.txt requirements/pip-tools.in
 	pip install -qr requirements/pip.txt
 	pip install -qr requirements/pip-tools.txt
 	$(PIP_COMPILE) -o requirements/base.txt requirements/base.in
@@ -53,8 +55,7 @@ compile-requirements: ## compile the requirements/*.txt files with the latest pa
 	mv requirements/test.tmp requirements/test.txt
 
 upgrade: ## update the requirements/*.txt files with the latest packages satisfying requirements/*.in
-	pip install -qr requirements/pip-tools.txt
-	$(MAKE) compile-requirements COMPILE_OPTS="--upgrade"
+	make compile-requirements PIP_COMPILE_OPTS="--upgrade"
 
 quality: ## check coding style with pycodestyle and pylint
 	tox -e quality

requirements/base.txt

@@ -2,27 +2,29 @@
 # This file is autogenerated by pip-compile with Python 3.12
 # by the following command:
 #
-#    pip-compile --output-file=requirements/base.txt requirements/base.in
+#    make upgrade
 #
-asgiref==3.9.1
+asgiref==3.11.1
     # via django
-attrs==25.3.0
+attrs==26.1.0
     # via -r requirements/base.in
+bracex==2.6
+    # via wcmatch
 casbin-django-orm-adapter==1.7.0
     # via -r requirements/base.in
-certifi==2025.8.3
+certifi==2026.2.25
     # via requests
 cffi==2.0.0
     # via
     #   cryptography
     #   pynacl
-charset-normalizer==3.4.3
+charset-normalizer==3.4.7
     # via requests
-click==8.3.1
+click==8.3.2
     # via edx-django-utils
-cryptography==46.0.2
+cryptography==46.0.7
     # via pyjwt
-django==4.2.24
+django==5.2.13
     # via
     #   -c https://raw.githubusercontent.com/edx/edx-lint/master/edx_lint/files/common_constraints.txt
     #   -r requirements/base.in
@@ -48,7 +50,7 @@ django-waffle==5.0.0
     # via
     #   edx-django-utils
     #   edx-drf-extensions
-djangorestframework==3.16.1
+djangorestframework==3.17.1
     # via
     #   -r requirements/base.in
     #   drf-jwt
@@ -60,9 +62,9 @@ dnspython==2.8.0
     # via pymongo
 drf-jwt==1.19.2
     # via edx-drf-extensions
-drf-yasg==1.21.11
+drf-yasg==1.21.15
     # via edx-api-doc-tools
-edx-api-doc-tools==2.1.2
+edx-api-doc-tools==3.0.0
     # via -r requirements/base.in
 edx-ccx-keys==2.0.2
     # via -r requirements/base.in
@@ -74,64 +76,66 @@ edx-drf-extensions==10.6.0
     # via
     #   -r requirements/base.in
     #   edx-organizations
-edx-opaque-keys==3.0.0
+edx-opaque-keys==4.0.0
     # via
     #   -r requirements/base.in
     #   edx-ccx-keys
     #   edx-drf-extensions
     #   edx-organizations
-edx-organizations==7.3.0
+edx-organizations==8.0.0
     # via -r requirements/base.in
-idna==3.10
+idna==3.11
     # via requests
 inflection==0.5.1
     # via drf-yasg
 openedx-atlas==0.7.0
     # via -r requirements/base.in
 packaging==26.0
     # via drf-yasg
-pillow==12.1.1
+pillow==12.2.0
     # via edx-organizations
-psutil==7.1.0
+psutil==7.2.2
     # via edx-django-utils
-pycasbin==2.2.0
+pycasbin==2.8.0
     # via
     #   -r requirements/base.in
     #   casbin-django-orm-adapter
-pycparser==2.23
+pycparser==3.0
     # via cffi
-pyjwt[crypto]==2.10.1
+pyjwt[crypto]==2.12.1
     # via
     #   drf-jwt
     #   edx-drf-extensions
-pymongo==4.15.2
+pymongo==4.16.0
     # via edx-opaque-keys
-pynacl==1.6.0
+pynacl==1.6.2
     # via edx-django-utils
-pytz==2025.2
+pytz==2026.1.post1
     # via drf-yasg
 pyyaml==6.0.3
     # via drf-yasg
-requests==2.32.5
+requests==2.33.1
     # via edx-drf-extensions
 semantic-version==2.10.0
     # via edx-drf-extensions
-simpleeval==1.0.3
+simpleeval==1.0.7
     # via pycasbin
 six==1.17.0
     # via edx-ccx-keys
-sqlparse==0.5.3
+sqlparse==0.5.5
     # via django
-stevedore==5.5.0
+stevedore==5.7.0
     # via
     #   edx-django-utils
     #   edx-opaque-keys
 typing-extensions==4.15.0
     # via edx-opaque-keys
 uritemplate==4.2.0
     # via drf-yasg
-urllib3==2.5.0
+urllib3==2.6.3
     # via requests
+wcmatch==10.1
+    # via pycasbin
 
 # The following packages are considered to be unsafe in a requirements file:
 # setuptools

requirements/ci.txt

@@ -2,33 +2,39 @@
 # This file is autogenerated by pip-compile with Python 3.12
 # by the following command:
 #
-#    pip-compile --output-file=requirements/ci.txt requirements/ci.in
+#    make upgrade
 #
-cachetools==6.2.6
-    # via tox
-chardet==5.2.0
+cachetools==7.0.5
     # via tox
 colorama==0.4.6
     # via tox
 distlib==0.4.0
     # via virtualenv
-filelock==3.20.3
+filelock==3.25.2
     # via
+    #   python-discovery
     #   tox
     #   virtualenv
 packaging==26.0
     # via
     #   pyproject-api
     #   tox
-platformdirs==4.5.1
+platformdirs==4.9.6
     # via
+    #   python-discovery
     #   tox
     #   virtualenv
 pluggy==1.6.0
     # via tox
 pyproject-api==1.10.0
     # via tox
-tox==4.34.1
+python-discovery==1.2.2
+    # via
+    #   tox
+    #   virtualenv
+tomli-w==1.2.0
+    # via tox
+tox==4.52.1
     # via -r requirements/ci.in
-virtualenv==20.36.1
+virtualenv==21.2.1
     # via tox