Commits · c20578f6fd9a6829c3a2f800bf51f68b48367db5 · ots / hypha

Sep 03, 2024
- Update Django to 4.2.16. (#4123) · 20021740
  Fredrik Jonsson authored 6 months ago
  
  View commits for tag v5.14.1 v5.14.1
  
  20021740
Aug 15, 2024

Sanitize user `full_name` without roadblocks (#4061) · eacfd774

Jesse Bickel authored 7 months ago


Rather than impeding the flow of users setting full name or requiring a
new variable to be set by administrators, clean up users' given full
names. This means removing all HTML tags and removing colons and
slashes. It may be unfriendly to people such as "David-Wynn: Miller" but
this is the cost of nerfing spam URLs in full names.

Fixes #4060


Co-authored-by: Frank Duncan <frankduncan@opentechstrategies.com>

eacfd774

Aug 06, 2024
- Update Django to 4.2.15. (#4077) · 9d29ae41
  Fredrik Jonsson authored 7 months ago
  
  View commits for tag v5.12.1 v5.12.1
  
  9d29ae41
Jul 23, 2024

Fix dependencies, freeze python-bidi to 0.4.2, v5 breaks installation (#4066) · 15182214

Saurabh Kumar authored 7 months ago

Right now, the dependency installation is broken, the xhtml2pdf fails
for
latest version python-bidi. 

https://stackoverflow.com/a/78776520

15182214

Jul 18, 2024

Bump sentry-sdk from 1.42.0 to 2.8.0 (#4063) · eb3462ea

dependabot[bot] authored 8 months ago

Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from
1.42.0 to 2.8.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/sentry-python/releases">sentry-sdk's
releases</a>.</em></p>
<blockquote>
<h2>2.8.0</h2>
<h3>Various fixes &amp; improvements</h3>
<ul>
<li><code>profiler_id</code> uses underscore (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3249">#3249</a>)
by <a
href="https://github.com/Zylphrex"><code>@Zylphrex</code></a></li>
<li>Don't send full env to subprocess (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3251">#3251</a>)
by <a
href="https://github.com/kmichel-aiven"><code>@kmichel-aiven</code></a></li>
<li>Stop using <code>Hub</code> in <code>HttpTransport</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3247">#3247</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@szokeasaurusrex</code></a></li>
<li>Remove <code>ipdb</code> from test requirements (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3237">#3237</a>)
by <a href="https://github.com/rominf"><code>@rominf</code></a></li>
<li>Avoid propagation of empty baggage (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2968">#2968</a>)
by <a
href="https://github.com/hartungstenio"><code>@hartungstenio</code></a></li>
<li>Add entry point for <code>SentryPropagator</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3086">#3086</a>)
by <a href="https://github.com/mender"><code>@mender</code></a></li>
<li>Bump checkouts/data-schemas from <code>8c13457</code> to
<code>88273a9</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3225">#3225</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
</ul>
<h2>2.7.1</h2>
<h3>Various fixes &amp; improvements</h3>
<ul>
<li>fix(otel): Fix missing baggage (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3218">#3218</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></li>
<li>This is the config file of asdf-vm which we do not use. (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3215">#3215</a>)
by <a
href="https://github.com/antonpirker"><code>@antonpirker</code></a></li>
<li>Added option to disable middleware spans in Starlette (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3052">#3052</a>)
by <a
href="https://github.com/antonpirker"><code>@antonpirker</code></a></li>
<li>build: Update tornado version in setup.py to match code check. (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3206">#3206</a>)
by <a
href="https://github.com/aclemons"><code>@aclemons</code></a></li>
</ul>
<h2>2.7.0</h2>
<ul>
<li>Add <code>origin</code> to spans and transactions (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3133">#3133</a>)
by <a
href="https://github.com/antonpirker"><code>@antonpirker</code></a></li>
<li>OTel: Set up typing for OTel (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3168">#3168</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></li>
<li>OTel: Auto instrumentation skeleton (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3143">#3143</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></li>
<li>OpenAI: If there is an internal error, still return a value (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3192">#3192</a>)
by <a
href="https://github.com/colin-sentry"><code>@colin-sentry</code></a></li>
<li>MongoDB: Add MongoDB collection span tag (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3182">#3182</a>)
by <a
href="https://github.com/0Calories"><code>@0Calories</code></a></li>
<li>MongoDB: Change span operation from <code>db.query</code> to
<code>db</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3186">#3186</a>)
by <a
href="https://github.com/0Calories"><code>@0Calories</code></a></li>
<li>MongoDB: Remove redundant command name in query description (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3189">#3189</a>)
by <a
href="https://github.com/0Calories"><code>@0Calories</code></a></li>
<li>Apache Spark: Fix spark driver integration (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3162">#3162</a>)
by <a
href="https://github.com/seyoon-lim"><code>@seyoon-lim</code></a></li>
<li>Apache Spark: Add Spark test suite to tox.ini and to CI (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3199">#3199</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></li>
<li>Codecov: Add failed test commits in PRs (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3190">#3190</a>)
by <a
href="https://github.com/antonpirker"><code>@antonpirker</code></a></li>
<li>Update library, Python versions in tests (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3202">#3202</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></li>
<li>Remove Hub from our test suite (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3197">#3197</a>)
by <a
href="https://github.com/antonpirker"><code>@antonpirker</code></a></li>
<li>Use env vars for default CA cert bundle location (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3160">#3160</a>)
by <a
href="https://github.com/DragoonAethis"><code>@DragoonAethis</code></a></li>
<li>Create a separate test group for AI (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3198">#3198</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></li>
<li>Add additional stub packages for type checking (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3122">#3122</a>)
by <a
href="https://github.com/Daverball"><code>@Daverball</code></a></li>
<li>Proper naming of requirements files (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3191">#3191</a>)
by <a
href="https://github.com/antonpirker"><code>@antonpirker</code></a></li>
<li>Pinning pip because new version does not work with some versions of
Celery and Httpx (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3195">#3195</a>)
by <a
href="https://github.com/antonpirker"><code>@antonpirker</code></a></li>
<li>build(deps): bump supercharge/redis-github-action from 1.7.0 to
1.8.0 (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3193">#3193</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump actions/checkout from 4.1.6 to 4.1.7 (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3171">#3171</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): update pytest-asyncio requirement (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3087">#3087</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
</ul>
<h2>2.6.0</h2>
<ul>
<li>Introduce continuous profiling mode (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2830">#2830</a>)
by <a
href="https://github.com/Zylphrex"><code>@Zylphrex</code></a></li>
<li>Profiling: Add deprecation comment for profiler internals (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3167">#3167</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></li>
<li>Profiling: Move thread data to trace context (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3157">#3157</a>)
by <a
href="https://github.com/Zylphrex"><code>@Zylphrex</code></a></li>
<li>Explicitly export cron symbols for typecheckers (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3072">#3072</a>)
by <a href="https://github.com/spladug"><code>@spladug</code></a></li>
<li>Cleaning up ASGI tests for Django (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3180">#3180</a>)
by <a
href="https://github.com/antonpirker"><code>@antonpirker</code></a></li>
<li>Celery: Add Celery receive latency (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3174">#3174</a>)
by <a
href="https://github.com/antonpirker"><code>@antonpirker</code></a></li>
<li>Metrics: Update type hints for tag values (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3156">#3156</a>)
by <a href="https://github.com/elramen"><code>@elramen</code></a></li>
<li>Django: Fix psycopg3 reconnect error (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3111">#3111</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@szokeasaurusrex</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md">sentry-sdk's
changelog</a>.</em></p>
<blockquote>
<h2>2.8.0</h2>
<h3>Various fixes &amp; improvements</h3>
<ul>
<li><code>profiler_id</code> uses underscore (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3249">#3249</a>)
by <a
href="https://github.com/Zylphrex"><code>@Zylphrex</code></a></li>
<li>Don't send full env to subprocess (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3251">#3251</a>)
by <a
href="https://github.com/kmichel-aiven"><code>@kmichel-aiven</code></a></li>
<li>Stop using <code>Hub</code> in <code>HttpTransport</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3247">#3247</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@szokeasaurusrex</code></a></li>
<li>Remove <code>ipdb</code> from test requirements (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3237">#3237</a>)
by <a href="https://github.com/rominf"><code>@rominf</code></a></li>
<li>Avoid propagation of empty baggage (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2968">#2968</a>)
by <a
href="https://github.com/hartungstenio"><code>@hartungstenio</code></a></li>
<li>Add entry point for <code>SentryPropagator</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3086">#3086</a>)
by <a href="https://github.com/mender"><code>@mender</code></a></li>
<li>Bump checkouts/data-schemas from <code>8c13457</code> to
<code>88273a9</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3225">#3225</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
</ul>
<h2>2.7.1</h2>
<h3>Various fixes &amp; improvements</h3>
<ul>
<li>fix(otel): Fix missing baggage (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3218">#3218</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></li>
<li>This is the config file of asdf-vm which we do not use. (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3215">#3215</a>)
by <a
href="https://github.com/antonpirker"><code>@antonpirker</code></a></li>
<li>Added option to disable middleware spans in Starlette (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3052">#3052</a>)
by <a
href="https://github.com/antonpirker"><code>@antonpirker</code></a></li>
<li>build: Update tornado version in setup.py to match code check. (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3206">#3206</a>)
by <a
href="https://github.com/aclemons"><code>@aclemons</code></a></li>
</ul>
<h2>2.7.0</h2>
<ul>
<li>Add <code>origin</code> to spans and transactions (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3133">#3133</a>)
by <a
href="https://github.com/antonpirker"><code>@antonpirker</code></a></li>
<li>OTel: Set up typing for OTel (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3168">#3168</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></li>
<li>OTel: Auto instrumentation skeleton (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3143">#3143</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></li>
<li>OpenAI: If there is an internal error, still return a value (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3192">#3192</a>)
by <a
href="https://github.com/colin-sentry"><code>@colin-sentry</code></a></li>
<li>MongoDB: Add MongoDB collection span tag (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3182">#3182</a>)
by <a
href="https://github.com/0Calories"><code>@0Calories</code></a></li>
<li>MongoDB: Change span operation from <code>db.query</code> to
<code>db</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3186">#3186</a>)
by <a
href="https://github.com/0Calories"><code>@0Calories</code></a></li>
<li>MongoDB: Remove redundant command name in query description (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3189">#3189</a>)
by <a
href="https://github.com/0Calories"><code>@0Calories</code></a></li>
<li>Apache Spark: Fix spark driver integration (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3162">#3162</a>)
by <a
href="https://github.com/seyoon-lim"><code>@seyoon-lim</code></a></li>
<li>Apache Spark: Add Spark test suite to tox.ini and to CI (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3199">#3199</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></li>
<li>Codecov: Add failed test commits in PRs (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3190">#3190</a>)
by <a
href="https://github.com/antonpirker"><code>@antonpirker</code></a></li>
<li>Update library, Python versions in tests (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3202">#3202</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></li>
<li>Remove Hub from our test suite (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3197">#3197</a>)
by <a
href="https://github.com/antonpirker"><code>@antonpirker</code></a></li>
<li>Use env vars for default CA cert bundle location (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3160">#3160</a>)
by <a
href="https://github.com/DragoonAethis"><code>@DragoonAethis</code></a></li>
<li>Create a separate test group for AI (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3198">#3198</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></li>
<li>Add additional stub packages for type checking (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3122">#3122</a>)
by <a
href="https://github.com/Daverball"><code>@Daverball</code></a></li>
<li>Proper naming of requirements files (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3191">#3191</a>)
by <a
href="https://github.com/antonpirker"><code>@antonpirker</code></a></li>
<li>Pinning pip because new version does not work with some versions of
Celery and Httpx (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3195">#3195</a>)
by <a
href="https://github.com/antonpirker"><code>@antonpirker</code></a></li>
<li>build(deps): bump supercharge/redis-github-action from 1.7.0 to
1.8.0 (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3193">#3193</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): bump actions/checkout from 4.1.6 to 4.1.7 (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3171">#3171</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
<li>build(deps): update pytest-asyncio requirement (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3087">#3087</a>)
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a></li>
</ul>
<h2>2.6.0</h2>
<ul>
<li>Introduce continuous profiling mode (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2830">#2830</a>)
by <a
href="https://github.com/Zylphrex"><code>@Zylphrex</code></a></li>
<li>Profiling: Add deprecation comment for profiler internals (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3167">#3167</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></li>
<li>Profiling: Move thread data to trace context (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3157">#3157</a>)
by <a
href="https://github.com/Zylphrex"><code>@Zylphrex</code></a></li>
<li>Explicitly export cron symbols for typecheckers (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3072">#3072</a>)
by <a href="https://github.com/spladug"><code>@spladug</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/getsentry/sentry-python/commit/6f4685e29b072d02edfb5c9def75120e88e600e4"><code>6f4685e</code></a>
Update CHANGELOG.md</li>
<li><a
href="https://github.com/getsentry/sentry-python/commit/7e6998e13ff3927a76f609c15ff2be5e0ce8b40c"><code>7e6998e</code></a>
release: 2.8.0</li>
<li><a
href="https://github.com/getsentry/sentry-python/commit/32335dde277fa4467826170bf8a659a109921d60"><code>32335dd</code></a>
fix(profiling): profiler_id uses underscore (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3249">#3249</a>)</li>
<li><a
href="https://github.com/getsentry/sentry-python/commit/763e40aa4cb57ecced467f48f78f335c87e9bdff"><code>763e40a</code></a>
fix(integrations): don't send full env to subprocess (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3251">#3251</a>)</li>
<li><a
href="https://github.com/getsentry/sentry-python/commit/31efa62c90e5b88c6c15b55f6908a25133d65958"><code>31efa62</code></a>
ref(transport): Stop using <code>Hub</code> in
<code>HttpTransport</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3247">#3247</a>)</li>
<li><a
href="https://github.com/getsentry/sentry-python/commit/defb44860283348576a957ba481b2359bcc40a54"><code>defb448</code></a>
build: Remove ipdb from test requirements (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3237">#3237</a>)</li>
<li><a
href="https://github.com/getsentry/sentry-python/commit/407f651f66fa811a20241579aa7881de624b3e20"><code>407f651</code></a>
feat(opentelemetry): Add entry point for SentryPropagator (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3086">#3086</a>)</li>
<li><a
href="https://github.com/getsentry/sentry-python/commit/eab218c91ae2b894df18751e347fd94972a4fe06"><code>eab218c</code></a>
build(deps): bump checkouts/data-schemas from <code>8c13457</code> to
<code>88273a9</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3225">#3225</a>)</li>
<li><a
href="https://github.com/getsentry/sentry-python/commit/57825605d952bcf0272c52c5f382bf3e34935819"><code>5782560</code></a>
fix(opentelemetry): avoid propagation of empty baggage (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2968">#2968</a>)</li>
<li><a
href="https://github.com/getsentry/sentry-python/commit/6701616b615d36ad2ee35e87232d513ac5dede2b"><code>6701616</code></a>
Merge branch 'release/2.7.1'</li>
<li>Additional commits viewable in <a
href="https://github.com/getsentry/sentry-python/compare/1.42.0...2.8.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sentry-sdk&package-manager=pip&previous-version=1.42.0&new-version=2.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/HyphaApp/hypha/network/alerts

).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

eb3462ea

Jul 17, 2024
- Update the django-tinymce package, now includes TinyMCE 6. (#4024) · 7d4f3692
  Fredrik Jonsson authored 8 months ago
  
  7d4f3692
Jul 11, 2024

Bump wagtail from 5.2.5 to 5.2.6 (#4045) · 28a1b21d

dependabot[bot] authored 8 months ago

Bumps [wagtail](https://github.com/wagtail/wagtail) from 5.2.5 to 5.2.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/wagtail/wagtail/releases">wagtail's
releases</a>.</em></p>
<blockquote>
<h2>5.2.6</h2>
<ul>
<li>Fix: CVE-2024-39317: Regular expression denial-of-service via search
query parsing (Jake Howard)</li>
<li>Fix: Fix image preview when Willow optimizers are enabled (Alex
Tomkins)</li>
<li>Maintenance: Remove django-pattern-library upper bound in testing
dependencies (Sage Abdullah)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/wagtail/wagtail/blob/main/CHANGELOG.txt">wagtail's
changelog</a>.</em></p>
<blockquote>
<p>5.2.6 (11.07.2024)</p>
<pre><code>
* Fix: CVE-2024-39317: Regular expression denial-of-service via search
query parsing (Jake Howard)
* Fix: Fix image preview when Willow optimizers are enabled (Alex
Tomkins)
* Maintenance: Remove django-pattern-library upper bound in testing
dependencies (Sage Abdullah)
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/wagtail/wagtail/commit/3ee28ee8b2554232a8854035277d442e46975b0c"><code>3ee28ee</code></a>
Fix test syntax for Python&lt;=3.11</li>
<li><a
href="https://github.com/wagtail/wagtail/commit/b8f839449e619b14bca2e91eaf9b503c898e23c5"><code>b8f8394</code></a>
Version bump to 5.2.6</li>
<li><a
href="https://github.com/wagtail/wagtail/commit/b49de41e76eacc69fc86e099aecb1e5b60594a12"><code>b49de41</code></a>
Fill in release date for 5.2.6</li>
<li><a
href="https://github.com/wagtail/wagtail/commit/68917f1c97124463dd7b2a417a36ed3ed5bc2785"><code>68917f1</code></a>
Release note for CVE-2024-39317 in 5.2.6</li>
<li><a
href="https://github.com/wagtail/wagtail/commit/31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2"><code>31b1e85</code></a>
Require word boundaries before search query filters
(CVE-2024-39317)</li>
<li><a
href="https://github.com/wagtail/wagtail/commit/d398c3f38207b1de51002c5aa2246973833a54cc"><code>d398c3f</code></a>
Do not set STATICFILES_STORAGE in test settings on Django &gt;= 4.2</li>
<li><a
href="https://github.com/wagtail/wagtail/commit/fea0cde8e588cc66628592fbf26044eb59de7080"><code>fea0cde</code></a>
Install django-rest-framework 3.15.1 when testing against Django
3.2</li>
<li><a
href="https://github.com/wagtail/wagtail/commit/7f1a42ae8a91e93cb2da5f01f71d6a8a4f937906"><code>7f1a42a</code></a>
Add release notes for 5.2.6</li>
<li><a
href="https://github.com/wagtail/wagtail/commit/71e6f69a4ba84b8f1cd5f13ef9becae2e4444725"><code>71e6f69</code></a>
Remove upper bound on django-pattern-library in testing
dependencies</li>
<li><a
href="https://github.com/wagtail/wagtail/commit/67a968cb920730cc7cb839fba622d531663416b2"><code>67a968c</code></a>
Fix image preview when Willow optimizers are enabled (<a
href="https://redirect.github.com/wagtail/wagtail/issues/12047">#12047</a>)</li>
<li>See full diff in <a
href="https://github.com/wagtail/wagtail/compare/v5.2.5...v5.2.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=wagtail&package-manager=pip&previous-version=5.2.5&new-version=5.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/HyphaApp/hypha/network/alerts

).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

28a1b21d

Update Django to 4.2.14. Fix some test cases and update test_durations. (#4039) · a64852ae
Fredrik Jonsson authored 8 months ago

View commits for tag v5.11.1 v5.11.1

a64852ae

Jun 27, 2024

Bump djangorestframework from 3.15.0 to 3.15.2 (#4011) · 923f2e9a

dependabot[bot] authored 8 months ago

Bumps
[djangorestframework](https://github.com/encode/django-rest-framework)
from 3.15.0 to 3.15.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/encode/django-rest-framework/releases">djangorestframework's
releases</a>.</em></p>
<blockquote>
<h2>Version 3.15.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update the message to be consistent with the Django `HttpResponseBa…
by <a href="https://github.com/maycuatroi"><code>@maycuatroi</code></a>
in <a
href="https://redirect.github.com/encode/django-rest-framework/pull/9287">encode/django-rest-framework#9287</a></li>
<li>Make <code>inflection</code> package truly optional by <a
href="https://github.com/browniebroke"><code>@browniebroke</code></a>
in <a
href="https://redirect.github.com/encode/django-rest-framework/pull/9303">encode/django-rest-framework#9303</a></li>
<li>Fix broken links in release notes for 3.15 by <a
href="https://github.com/browniebroke"><code>@browniebroke</code></a>
in <a
href="https://redirect.github.com/encode/django-rest-framework/pull/9305">encode/django-rest-framework#9305</a></li>
<li>TokenAdmin.autocomplete_fields Breaks Some Use Cases, Revert by <a
href="https://github.com/alexdlaird"><code>@alexdlaird</code></a> in <a
href="https://redirect.github.com/encode/django-rest-framework/pull/9301">encode/django-rest-framework#9301</a></li>
<li>Add drf-sendables to third-party-packages.md by <a
href="https://github.com/amikrop"><code>@amikrop</code></a> in <a
href="https://redirect.github.com/encode/django-rest-framework/pull/9261">encode/django-rest-framework#9261</a></li>
<li>Revert &quot;feat: Add some changes to ValidationError to support
django style vad…&quot; by <a
href="https://github.com/auvipy"><code>@auvipy</code></a> in <a
href="https://redirect.github.com/encode/django-rest-framework/pull/9326">encode/django-rest-framework#9326</a></li>
<li>Revert &quot;Re-prefetch related objects after updating&quot; by <a
href="https://github.com/auvipy"><code>@auvipy</code></a> in <a
href="https://redirect.github.com/encode/django-rest-framework/pull/9327">encode/django-rest-framework#9327</a></li>
<li>Revert <a
href="https://redirect.github.com/encode/django-rest-framework/issues/8863">#8863</a>
by <a
href="https://github.com/tomchristie"><code>@tomchristie</code></a> in
<a
href="https://redirect.github.com/encode/django-rest-framework/pull/9330">encode/django-rest-framework#9330</a></li>
<li>Revert <a
href="https://redirect.github.com/encode/django-rest-framework/issues/8009">#8009</a>
by <a
href="https://github.com/tomchristie"><code>@tomchristie</code></a> in
<a
href="https://redirect.github.com/encode/django-rest-framework/pull/9332">encode/django-rest-framework#9332</a></li>
<li>Revert <a
href="https://redirect.github.com/encode/django-rest-framework/issues/9030">#9030</a>
by <a
href="https://github.com/tomchristie"><code>@tomchristie</code></a> in
<a
href="https://redirect.github.com/encode/django-rest-framework/pull/9333">encode/django-rest-framework#9333</a></li>
<li>Revert &quot;Fix NamespaceVersioning ignoring DEFAULT_VERSION on
non-None namespaces&quot; by <a
href="https://github.com/auvipy"><code>@auvipy</code></a> in <a
href="https://redirect.github.com/encode/django-rest-framework/pull/9335">encode/django-rest-framework#9335</a></li>
<li><code>SearchFilter.get_search_terms</code> returns list. by <a
href="https://github.com/tomchristie"><code>@tomchristie</code></a> in
<a
href="https://redirect.github.com/encode/django-rest-framework/pull/9338">encode/django-rest-framework#9338</a></li>
<li>Version 3.15.1 by <a
href="https://github.com/tomchristie"><code>@tomchristie</code></a> in
<a
href="https://redirect.github.com/encode/django-rest-framework/pull/9339">encode/django-rest-framework#9339</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/maycuatroi"><code>@maycuatroi</code></a> made
their first contribution in <a
href="https://redirect.github.com/encode/django-rest-framework/pull/9287">encode/django-rest-framework#9287</a></li>
<li><a
href="https://github.com/alexdlaird"><code>@alexdlaird</code></a> made
their first contribution in <a
href="https://redirect.github.com/encode/django-rest-framework/pull/9301">encode/django-rest-framework#9301</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/encode/django-rest-framework/compare/3.15.0...3.15.1">https://github.com/encode/django-rest-framework/compare/3.15.0...3.15.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/encode/django-rest-framework/commit/c7a7eae551528b6887614df816c8a26df70272d6"><code>c7a7eae</code></a>
Version 3.15.2 (<a
href="https://redirect.github.com/encode/django-rest-framework/issues/9439">#9439</a>)</li>
<li><a
href="https://github.com/encode/django-rest-framework/commit/3b41f0124194430da957b119712978fa2266b642"><code>3b41f01</code></a>
Fix potential XSS vulnerability in break_long_headers template filter
(<a
href="https://redirect.github.com/encode/django-rest-framework/issues/9435">#9435</a>)</li>
<li><a
href="https://github.com/encode/django-rest-framework/commit/fe92f0dd0d4c587eed000c7de611ddbff241bd6a"><code>fe92f0d</code></a>
Add <code>__hash__</code> method for
<code>permissions.OperandHolder</code> class (<a
href="https://redirect.github.com/encode/django-rest-framework/issues/9417">#9417</a>)</li>
<li><a
href="https://github.com/encode/django-rest-framework/commit/fbdab09c776d5ceef041793a7acd1c9e91695e5d"><code>fbdab09</code></a>
docs: Correct some evaluation results and a httpie option in Tutorial1
(<a
href="https://redirect.github.com/encode/django-rest-framework/issues/9421">#9421</a>)</li>
<li><a
href="https://github.com/encode/django-rest-framework/commit/36d5c0e74f562cbe3055f0d20818bd48d3c32359"><code>36d5c0e</code></a>
tests: Check urlpatterns after cleanups (<a
href="https://redirect.github.com/encode/django-rest-framework/issues/9400">#9400</a>)</li>
<li><a
href="https://github.com/encode/django-rest-framework/commit/9d4ed054bf8acfac6209b7e7f837fc97517affcc"><code>9d4ed05</code></a>
Don't use Windows line endings</li>
<li><a
href="https://github.com/encode/django-rest-framework/commit/b34bde47d7fff403df4143a35c71975d7c2e7763"><code>b34bde4</code></a>
Fix typo in setup.cfg setting</li>
<li><a
href="https://github.com/encode/django-rest-framework/commit/ab681f2d5e4a9645aa68eabf1ff18e41d0d5f642"><code>ab681f2</code></a>
Update requirements in docs</li>
<li><a
href="https://github.com/encode/django-rest-framework/commit/22377241a89c8233b45441b5adde5b858edef371"><code>2237724</code></a>
bump pygments (security hygiene)</li>
<li><a
href="https://github.com/encode/django-rest-framework/commit/d58b8da591120abedc94c1b71576cb9afb2d7868"><code>d58b8da</code></a>
Update deprecation hints</li>
<li>Additional commits viewable in <a
href="https://github.com/encode/django-rest-framework/compare/3.15.0...3.15.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=djangorestframework&package-manager=pip&previous-version=3.15.0&new-version=3.15.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/HyphaApp/hypha/network/alerts

).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

923f2e9a

Jun 26, 2024
- Remove wagtail-cache and wagtail-purge (#4000) · e87d9688
  Fredrik Jonsson authored 8 months ago
  
  Fixes #4001
  e87d9688
- Update Wagtail to v5.2.5 (#3995) · 2b70088a
  Fredrik Jonsson authored 8 months ago
  
  Also fixes one instance of "The `classnames` kwarg for MenuItem is deprecated - use `classname` instead.".
  2b70088a
Apr 25, 2024

Bump social-auth-app-django from 5.4.0 to 5.4.1 (#3899) · 9902d1ba

dependabot[bot] authored 10 months ago

Bumps
[social-auth-app-django](https://github.com/python-social-auth/social-app-django)
from 5.4.0 to 5.4.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/python-social-auth/social-app-django/releases">social-auth-app-django's
releases</a>.</em></p>
<blockquote>
<h2>Release 5.4.1</h2>
<h3>Changed</h3>
<ul>
<li>Added reverse migration for JSON field</li>
<li>Fixed improper handling of case sensitivity with MySQL/MariaDB (<a
href="https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3">CVE-2024-32879</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/python-social-auth/social-app-django/blob/master/CHANGELOG.md">social-auth-app-django's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/python-social-auth/social-app-django/releases/tag/5.4.1">5.4.1</a>
- 2024-04-24</h2>
<h3>Changed</h3>
<ul>
<li>Added reverse migration for JSON field</li>
<li>Fixed improper handling of case sensitivity with MySQL/MariaDB
(CVE-2024-32879)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/593ee4638eab9b1d9f252393a21ead643e3ceae6"><code>593ee46</code></a>
Version bump 5.4.1</li>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138"><code>31c3e0c</code></a>
models: make sure uid is compared case-sensitive</li>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/7033ff73993a4c3666d989930bbc15e87925abc9"><code>7033ff7</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/39da389c6b2a1d8f50768633269558fd609454b8"><code>39da389</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/0ec1bca6d6193e291a22f576ce30d44614258e96"><code>0ec1bca</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/03bce61f71978ae52fdd1db4118055f48de9f901"><code>03bce61</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/2278da6a1b20f9af23884084854b345a9284bf37"><code>2278da6</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/033302cdbf7a25ce900b6894bc0e683586b6162e"><code>033302c</code></a>
build(deps-dev): bump tox from 4.14.1 to 4.14.2</li>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/c50bc4a81127fff2fe4fdc619dd2e360bbe132b0"><code>c50bc4a</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/python-social-auth/social-app-django/commit/13e10d943b836e68fcf7a7307d705519ec153481"><code>13e10d9</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li>Additional commits viewable in <a
href="https://github.com/python-social-auth/social-app-django/compare/5.4.0...5.4.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=social-auth-app-django&package-manager=pip&previous-version=5.4.0&new-version=5.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/HyphaApp/hypha/network/alerts

).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

9902d1ba

Apr 17, 2024

Bump gunicorn from 21.2.0 to 22.0.0 (#3877) · 176dafa7

dependabot[bot] authored 11 months ago

Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 21.2.0 to
22.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/benoitc/gunicorn/releases">gunicorn's
releases</a>.</em></p>
<blockquote>
<h2>Gunicorn 22.0 has been released</h2>
<p><strong>Gunicorn 22.0.0 has been released.</strong> This version fix
the numerous security vulnerabilities. You're invited to upgrade asap
your own installation.</p>
<p>Changes:</p>
<pre><code>22.0.0 - 2024-04-17
===================
<ul>
<li>use <code>utime</code> to notify workers liveness</li>
<li>migrate setup to pyproject.toml</li>
<li>fix numerous security vulnerabilities in HTTP parser (closing some
request smuggling vectors)</li>
<li>parsing additional requests is no longer attempted past unsupported
request framing</li>
<li>on HTTP versions &lt; 1.1 support for chunked transfer is refused
(only used in exploits)</li>
<li>requests conflicting configured or passed SCRIPT_NAME now produce a
verbose error</li>
<li>Trailer fields are no longer inspected for headers indicating secure
scheme</li>
<li>support Python 3.12</li>
</ul>
<p>** Breaking changes **</p>
<ul>
<li>minimum version is Python 3.7</li>
<li>the limitations on valid characters in the HTTP method have been
bounded to Internet Standards</li>
<li>requests specifying unsupported transfer coding (order) are refused
by default (rare)</li>
<li>HTTP methods are no longer casefolded by default (IANA method
registry contains none affected)</li>
<li>HTTP methods containing the number sign (#) are no longer accepted
by default (rare)</li>
<li>HTTP versions &lt; 1.0 or &gt;= 2.0 are no longer accepted by
default (rare, only HTTP/1.1 is supported)</li>
<li>HTTP versions consisting of multiple digits or containing a
prefix/suffix are no longer accepted</li>
<li>HTTP header field names Gunicorn cannot safely map to variables are
silently dropped, as in other software</li>
<li>HTTP headers with empty field name are refused by default (no
legitimate use cases, used in exploits)</li>
<li>requests with both Transfer-Encoding and Content-Length are refused
by default (such a message might indicate an attempt to perform request
smuggling)</li>
<li>empty transfer codings are no longer permitted (reportedly seen with
really old &amp; broken proxies)</li>
</ul>
<p>** SECURITY **</p>
<ul>
<li>fix CVE-2024-1135
</code></pre></li>
</ul>
<ol>
<li>Documentation is available there: <a
href="https://docs.gunicorn.org/en/stable/news.html">https://docs.gunicorn.org/en/stable/news.html</a></li>
<li>Packages: <a
href="https://pypi.org/project/gunicorn/">https://pypi.org/project/gunicorn/</a></li>
</ol>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/benoitc/gunicorn/commit/f63d59e4d73a8ee28748d2c700fb81c8780bc419"><code>f63d59e</code></a>
bump to 22.0</li>
<li><a
href="https://github.com/benoitc/gunicorn/commit/4ac81e0a1037ba5b570323be7430e09caa233e38"><code>4ac81e0</code></a>
Merge pull request <a
href="https://redirect.github.com/benoitc/gunicorn/issues/3175">#3175</a>
from e-kwsm/typo</li>
<li><a
href="https://github.com/benoitc/gunicorn/commit/401cecfaed85d79236c7a9a1f7d8946b01c466fc"><code>401cecf</code></a>
Merge pull request <a
href="https://redirect.github.com/benoitc/gunicorn/issues/3179">#3179</a>
from dhdaines/exclude-eventlet-0360</li>
<li><a
href="https://github.com/benoitc/gunicorn/commit/0243ec39ef4fc1b479ff4e1659e165f0b980b571"><code>0243ec3</code></a>
fix(deps): exclude eventlet 0.36.0</li>
<li><a
href="https://github.com/benoitc/gunicorn/commit/628a0bcb61ef3a211d67dfd68ad1ba161cccb3b8"><code>628a0bc</code></a>
chore: fix typos</li>
<li><a
href="https://github.com/benoitc/gunicorn/commit/88fc4a43152039c28096c8ba3eeadb3fbaa4aff9"><code>88fc4a4</code></a>
Merge pull request <a
href="https://redirect.github.com/benoitc/gunicorn/issues/3131">#3131</a>
from pajod/patch-py12-rebased</li>
<li><a
href="https://github.com/benoitc/gunicorn/commit/deae2fc4c5f93bfce59be5363055d4cd4ab1b0b6"><code>deae2fc</code></a>
CI: back off the agressive timeout</li>
<li><a
href="https://github.com/benoitc/gunicorn/commit/f4703824c323fe6867dce0e2f11013b8de319353"><code>f470382</code></a>
docs: promise 3.12 compat</li>
<li><a
href="https://github.com/benoitc/gunicorn/commit/5e30bfa6b1a3e1f2bde7feb514d1734d28f39231"><code>5e30bfa</code></a>
add changelog to project.urls (updated for PEP621)</li>
<li><a
href="https://github.com/benoitc/gunicorn/commit/481c3f9522edc58806a3efc5b49be4f202cc7700"><code>481c3f9</code></a>
remove setup.cfg - overridden by pyproject.toml</li>
<li>Additional commits viewable in <a
href="https://github.com/benoitc/gunicorn/compare/21.2.0...22.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gunicorn&package-manager=pip&previous-version=21.2.0&new-version=22.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/HyphaApp/hypha/network/alerts

).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

176dafa7

Apr 03, 2024

Bump pillow from 10.2.0 to 10.3.0 (#3848) · 3be3e96c

dependabot[bot] authored 11 months ago

Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.2.0 to
10.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/python-pillow/Pillow/releases">pillow's
releases</a>.</em></p>
<blockquote>
<h2>10.3.0</h2>
<p><a
href="https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html</a></p>
<h2>Changes</h2>
<ul>
<li>CVE-2024-28219: Use strncpy to avoid buffer overflow <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7928">#7928</a>
[<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li>
<li>Use <code>functools.lru_cache</code> for <code>hopper()</code> <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7912">#7912</a>
[<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li>
<li>Raise ValueError if seeking to greater than offset-sized integer in
TIFF <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7883">#7883</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Improve speed of loading QOI images <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7925">#7925</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Added RGB to I;16N conversion <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7920">#7920</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Add --report argument to <strong>main</strong>.py to omit supported
formats <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7818">#7818</a>
[<a href="https://github.com/nulano"><code>@nulano</code></a>]</li>
<li>Added RGB to I;16, I;16L and I;16B conversion <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7918">#7918</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Fix editable installation with custom build backend and
configuration options <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7658">#7658</a>
[<a href="https://github.com/nulano"><code>@nulano</code></a>]</li>
<li>Fix putdata() for I;16N on big-endian <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7209">#7209</a>
[<a href="https://github.com/Yay295"><code>@Yay295</code></a>]</li>
<li>Determine MPO size from markers, not EXIF data <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7884">#7884</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Improved conversion from RGB to RGBa, LA and La <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7888">#7888</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Support FITS images with GZIP_1 compression <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7894">#7894</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Use I;16 mode for 9-bit JPEG 2000 images <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7900">#7900</a>
[<a
href="https://github.com/scaramallion"><code>@scaramallion</code></a>]</li>
<li>Raise ValueError if kmeans is negative <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7891">#7891</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Remove TIFF tag OSUBFILETYPE when saving using libtiff <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7893">#7893</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Raise ValueError for negative values when loading P1-P3 PPM images
<a
href="https://redirect.github.com/python-pillow/Pillow/issues/7882">#7882</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Added reading of JPEG2000 palettes <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7870">#7870</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Added alpha_quality argument when saving WebP images <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7872">#7872</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Fixed joined corners for ImageDraw rounded_rectangle() non-integer
dimensions <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7881">#7881</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Removed Python and NumPy pinning on Cygwin <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7880">#7880</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Update UnidentifiedImageError and <strong>version</strong> imports
<a
href="https://redirect.github.com/python-pillow/Pillow/issues/7644">#7644</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Stop reading EPS image at EOF marker <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7753">#7753</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>PSD layer co-ordinates may be negative <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7706">#7706</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer
<a
href="https://redirect.github.com/python-pillow/Pillow/issues/7791">#7791</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>When saving GIF frame that restores to background color, do not fill
identical pixels <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7788">#7788</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Fixed reading PNG iCCP compression method <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7823">#7823</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Allow writing IFDRational to UNDEFINED tag <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7840">#7840</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Fix logged tag name when loading Exif data <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7842">#7842</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Use maximum frame size in IHDR chunk when saving APNG images <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7821">#7821</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Prevent opening P TGA images without a palette <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7797">#7797</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Use palette when loading ICO images <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7798">#7798</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Use consistent arguments for load_read and load_seek <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7713">#7713</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Turn off nullability warnings for macOS SDK <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7827">#7827</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Fix shift-sign issue in Convert.c <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7838">#7838</a>
[<a href="https://github.com/r-barnes"><code>@r-barnes</code></a>]</li>
<li>winbuild: Refactor dependency versions into constants <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7843">#7843</a>
[<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li>
<li>Build macOS arm64 wheels natively <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7852">#7852</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Fixed typo <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7855">#7855</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Open 16-bit grayscale PNGs as I;16 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7849">#7849</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Handle truncated chunks at the end of PNG images <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7709">#7709</a>
[<a href="https://github.com/lajiyuan"><code>@lajiyuan</code></a>]</li>
<li>Match mask size to pasted image size in GifImagePlugin <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7779">#7779</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Changed SupportsGetMesh protocol to be public <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7841">#7841</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Release GIL while calling <code>WebPAnimDecoderGetNext</code> <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7782">#7782</a>
[<a
href="https://github.com/evanmiller"><code>@evanmiller</code></a>]</li>
<li>Fixed reading FLI/FLC images with a prefix chunk <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7804">#7804</a>
[<a href="https://github.com/twolife"><code>@twolife</code></a>]</li>
<li>Updated package name for Tidelift <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7810">#7810</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Removed unused code <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7744">#7744</a>
[<a
href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst">pillow's
changelog</a>.</em></p>
<blockquote>
<h2>10.3.0 (2024-04-01)</h2>
<ul>
<li>
<p>CVE-2024-28219: Use <code>strncpy</code> to avoid buffer overflow <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7928">#7928</a>
[radarhere, hugovk]</p>
</li>
<li>
<p>Deprecate <code>eval()</code>, replacing it with
<code>lambda_eval()</code> and <code>unsafe_eval()</code> <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7927">#7927</a>
[radarhere, hugovk]</p>
</li>
<li>
<p>Raise <code>ValueError</code> if seeking to greater than offset-sized
integer in TIFF <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7883">#7883</a>
[radarhere]</p>
</li>
<li>
<p>Add <code>--report</code> argument to <code>__main__.py</code> to
omit supported formats <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7818">#7818</a>
[nulano, radarhere, hugovk]</p>
</li>
<li>
<p>Added RGB to I;16, I;16L, I;16B and I;16N conversion <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7918">#7918</a>,
<a
href="https://redirect.github.com/python-pillow/Pillow/issues/7920">#7920</a>
[radarhere]</p>
</li>
<li>
<p>Fix editable installation with custom build backend and configuration
options <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7658">#7658</a>
[nulano, radarhere]</p>
</li>
<li>
<p>Fix putdata() for I;16N on big-endian <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7209">#7209</a>
[Yay295, hugovk, radarhere]</p>
</li>
<li>
<p>Determine MPO size from markers, not EXIF data <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7884">#7884</a>
[radarhere]</p>
</li>
<li>
<p>Improved conversion from RGB to RGBa, LA and La <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7888">#7888</a>
[radarhere]</p>
</li>
<li>
<p>Support FITS images with GZIP_1 compression <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7894">#7894</a>
[radarhere]</p>
</li>
<li>
<p>Use I;16 mode for 9-bit JPEG 2000 images <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7900">#7900</a>
[scaramallion, radarhere]</p>
</li>
<li>
<p>Raise ValueError if kmeans is negative <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7891">#7891</a>
[radarhere]</p>
</li>
<li>
<p>Remove TIFF tag OSUBFILETYPE when saving using libtiff <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7893">#7893</a>
[radarhere]</p>
</li>
<li>
<p>Raise ValueError for negative values when loading P1-P3 PPM images <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7882">#7882</a>
[radarhere]</p>
</li>
<li>
<p>Added reading of JPEG2000 palettes <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7870">#7870</a>
[radarhere]</p>
</li>
<li>
<p>Added alpha_quality argument when saving WebP images <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7872">#7872</a>
[radarhere]</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/python-pillow/Pillow/commit/5c89d88eee199ba53f64581ea39b6a1bc52feb1a"><code>5c89d88</code></a>
10.3.0 version bump</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/63cbfcfdea2d163ec93bae8d283fcfe4b73b5dc7"><code>63cbfcf</code></a>
Update CHANGES.rst [ci skip]</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/2776126aa9af322b416eaca247f4f8ebefd08128"><code>2776126</code></a>
Merge pull request <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7928">#7928</a>
from python-pillow/lcms</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/aeb51cbb169eb3285818ba1390ddf2771d897e6e"><code>aeb51cb</code></a>
Merge branch 'main' into lcms</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/5beb0b66648db8b542bb5260eed79b25e33d643b"><code>5beb0b6</code></a>
Update CHANGES.rst [ci skip]</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/cac6ffa7b399ea79b6239984d1307056a0b19af2"><code>cac6ffa</code></a>
Merge pull request <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7927">#7927</a>
from python-pillow/imagemath</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/f5eeeacf7539eaa0d93a677d7666bc7c142c8d1c"><code>f5eeeac</code></a>
Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in
deprecated eval</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/facf3af93dabcbdd8cdbda8c3b50eefafa3bb04c"><code>facf3af</code></a>
Added release notes</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061"><code>2a93aba</code></a>
Use strncpy to avoid buffer overflow</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/a670597bc30e9d489656fc9d807170b8f3d7ca57"><code>a670597</code></a>
Update CHANGES.rst [ci skip]</li>
<li>Additional commits viewable in <a
href="https://github.com/python-pillow/Pillow/compare/10.2.0...10.3.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pillow&package-manager=pip&previous-version=10.2.0&new-version=10.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/HyphaApp/hypha/network/alerts

).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

3be3e96c

Mar 30, 2024

Upgrade Wagtail to 5.2.x LTS (#3686) · b006b96d

Saurabh Kumar authored 11 months ago

- Update requirements
- Replace classnames with classname
- update wagtail admin page of `settings -> users`

closes #3674

b006b96d

Mar 29, 2024
- Replace django-pwned-passwords with pwned-passwords-django (#3826) · c599b797
  Saurabh Kumar authored 11 months ago
  
  Fixes #3819
  c599b797
Mar 22, 2024
- Maintenance/pip packages mars 2024 (#3820) · 3b2e1de3
  Fredrik Jonsson authored 11 months ago
  
  3b2e1de3
Mar 11, 2024

Replace bleach with nh3 (#3696) · 90703c45

Wes Appler authored 1 year ago

Fixes #3693 

Aims to fully replace bleach with nh3 due to bleach deprecation.
Currently, [django-nh3](https://github.com/marksweb/django-nh3) is in
it's infancy, but seems like it could be an almost drop in replacement
for [django-bleach](https://github.com/marksweb/django-bleach), for I
[forked it](https://github.com/wes-otf/django-nh3) and made some small
additions that would allow it to work for our purposes and be smoothly
migrated.

Initial smoke testing in Hypha seems to work exactly as bleach did but
needs more extensive testing. Ideally I would smooth out some edges of
my fork and put in a PR to django-nh3. Let me know any
thoughts/questions!

90703c45

Mar 04, 2024
- Updated to Django 4.2.11. (#3799) · e812190f
  Fredrik Jonsson authored 1 year ago
  
  e812190f
Feb 06, 2024
- Updated to Django 4.2.10. (#3747) · 0565db6f
  Fredrik Jonsson authored 1 year ago
  
  0565db6f
Jan 30, 2024

Replace sprite svg icons with heroicons alternatives (#3711) · fdec894e

Saurabh Kumar authored 1 year ago

- Upgrade heroicons to 2.6.0, adds support for heroicons_mirco
- Remove/upgrade sprite icons
- Update icons in the global messages widget
- Remove unused bgg-logo sprite
- Update calendar icon with heroicon
- Update anchor-link icon
- Remove speech-bubble icon and link—-open-feed, link--close-feed and
link—to-top
- Remove arrow-up and arrow-down
- Remove arrow-split
- Remove "website" icon
- Remove “error” icon
- Update like & dislike button in the screening section
 - Remove 'bulb' svg from sprite
 - Remove 'hero-home-left-pixels' sprite
 - Remove 'hero-home-right-pixels' from sprite
 - Remove 'magnifying-glass' svg from sprite
-  Remove 'person-icon' and profile_button.html
 - Replace 'caret-down' and 'caret-up' icon
 - Remove 'side-arrow' from svg sprite
 - Remove 'add-user' icon, replace with 'user-plus'
 - Remove 'logo-desktop', 'logo-mobile' and 'logo-desktop--dark' icons
 - Remove 'logo-mobile-no-text' icon
 - Remove 'logo-mobile-dark' and 'logo-desktop--dark-alt'
 - Remove 'hero-standard-left-pixels' and 'hero-standard-right-pixels'
 - Remove 'eye' icon and replace with heroicon 'eye'
- Remove 'exclamation-point' icon and replace by heroicon
exlaimation-circle
 - Remove 'github' icon
 - Remove 'person-icon' and profile_button.html
 - Replace 'caret-down' and 'caret-up' icon
 - Remove 'side-arrow' from svg sprite

closes #3703 
depends on #3722

fdec894e

Jan 03, 2024
- Remove newsletter/mailchimp application (#3687) · 95cb42c7
  Saurabh Kumar authored 1 year ago
  
  This is part of public site removal effort
  95cb42c7
Jan 02, 2024
- Updated to Django 4.2.9. (#3704) · 7ba5ff6d
  Fredrik Jonsson authored 1 year ago
  
  7ba5ff6d
Dec 13, 2023
- Update django-bleech to 3.1.0 remove bleach (#3683) · 1de5d598
  Saurabh Kumar authored 1 year ago
  
  Bleach==5.0.1 is installed as part of django-bleech dependency.
  1de5d598
Dec 10, 2023

Upgrade minor dependencies (#3684) · 1015df88

Saurabh Kumar authored 1 year ago

- Use `.python-version` and `.nvmrc` in CI script, single source of
truth
- Update version of python and node. 
- Update version of alpinejs, htmx and other build js
- Update minor versions of python dependencies

1015df88

Upgrade babel to 2.13.1 (#3682) · d0f57dda
Saurabh Kumar authored 1 year ago

d0f57dda

Dec 04, 2023
- Updated to Django 4.2.8. (#3675) · f8e9e0bd
  Fredrik Jonsson authored 1 year ago
  
  f8e9e0bd
Dec 01, 2023

Upgrade to Django 4.2 LTS (#3652) · ff9e73ab

Saurabh Kumar authored 1 year ago

- Update psycopg to 3 as it’s not supported by Django 4.2
- Replaced “BaseUserManager().make_random_password”, as it’s deprecated
- Update github action and breakup different checks, making them easier
to debug
- Updated the `makemigrations` checks to display the missing migration
and then fail
- Upgrade django-hijack to 3.4.2
- Update gunicorn to 21.2.0
- Upgrade django slack to 5.19.0
- Upgrade mistune to 3.0.2 (Bug fix release)
- Upgrade whitenoise to 6.6.0
- Update dev dependencies - black, ruff, pre-commit, pytest-django

Closes https://github.com/HyphaApp/hypha/issues/3362

ff9e73ab

Nov 23, 2023

Passwordless login and signup (#3531) · cc56bdfe

Saurabh Kumar authored 1 year ago

Fixes #ISSUEID

This PR is depended on #3521 

- [x] Passwordless login
- [x] Passwordless signup 
- [x] Allow user to set a password after going to profile.
- [x] Allow user to change their email even if they don't have an email
set.
- [x] Allow user to add their name in the application form if name is
not present in the user account.
- [x] Don't display "Dashboard" link if the user does't have permission
to access to it.
- [x] Allow to use to setup 2FA without account password.
- [x] Display user content on the login screen, if configured (it is an
existing feature)
- [x] If 2FA is enforced, allow the user to submit the application
without setting up 2FA
- [x] Add email re-verification option to elevate, sudo mode, apart from
password
- [x] Update landing page after application submission, on success it
redirects now.
- [x] Update ENABLE_PUBLIC_SIGNUP and FORCE_LOGIN_FOR_APPLICATION to
true by default

# Login/Signup Flow


![image](https://github.com/HyphaApp/hypha/assets/236356/91c22cb1-bd1f-4665-98e2-0350829a5807)


## Updated Login Page with Registration Enabled

![Screenshot 2023-09-13 at 07 53
06@2x](https://github.com/HyphaApp/hypha/assets/236356/424fa2f6-a519-44e3-a9ec-449815dd39b2)


## After providing the email ID

The messaging is kept neutral to hide if the user is already registered
or not. The email will contain more detail, if the account exist or not.

![Screenshot 2023-09-13 at 07 57
27@2x](https://github.com/HyphaApp/hypha/assets/236356/7577447b-edf2-496e-94ca-3c98a8f2f075)

Login email copy
![Screenshot 2023-09-13 at 08 08
36@2x](https://github.com/HyphaApp/hypha/assets/236356/ab2d3e90-da2e-40ec-9f7e-bbb8d9e7235f)

## Signup

New Account Email copy
![Screenshot 2023-09-21 at 07 08
52@2x](https://github.com/HyphaApp/hypha/assets/236356/cb14350b-1cfb-4869-b863-ebbb95701089)

### Profile Page just after signup 
The user after clicking on the signup link in the email is redirect to
homepage. No dashboard is available as the user doesn't have applicant
role. If they click on the "profile" button they see this page with open
to update profile and setup a password and enable 2FA.

If the user decide to change the email, password is not asked if not
password is set, instead an email is sent to authorize the email change.

![Screenshot 2023-09-22 at 08 50
21@2x](https://github.com/HyphaApp/hypha/assets/236356/7ed0cb97-a7ca-49fe-aef5-de8f3890db1e)


## Updated "Sudo" mode page

### For account with password

![Screenshot 2023-10-31 at 7  49
38@2x](https://github.com/HyphaApp/hypha/assets/236356/fe27ad75-7e4b-4226-89c1-ddd7a5548944)

After clicking on the "Send a confirmation code to your email" link

![Screenshot 2023-10-31 at 8  03
28@2x](https://github.com/HyphaApp/hypha/assets/236356/bf7a4098-fd0f-4d55-9850-0862da69d808)


![Screenshot 2023-10-31 at 7  51
03@2x](https://github.com/HyphaApp/hypha/assets/236356/3768e87f-d105-4d54-9cd6-2e2b8a81fa2f)


### For account without password

![Screenshot 2023-10-31 at 7  53
44@2x](https://github.com/HyphaApp/hypha/assets/236356/8c84181a-43ce-4afe-a5be-758e3f0e55f8)


## Updated disable 2FA page

It requires "Sudo" mode, instead of password now. 

![Screenshot 2023-10-31 at 7  48
01@2x](https://github.com/HyphaApp/hypha/assets/236356/2b5c8bd1-27ea-42cd-9c84-608bb351631c)

cc56bdfe

Nov 06, 2023

Upgrade wagtail to 5x (#3627) · 5db2fe6f

Saurabh Kumar authored 1 year ago

Notes: 

Wagtail 5x has migrations:
```
You have 11 unapplied migration(s). Your project may not work properly until you apply the migrations for app(s): wagtailcore, wagtailsearchpromotions, wagtailusers.
```

5db2fe6f

Upgrade to Django 4.1.x (#3398) · ec48491a

Saurabh Kumar authored 1 year ago

- Upgrade Django, wagtail-purge,
Django-pwned-password,django-basic-auth-ip-whitelist
- Move logic from DeleteView -> delete() to form_valid()
- Make test more robust
- Upgrade dj-database-url to 2.x, and enable CONN_HEALTH_CHECKS
- Bump django-two-factor-auth to 1.15.x that has confirmed support for
Django 4.1
- Bump django-ratelimit to 4.1.0
- django-pwned-passwords seems be abandoned
https://github.com/jamiecounsell/django-pwned-passwords/pull/11
(replaced with it with it's fork)

ec48491a

Nov 01, 2023
- Update to django-3.2.23. (#3637) · dfddb2cf
  Fredrik Jonsson authored 1 year ago
  
  View commits for tag v4.10.1 v4.10.1
  
  dfddb2cf
Oct 23, 2023
- Upgrade packages with patches/security updates (#3625) · 163ef7d8
  Saurabh Kumar authored 1 year ago
  
  These all have are non-breaking changes
  163ef7d8
Oct 12, 2023

Pin python-docx version to temporarily fix upstream issues (#3612) · 29c7cb9c

Wes Appler authored 1 year ago

With the latest updates to python-docx, older APIs that are relied upon
by htmldocx have broken. This pins the version so htmldocx can utilize
the old APIs. For more info on this breakage see
[here](https://github.com/python-openxml/python-docx/issues/1256#issuecomment-1756839793).

29c7cb9c

Oct 04, 2023
- Update to django-3.2.22. (#3598) · 12d038bb
  Fredrik Jonsson authored 1 year ago
  
  View commits for tag v4.8.0 v4.8.0
  
  12d038bb
Sep 19, 2023

Fixes after security review 2023 (#3576) · c81fbe81

Fredrik Jonsson authored 1 year ago


Co-authored-by: Saurabh Kumar <theskumar@users.noreply.github.com>
Co-authored-by: Sandeep Chauhan <sandeepsajan0@gmail.com>

c81fbe81

Sep 04, 2023
- Update to django-3.2.21. (#3551) · 42e717ac
  Fredrik Jonsson authored 1 year ago
  
  View commits for tag v4.5.0 v4.5.0
  
  42e717ac
Aug 28, 2023

Bump reportlab from 3.6.12 to 3.6.13 (#3544) · 4178535a

dependabot[bot] authored 1 year ago

Bumps [reportlab](http://www.reportlab.com/) from 3.6.12 to 3.6.13.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=reportlab&package-manager=pip&previous-version=3.6.12&new-version=3.6.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/HyphaApp/hypha/network/alerts

).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

4178535a

Jul 03, 2023
- Update to django-3.2.20. (#3460) · 77852485
  Fredrik Jonsson authored 1 year ago
  
  77852485
Jun 15, 2023

New submission all page (beta) (#3149) · f27ffd79

Saurabh Kumar authored 1 year ago

Fixes #3430

- [x] Simplified code
- [x] Use postgres FTS search
- [x] Improve UX for filters
- [x]  Improve submission listing
- [x] Add filter for submission date, OTF have asked about this.
- [x] Add submission ID search, see
https://github.com/HyphaApp/hypha/pull/3294
- [x]   Make sure the batch actions are working 
- [x]   Permissions check for batch actions
- [x] Ensure search index works after submissions is updated
- [x] ~Integrate Django messages framework with htmx responses~ (Not
needed)
- [x] [Fix Polynomial regular expression used on uncontrolled
data](https://github.com/HyphaApp/hypha/security/code-scanning/74

)
- [ ] make bulk update status working, currently it's hidden.

---------

Co-authored-by: Fredrik Jonsson <frjo@xdeb.org>

f27ffd79