Cleaning up requirements.in

Removing all >= dependencies as these were upgraded past the >= version with the last update.

The following libraries were secondary imports and were removed from the requirements.in as we are past the version required to fix their CVEs:
    * autobhan
    * kubernetes
    * pyjwt
    * sqlparse

licenses/deprecated.txt

@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2017 Laurent LAPORTE
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

licenses/wrapt.txt

@@ -1,24 +0,0 @@
-Copyright (c) 2013-2022, Graham Dumpleton
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
-
-* Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
-LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.

requirements/requirements.in

@@ -1,20 +1,19 @@
-aiohttp>=3.7.4
+aiohttp
 ansiconv==1.0.0  # UPGRADE BLOCKER: from 2013, consider replacing instead of upgrading
 asciichartpy
 asn1
-autobahn>=20.12.3  # CVE-2020-35678
 azure-keyvault==1.1.0  # see UPGRADE BLOCKERs
 channels
-channels-redis>=3.1.0  # https://github.com/django/channels_redis/issues/212
+channels-redis
 cryptography
 Cython<3 # Since the bump to PyYAML 5.4.1 this is now a mandatory dep
 daphne
 distro
 django==3.2.16  # see UPGRADE BLOCKERs https://github.com/ansible/awx/security/dependabot/67
 django-auth-ldap
-django-cors-headers>=3.5.0
+django-cors-headers
 django-crum
-django-extensions>=2.2.9  # https://github.com/ansible/awx/pull/6441
+django-extensions
 django-guid==3.2.1
 django-oauth-toolkit==1.4.1
 django-polymorphic
@@ -26,43 +25,40 @@ django-taggit
 djangorestframework==3.13.1
 djangorestframework-yaml
 filelock
-GitPython>=3.1.1  # minimum to fix https://github.com/ansible/awx/issues/6119
+GitPython
 irc
-jinja2>=2.11.3  # CVE-2020-28493
+jinja2
 JSON-log-formatter
 jsonschema
-kubernetes>=12.0.0  # CVE-2020-1747
 Markdown  # used for formatting API help
-openshift>=0.12.0  # minimum version to pull in new pyyaml for CVE-2017-18342, minimum version to pull in new kubernetes for CVE-2020-1747
+openshift
 pexpect==4.7.0 # see library notes
 prometheus_client
 psycopg2
 psutil
 pygerduty
-pyjwt>=2.4.0 # https://github.com/ansible/awx/security/dependabot/58
 pyparsing==2.4.6  # Upgrading to v3 of pyparsing introduce errors on smart host filtering: Expected 'or' term, found 'or'  (at char 15), (line:1, col:16)
 python3-saml==1.13.0
 python-dsv-sdk
 python-tss-sdk==1.0.0
-python-ldap>=3.4.0 # https://github.com/ansible/awx/security/dependabot/20
+python-ldap
-pyyaml>=5.4.1  # minimum to fix https://github.com/yaml/pyyaml/issues/478
+pyyaml
 receptorctl==1.2.3
 schedule==0.6.0
 social-auth-core[openidconnect]==4.3.0  # see UPGRADE BLOCKERs
 social-auth-app-django==5.0.0  # see UPGRADE BLOCKERs
 redis
 requests
-sqlparse>=0.4.2 # Required by Django, pinning for CVE-2021-32839
 slack-sdk
 tacacs_plus==1.0  # UPGRADE BLOCKER: auth does not work with later versions
-twilio>7.9.0  # Pick up fix for use with proxy server via environment variables
+twilio
-twisted[tls]>=22.4.0  # CVE-2020-10108, CVE-2020-10109, CVE-2022-21712 (https://github.com/ansible/awx/security/dependabot/46), https://github.com/ansible/awx/security/dependabot/53
+twisted[tls]
 uWSGI
 uwsgitop
 wheel
 pip==21.2.4  # see UPGRADE BLOCKERs
-setuptools>=62.4.0  # see UPGRADE BLOCKERs
+setuptools  # see UPGRADE BLOCKERs
-setuptools_scm[toml]>=3.4  # see UPGRADE BLOCKERs, xmlsec build dep
+setuptools_scm[toml]  # see UPGRADE BLOCKERs, xmlsec build dep
 xmlsec==1.3.12 # xmlsec 1.3.13 removed the ability to use lxml 4.7.0 but python3-saml requires lxml 4.7.0 so we need to pin xmlsec
 lxml>=3.8 # xmlsec build dep
 pkgconfig>=1.5.1 # xmlsec build dep

requirements/requirements.txt

@@ -29,9 +29,7 @@ attrs==22.1.0
     #   service-identity
     #   twisted
 autobahn==22.7.1
-    # via
+    # via daphne
-    #   -r /awx_devel/requirements/requirements.in
-    #   daphne
 autocommand==2.2.2
     # via jaraco-text
 automat==22.10.0
@@ -203,9 +201,7 @@ json-log-formatter==0.5.1
 jsonschema==4.17.1
     # via -r /awx_devel/requirements/requirements.in
 kubernetes==25.3.0
-    # via
+    # via openshift
-    #   -r /awx_devel/requirements/requirements.in
-    #   openshift
 lockfile==0.12.2
     # via python-daemon
 lxml==4.7.0
@@ -285,7 +281,6 @@ pygerduty==0.38.3
     # via -r /awx_devel/requirements/requirements.in
 pyjwt==2.6.0
     # via
-    #   -r /awx_devel/requirements/requirements.in
     #   adal
     #   social-auth-core
     #   twilio
@@ -404,9 +399,7 @@ social-auth-core[openidconnect]==4.3.0
     #   -r /awx_devel/requirements/requirements.in
     #   social-auth-app-django
 sqlparse==0.4.3
-    # via
+    # via django
-    #   -r /awx_devel/requirements/requirements.in
-    #   django
 tacacs-plus==1.0
     # via -r /awx_devel/requirements/requirements.in
 tempora==5.1.0