Fixes #3939

Some left/right/top/bottom had slipped past.

Update the Browserslist and the "npx" command is not needed when running
commands in scripts.

Fixes #3895. Quick one I noticed while working on the partner comment
stuff. Comments will now display with the user email where no full name
is set.

- [x] Add approved by staff to the approved invoice pdfs
- [x] Add inovice approver and date

Closes: https://github.com/HyphaApp/hypha/issues/3539

Fixes #3923 

Fixes #3927 

Fixes #3839 

##  Assumptions

An organization only chooses one option either go with PAFReviewerRoles
or without that. Changing in between might cause the issue with
`Internal Approval` status projects. We will fix this in another issue
if needed.

- Rename "Apply Admin" to "Admin" 
- Adds "Admin" icon to the user's profile page along with the
"Dashboard" link, makes it easier to goto admin without going to
dashboard everytime first.
- Update icons for "dashboard" and "Admin" to use heroicons.
- Update activity feed related link icon + it's visuals
- Remove `arrow-head-pixels--solid` icon from the sprite as it's no
longer in use anywhere.


Co-authored-by: Fredrik Jonsson <frjo@xdeb.org>

Fixes #3840 

Fixes #3889

- do not register project urls
- do not register project menu in wagtail
- do not enable contracting/finance dashboard

Fixes #3606

Project settings and vendor settings will still be present, I could not
find a way to hide/disable them conditionally.

Fixes #3897

"Remember me" is only available when logging in with password. I see
this as an "advanced" feature. The passwordless login flow is easy so
not a big hassle to do it once a day.

Organisation that wants to can set `SESSION_COOKIE_AGE` to a custom
value, e.g. set it to two weeks to reagin the old behaviour.

To disable "Remember me" set `SESSION_COOKIE_AGE` to the same value as
`SESSION_COOKIE_AGE_LONG`

This PR also:

* removes unused code is_public_site
* removes unused code register_extra_text
* removes all use of link-button* classes. Buttons are now only handled
by the button class.
* add a tiny border radius to all buttons (this is something we
implement on all elements in Hypha)

the Sandbox site has been updated to Hypha 5.8.0 & now the database dump
reflects that

Bumps [werkzeug](https://github.com/pallets/werkzeug) from 3.0.1 to
3.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/werkzeug/releases">werkzeug's
releases</a>.</em></p>
<blockquote>
<h2>3.0.3</h2>
<p>This is the Werkzeug 3.0.3 security release, which fixes security
issues and bugs but does not otherwise change behavior and should not
result in breaking changes.</p>
<p>PyPI: <a
href="https://pypi.org/project/Werkzeug/3.0.3/">https://pypi.org/project/Werkzeug/3.0.3/</a>
Changes: <a
href="https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-3">https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-3</a>
Milestone: <a
href="https://github.com/pallets/werkzeug/milestone/35?closed=1">https://github.com/pallets/werkzeug/milestone/35?closed=1</a></p>
<ul>
<li>Only allow <code>localhost</code>, <code>.localhost</code>,
<code>127.0.0.1</code>, or the specified hostname when running the dev
server, to make debugger requests. Additional hosts can be added by
using the debugger middleware directly. The debugger UI makes requests
using the full URL rather than only the path. GHSA-2g68-c3qc-8985</li>
<li>Make reloader more robust when <code>&quot;&quot;</code> is in
<code>sys.path</code>. <a
href="https://redirect.github.com/pallets/werkzeug/issues/2823">#2823</a></li>
<li>Better TLS cert format with <code>adhoc</code> dev certs. <a
href="https://redirect.github.com/pallets/werkzeug/issues/2891">#2891</a></li>
<li>Inform Python &lt; 3.12 how to handle <code>itms-services</code>
URIs correctly, rather than using an overly-broad workaround in Werkzeug
that caused some redirect URIs to be passed on without encoding. <a
href="https://redirect.github.com/pallets/werkzeug/issues/2828">#2828</a></li>
<li>Type annotation for <code>Rule.endpoint</code> and other uses of
<code>endpoint</code> is <code>Any</code>. <a
href="https://redirect.github.com/pallets/werkzeug/issues/2836">#2836</a></li>
</ul>
<h2>3.0.2</h2>
<p>This is a fix release for the 3.0.x feature branch.</p>
<ul>
<li>Changes: <a
href="https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-2">https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-2</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/werkzeug/blob/main/CHANGES.rst">werkzeug's
changelog</a>.</em></p>
<blockquote>
<h2>Version 3.0.3</h2>
<p>Released 2024-05-05</p>
<ul>
<li>
<p>Only allow <code>localhost</code>, <code>.localhost</code>,
<code>127.0.0.1</code>, or the specified
hostname when running the dev server, to make debugger requests.
Additional
hosts can be added by using the debugger middleware directly. The
debugger
UI makes requests using the full URL rather than only the path.
:ghsa:<code>2g68-c3qc-8985</code></p>
</li>
<li>
<p>Make reloader more robust when <code>&quot;&quot;</code> is in
<code>sys.path</code>. 🇵🇷<code>2823</code></p>
</li>
<li>
<p>Better TLS cert format with <code>adhoc</code> dev certs.
🇵🇷<code>2891</code></p>
</li>
<li>
<p>Inform Python &lt; 3.12 how to handle <code>itms-services</code> URIs
correctly, rather
than using an overly-broad workaround in Werkzeug that caused some
redirect
URIs to be passed on without encoding. :issue:<code>2828</code></p>
</li>
<li>
<p>Type annotation for <code>Rule.endpoint</code> and other uses of
<code>endpoint</code> is
<code>Any</code>. :issue:<code>2836</code></p>
</li>
<li>
<p>Make reloader more robust when <code>&quot;&quot;</code> is in
<code>sys.path</code>. 🇵🇷<code>2823</code></p>
</li>
</ul>
<h2>Version 3.0.2</h2>
<p>Released 2024-04-01</p>
<ul>
<li>Ensure setting <code>merge_slashes</code> to <code>False</code>
results in <code>NotFound</code> for
repeated-slash requests against single slash routes.
:issue:<code>2834</code></li>
<li>Fix handling of <code>TypeError</code> in
<code>TypeConversionDict.get()</code> to match
<code>ValueError</code>. :issue:<code>2843</code></li>
<li>Fix <code>response_wrapper</code> type check in test client.
:issue:<code>2831</code></li>
<li>Make the return type of <code>MultiPartParser.parse</code> more
precise.
:issue:<code>2840</code></li>
<li>Raise an error if converter arguments cannot be parsed.
:issue:<code>2822</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pallets/werkzeug/commit/f9995e967979eb694d6b31536cc65314fd7e9c8c"><code>f9995e9</code></a>
release version 3.0.3</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692"><code>3386395</code></a>
Merge pull request from GHSA-2g68-c3qc-8985</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/890b6b62634fa61224222aee31081c61b054ff01"><code>890b6b6</code></a>
only require trusted host for evalex</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/71b69dfb7df3d912e66bab87fbb1f21f83504967"><code>71b69df</code></a>
restrict debugger trusted hosts</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/d2d3869525a4ffb2c41dfb2c0e39d94dab2d870c"><code>d2d3869</code></a>
endpoint type is Any (<a
href="https://redirect.github.com/pallets/werkzeug/issues/2895">#2895</a>)</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/7080b55acd48b68afdda65ee6c7f99e9afafb0ba"><code>7080b55</code></a>
endpoint type is Any</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/7555eff296fbdf12f2e576b6bbb0b506df8417ed"><code>7555eff</code></a>
remove iri_to_uri redirect workaround (<a
href="https://redirect.github.com/pallets/werkzeug/issues/2894">#2894</a>)</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/97fb2f722297ae4e12e36dab024e0acf8477b3c8"><code>97fb2f7</code></a>
remove _invalid_iri_to_uri workaround</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/249527ff981e7aa22cd714825c5637cc92df7761"><code>249527f</code></a>
make cn field a valid single hostname, and use wildcard in SANs field.
(<a
href="https://redirect.github.com/pallets/werkzeug/issues/2892">#2892</a>)</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/793be472c9d145eb9be7d4200672d1806289d84a"><code>793be47</code></a>
update adhoc tls dev cert format</li>
<li>Additional commits viewable in <a
href="https://github.com/pallets/werkzeug/compare/3.0.1...3.0.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=werkzeug&package-manager=pip&previous-version=3.0.1&new-version=3.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/HyphaApp/hypha/network/alerts

).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Fixes #3892. This solution was a bit unruly (especially ugly after
linting) but it seemed like the logical approach without refactoring the
whole `visibility_for` to be a normal method rather than a class method.
This fix evaluates if the partner/reviewer is the author of the source
submission first before evaluating the their role. The reviewer role was
also lumped in here because even though I know we advise against a
reviewer also being an applicant, it still could happen without
oversight.

I tried to keep the code as clean as I could and reuse QuerySets, but
let me know if y'all see any way I can optimize!

Small but my own typos in this template have driven me nuts for every PR
I've made haha

Fixes #3849 

Fixes #3886

Fixes https://github.com/HyphaApp/hypha/issues/3902

Also, refractor and allow for importing permission functions from
anywhere and not just limit to be imported from the
`hypha.users.decorators` module

This PR also doesn't display project info on the dashboard if the
projects is not enabled

For the stats block at the top of the dashboard, if the projects is not
abled displays the count of flagged submissions and the count of
previously reviewed submissions

Simplify the nav generator logic. 

With `PROJECTS_ENABLED = True`, Project Report Forms may now be
created in Wagtail Admin and associated with a Fund.

Project reports use the form configured in Wagtail admin. To add or
edit a report form, use `Projects -> Report Forms`. To bind a report
form to a given Fund, use `Apply -> Funds`, set `Project Report Form`.

When projects are enabled, a project shows the Reports in various
project interfaces. A new project report will use the current fields
from the Project Report Form associated with the Fund from which the
Submission/Application was granted. An existing report, when edited,
will use the original fields at the time that report was first filed.
This behavior appears consistent with at least one other similar form.

Thanks to Frank Duncan for the "View" functionality in
hypha/apply/projects/templates/application_projects/report_detail.html
and NonFileFormFieldsBlockFactory for tests that don't need files
as well as re-adding the url for project file lookup by id.

Co-authored-by: Frank Duncan <frankduncan@opentechstrategies.com>

---------

Co-authored-by: Jesse Bickel <bickelj@gmail.com>
Co-authored-by: Frank Duncan <frankduncan@opentechstrategies.com>

Due to djhtml the emails templates where formatted with indendation.
That lead to alignment also being present in the plain-text emails.

This was an unintentional behaviour that this PR fixes by adding {#
fmt:off #} markers in the email templates so djhtml won't format them

- [x] Convert toggle-related.js to vanillajs.
- [x] On submission detail convert toggle-actions-panel.js to alpinejs.
- [x] Convert submission-text-cleanup.js to vanillajs.
- [x] Replace dropdown.js with alpinejs.
- [x] Convert all-submissions-table.js to vanillajs.
- [x] Convert application-form-links-new-window.js to vanillajs.
- [x] Made PAF and SOW views and download buttons to look the same.

Bumps
[social-auth-app-django](https://github.com/python-social-auth/social-app-django)
from 5.4.0 to 5.4.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/python-social-auth/social-app-django/releases">social-auth-app-django's
releases</a>.</em></p>
<blockquote>
<h2>Release 5.4.1</h2>
<h3>Changed</h3>
<ul>
<li>Added reverse migration for JSON field</li>
<li>Fixed improper handling of case sensitivity with MySQL/MariaDB (<a
href="https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3">CVE-2024-32879</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/python-social-auth/social-app-django/blob/master/CHANGELOG.md">social-auth-app-django's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/python-social-auth/social-app-django/releases/tag/5.4.1">5.4.1</a>
- 2024-04-24</h2>
<h3>Changed</h3>
<ul>
<li>Added reverse migration for JSON field</li>
<li>Fixed improper handling of case sensitivity with MySQL/MariaDB
(CVE-2024-32879)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/593ee4638eab9b1d9f252393a21ead643e3ceae6"><code>593ee46</code></a>
Version bump 5.4.1</li>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138"><code>31c3e0c</code></a>
models: make sure uid is compared case-sensitive</li>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/7033ff73993a4c3666d989930bbc15e87925abc9"><code>7033ff7</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/39da389c6b2a1d8f50768633269558fd609454b8"><code>39da389</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/0ec1bca6d6193e291a22f576ce30d44614258e96"><code>0ec1bca</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/03bce61f71978ae52fdd1db4118055f48de9f901"><code>03bce61</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/2278da6a1b20f9af23884084854b345a9284bf37"><code>2278da6</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/033302cdbf7a25ce900b6894bc0e683586b6162e"><code>033302c</code></a>
build(deps-dev): bump tox from 4.14.1 to 4.14.2</li>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/c50bc4a81127fff2fe4fdc619dd2e360bbe132b0"><code>c50bc4a</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/13e10d943b836e68fcf7a7307d705519ec153481"><code>13e10d9</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li>Additional commits viewable in <a
href="https://github.com/python-social-auth/social-app-django/compare/5.4.0...5.4.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=social-auth-app-django&package-manager=pip&previous-version=5.4.0&new-version=5.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/HyphaApp/hypha/network/alerts

).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

- ~Change the background of the page to light grey~
- Add border to each of the tasks

Fixes #3828 

Fixes #3875. 

Switches order to date submitted in `Related Submission`'s
`Past Submissions`

The messages display below the opinion buttons looks like part of the
rest of the form display

This PR add styling so the info displayed is little different

Fixes #2685

Fixes #3782.

Rather than having `is_staff` set to true when a user's
email is the org's domain, this sets it true when a user is Staff Admin
or a Superuser. Also includes a migration to handle existing cases where
Staff Admins are not `is_staff`.

Co-authored-by: Sandeep Chauhan <sandeepsajan0@gmail.com>
Co-authored-by: Saurabh Kumar <theskumar@users.noreply.github.com>

Inline error messages

Fixes https://github.com/HyphaApp/hypha/issues/3842

Fixes #3861 

Fixes #3788 and a few other issues. The main problems being seen around
the preview were when it came to the edit view. This was because the use
of the `Draft` status was being relied on for the saving of content
before previews, when realistically a new application revision had the
same effect.

Previously, Admins/Staff could submit new applications, but could not
submit existing applications. This is why when an Admin had attempted to
submit a preview or submit an edited application, they could not do so.
This functionality has been moved from `ApplicantSubmissionEditView` to
`BaseSubmissionEditView` as it made sense to me that Admins would be
able to access the same edit workflow & transitions as Applicants. I
believe most OTF staff avoid editing incoming applications though.

Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 21.2.0 to
22.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/benoitc/gunicorn/releases">gunicorn's
releases</a>.</em></p>
<blockquote>
<h2>Gunicorn 22.0 has been released</h2>
<p><strong>Gunicorn 22.0.0 has been released.</strong> This version fix
the numerous security vulnerabilities. You're invited to upgrade asap
your own installation.</p>
<p>Changes:</p>
<pre><code>22.0.0 - 2024-04-17
===================
<ul>
<li>use <code>utime</code> to notify workers liveness</li>
<li>migrate setup to pyproject.toml</li>
<li>fix numerous security vulnerabilities in HTTP parser (closing some
request smuggling vectors)</li>
<li>parsing additional requests is no longer attempted past unsupported
request framing</li>
<li>on HTTP versions &lt; 1.1 support for chunked transfer is refused
(only used in exploits)</li>
<li>requests conflicting configured or passed SCRIPT_NAME now produce a
verbose error</li>
<li>Trailer fields are no longer inspected for headers indicating secure
scheme</li>
<li>support Python 3.12</li>
</ul>
<p>** Breaking changes **</p>
<ul>
<li>minimum version is Python 3.7</li>
<li>the limitations on valid characters in the HTTP method have been
bounded to Internet Standards</li>
<li>requests specifying unsupported transfer coding (order) are refused
by default (rare)</li>
<li>HTTP methods are no longer casefolded by default (IANA method
registry contains none affected)</li>
<li>HTTP methods containing the number sign (#) are no longer accepted
by default (rare)</li>
<li>HTTP versions &lt; 1.0 or &gt;= 2.0 are no longer accepted by
default (rare, only HTTP/1.1 is supported)</li>
<li>HTTP versions consisting of multiple digits or containing a
prefix/suffix are no longer accepted</li>
<li>HTTP header field names Gunicorn cannot safely map to variables are
silently dropped, as in other software</li>
<li>HTTP headers with empty field name are refused by default (no
legitimate use cases, used in exploits)</li>
<li>requests with both Transfer-Encoding and Content-Length are refused
by default (such a message might indicate an attempt to perform request
smuggling)</li>
<li>empty transfer codings are no longer permitted (reportedly seen with
really old &amp; broken proxies)</li>
</ul>
<p>** SECURITY **</p>
<ul>
<li>fix CVE-2024-1135
</code></pre></li>
</ul>
<ol>
<li>Documentation is available there: <a
href="https://docs.gunicorn.org/en/stable/news.html">https://docs.gunicorn.org/en/stable/news.html</a></li>
<li>Packages: <a
href="https://pypi.org/project/gunicorn/">https://pypi.org/project/gunicorn/</a></li>
</ol>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/benoitc/gunicorn/commit/f63d59e4d73a8ee28748d2c700fb81c8780bc419"><code>f63d59e</code></a>
bump to 22.0</li>
<li><a
href="https://github.com/benoitc/gunicorn/commit/4ac81e0a1037ba5b570323be7430e09caa233e38"><code>4ac81e0</code></a>
Merge pull request <a
href="https://redirect.github.com/benoitc/gunicorn/issues/3175">#3175</a>
from e-kwsm/typo</li>
<li><a
href="https://github.com/benoitc/gunicorn/commit/401cecfaed85d79236c7a9a1f7d8946b01c466fc"><code>401cecf</code></a>
Merge pull request <a
href="https://redirect.github.com/benoitc/gunicorn/issues/3179">#3179</a>
from dhdaines/exclude-eventlet-0360</li>
<li><a
href="https://github.com/benoitc/gunicorn/commit/0243ec39ef4fc1b479ff4e1659e165f0b980b571"><code>0243ec3</code></a>
fix(deps): exclude eventlet 0.36.0</li>
<li><a
href="https://github.com/benoitc/gunicorn/commit/628a0bcb61ef3a211d67dfd68ad1ba161cccb3b8"><code>628a0bc</code></a>
chore: fix typos</li>
<li><a
href="https://github.com/benoitc/gunicorn/commit/88fc4a43152039c28096c8ba3eeadb3fbaa4aff9"><code>88fc4a4</code></a>
Merge pull request <a
href="https://redirect.github.com/benoitc/gunicorn/issues/3131">#3131</a>
from pajod/patch-py12-rebased</li>
<li><a
href="https://github.com/benoitc/gunicorn/commit/deae2fc4c5f93bfce59be5363055d4cd4ab1b0b6"><code>deae2fc</code></a>
CI: back off the agressive timeout</li>
<li><a
href="https://github.com/benoitc/gunicorn/commit/f4703824c323fe6867dce0e2f11013b8de319353"><code>f470382</code></a>
docs: promise 3.12 compat</li>
<li><a
href="https://github.com/benoitc/gunicorn/commit/5e30bfa6b1a3e1f2bde7feb514d1734d28f39231"><code>5e30bfa</code></a>
add changelog to project.urls (updated for PEP621)</li>
<li><a
href="https://github.com/benoitc/gunicorn/commit/481c3f9522edc58806a3efc5b49be4f202cc7700"><code>481c3f9</code></a>
remove setup.cfg - overridden by pyproject.toml</li>
<li>Additional commits viewable in <a
href="https://github.com/benoitc/gunicorn/compare/21.2.0...22.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gunicorn&package-manager=pip&previous-version=21.2.0&new-version=22.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/HyphaApp/hypha/network/alerts

).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Fixes https://github.com/HyphaApp/hypha/issues/3853

Adds a max-height and overscoll to the dropdown items