- Use frozen dependencies with hashes to ensure reproducible dependency
installation in a secure way.
- Uses `uv` and pre-commit to automatically generate the locked
requirements files from pyproject.toml.
- While the translation dependencies can be installed directly with
`uv`, uv doesn’t seem to be able to add `--find-link=…` to the exported
`requirements/translate.txt`, for that reason the translation
dependencies are left as they are and won’t be automatically exported
via pre-commit.
- So whenever `uv lock —upgrade` is run, it will freeze the latest patch
versions.
- The production dependencies are specified with a `~` which means `>=`
at the last digit of requirements.
- The dev dependencies have `>=` to make them easy to update, if
something breaks in dev either fix it or go back to the old frozen
dependencies.
- Moved generated dependencies in requirements/ folder.
- Use `--no-deps` where applicable while installing these generated
requirements as the sub-dependencies are already resolved.

The js files are not update in the repo after node packages update

Translations update from [Hosted Weblate](https://hosted.weblate.org)
for [Hypha/Hypha
core](https://hosted.weblate.org/projects/hypha/hypha-core/).



Current translation status:

![Weblate translation
status](https://hosted.weblate.org/widget/hypha/hypha-core/horizontal-auto.svg

)

Co-authored-by: Jiří Podhorecký <j.podhorecky@volny.cz>

Translations update from [Hosted Weblate](https://hosted.weblate.org)
for [Hypha/Hypha
core](https://hosted.weblate.org/projects/hypha/hypha-core/).



Current translation status:

![Weblate translation
status](https://hosted.weblate.org/widget/hypha/hypha-core/horizontal-auto.svg

)

---------

Co-authored-by: Jiří Podhorecký <j.podhorecky@volny.cz>

Translations update from [Hosted Weblate](https://hosted.weblate.org)
for [Hypha/Hypha
core](https://hosted.weblate.org/projects/hypha/hypha-core/).



Current translation status:

![Weblate translation
status](https://hosted.weblate.org/widget/hypha/hypha-core/horizontal-auto.svg

)

Co-authored-by: Fredrik Jonsson <fredrik@combonet.se>

Fixes #4217

It is more of a development related change. Now it stores the
form_fields in Report table instead of ReportVersion so it will avoid
duplicity, nothing should change in UI.
You may still check that submitted report fields and data should remain
unaffected on changing the report stream fields form.

This workflow is like Request with External Review, in that both
internal and external reviewers can review submissions. However, it has
a workflow more like Request in that there is only one Review step.

Co-authored-by: Fredrik Jonsson <frjo@xdeb.org>

Fixes #4228. Makes hypha more printer friendly by not printing user
menus, the cookie consent prompt, or the hijack prompt.

Read up on DJP at https://djp.readthedocs.io/

The current implementation tries to find the transition based on the
`name` property of the transitions available. The name of the transition
is a translated string so while submitting a proposal the key "submit"
from the `request.POST` could not be found in the available transition.

This PR updates the logic to fetch the transition target, by searching
through the newly added marker on when to auto transition if the
application is submitted.

Fixes #4211 

See
https://github.com/HyphaApp/hypha/pull/4220/commits/e6656d62f6db57426bb15f298127c106ea4f6397
for patch.

This should resolve weblate's merge conflict issue along with adding
some of the latest translations into hypha's locales folder

Fixes #3891

Somehow this got reintroduced in my translate feature rebasing

This builds on the #4134 PR that initially introduced machine
translations into Hypha. This isolates the translation behavior; putting
pip dependencies in a separate `requirements-translate.txt` and will not
attempt any translate imports unless the setting for it is true.

Other small changes are also a full docs page explaining how to install
language packages & changing the setting once again from
`SUBMISSION_TRANSLATIONS_ENABLED` to `APPLICATION_TRANSLATIONS_ENABLED`
to reflect the system wide shift away from submission terminology.

This behaviors reflects the `Show all` logic of the other dashboard
submission table partial implementations

Fixes # 4146

- [ ] Rename views all beta to views all.
- [ ] Give reviewers access to the submission all view.
- [ ] Make submission all list only reviews reviewers have access to,
including reviewers settings if set.
- [ ] Remove batch actions and review filter for reviewers.
- [ ] Remove old AwaitingReview view.
- [ ] Implement show_applicant_identity for submission all view.

Fixes #4124

- [x] Use htmx/alpine for Upload contract modal
- [x] Use htmx/alpine for Upload and remove contracting documents modal
- [x] Use htmx/alpine for submit contracting documents modal
- [x]  Use htmx/alpine for approve contract modal

Fixes #4050

What a small line for such a large set of changes. Those supporting
changes include:

* Creating a view for the new Reporting Table
* Creating a current_report() method in report_config that is slightly
differnt than current_report_due (see inline doc)
* Adding a ProjectQuerySet method that does some intense subquerying to
be able to express the current_report in sql so that the status can be
filtered against


## Note from the cherry-picker/integrator

I see that the summary tables for reports was removed from
`apply/projects` and that the current dropdown in the main navigation
header points to `apply/project/reports`. This new table appears under
`apply/project/reporting` and is linked to in the original fork in which
this change occurred. As for integration here, the question is: do we
want to replace the original table or augment off to the side somehow?
Where should the link to this new table live?

Co-authored-by: Frank Duncan <frankduncan@opentechstrategies.com>
Co-authored-by: Fredrik Jonsson <frjo@xdeb.org>

Fixes #4073

Clearing out some unused css that have accumulated over the years. Also
replaced some little used css with tailwind classes. All in all some 400
lines of css got removed.

Fixes #4072

Fixes #4119 

Updates group management:

- **Centralized Group Definition:** Instead of creating groups within
migration files, which can be cumbersome to maintain, group definitions
are now managed through the AbstractRoles model. These roles are
synchronized using the `python manage.py sync_roles` command. This
ensures no existing groups or their associated permissions are deleted.

- **Module Renaming**: The `hypha.apply.users.groups` module has been
renamed to `hypha.apply.users.roles` to reflect the shift from
group-based to role-based permissions. This aligns with upcoming changes
utilizing the `rolepermissions` module.

- **Streamlined Group Descriptions**: The GroupDesc model is removed.
Instead, help text can be directly defined within the role itself. This
simplifies management and allows for translation of group descriptions.

**This is the first of a series of pull requests aimed at refactoring
the permissions system.**

As a sample implementation, converts the delete submission to use this
role-permissions. See:
https://github.com/HyphaApp/hypha/pull/4151/commits/8239c2172ab9150cdba0db8d95f13e1681f176cd

## Test Steps

 - make sure the migrations run fine.
- groups are create correctly via `python manage.py sync_roles`, it
should also keep the existing groups.
 -  groups description is rendered in the admin.
 - ensure delete submission/application is working as expected

Bumps [werkzeug](https://github.com/pallets/werkzeug) from 3.0.4 to
3.0.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/werkzeug/releases">werkzeug's
releases</a>.</em></p>
<blockquote>
<h2>3.0.6</h2>
<p>This is the Werkzeug 3.0.6 security fix release, which fixes security
issues but does not otherwise change behavior and should not result in
breaking changes.</p>
<p>PyPI: <a
href="https://pypi.org/project/Werkzeug/3.0.6/">https://pypi.org/project/Werkzeug/3.0.6/</a>
Changes: <a
href="https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-0-6">https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-0-6</a></p>
<ul>
<li>Fix how <code>max_form_memory_size</code> is applied when parsing
large non-file fields. <a
href="https://github.com/advisories/GHSA-q34m-jh98-gwm2">GHSA-q34m-jh98-gwm2</a></li>
<li><code>safe_join</code> catches certain paths on Windows that were
not caught by <code>ntpath.isabs</code> on Python &lt; 3.11. <a
href="https://github.com/advisories/GHSA-f9vj-2wh5-fj8j">GHSA-f9vj-2wh5-fj8j</a></li>
</ul>
<h2>3.0.5</h2>
<p>This is the Werkzeug 3.0.5 fix release, which fixes bugs but does not
otherwise change behavior and should not result in breaking changes.</p>
<p>PyPI: <a
href="https://pypi.org/project/Werkzeug/3.0.5/">https://pypi.org/project/Werkzeug/3.0.5/</a>
Changes: <a
href="https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-0-5">https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-0-5</a>
Milestone: <a
href="https://github.com/pallets/werkzeug/milestone/37?closed=1">https://github.com/pallets/werkzeug/milestone/37?closed=1</a></p>
<ul>
<li>The Watchdog reloader ignores file closed no write events. <a
href="https://redirect.github.com/pallets/werkzeug/issues/2945">#2945</a></li>
<li>Logging works with client addresses containing an IPv6 scope. <a
href="https://redirect.github.com/pallets/werkzeug/issues/2952">#2952</a></li>
<li>Ignore invalid authorization parameters. <a
href="https://redirect.github.com/pallets/werkzeug/issues/2955">#2955</a></li>
<li>Improve type annotation fore <code>SharedDataMiddleware</code>. <a
href="https://redirect.github.com/pallets/werkzeug/issues/2958">#2958</a></li>
<li>Compatibility with Python 3.13 when generating debugger pin and the
current UID does not have an associated name. <a
href="https://redirect.github.com/pallets/werkzeug/issues/2957">#2957</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/werkzeug/blob/main/CHANGES.rst">werkzeug's
changelog</a>.</em></p>
<blockquote>
<h2>Version 3.0.6</h2>
<p>Released 2024-10-25</p>
<ul>
<li>Fix how <code>max_form_memory_size</code> is applied when parsing
large non-file
fields. :ghsa:<code>q34m-jh98-gwm2</code></li>
<li><code>safe_join</code> catches certain paths on Windows that were
not caught by
<code>ntpath.isabs</code> on Python &lt; 3.11.
:ghsa:<code>f9vj-2wh5-fj8j</code></li>
</ul>
<h2>Version 3.0.5</h2>
<p>Released 2024-10-24</p>
<ul>
<li>The Watchdog reloader ignores file closed no write events.
:issue:<code>2945</code></li>
<li>Logging works with client addresses containing an IPv6 scope
:issue:<code>2952</code></li>
<li>Ignore invalid authorization parameters.
:issue:<code>2955</code></li>
<li>Improve type annotation fore <code>SharedDataMiddleware</code>.
:issue:<code>2958</code></li>
<li>Compatibility with Python 3.13 when generating debugger pin and the
current
UID does not have an associated name. :issue:<code>2957</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pallets/werkzeug/commit/5eaefc3996aa5cc8c5237d8b82f1b89eed6ea624"><code>5eaefc3</code></a>
release version 3.0.6</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/2767bcb10a7dd1c297d812cc5e6d11a474c1f092"><code>2767bcb</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/87cc78a25f782f8c59fbde786840a00cf0d09b3d"><code>87cc78a</code></a>
catch special absolute path on Windows Python &lt; 3.11</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/50cfeebcb0727e18cc52ffbeb125f4a66551179b"><code>50cfeeb</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/8760275afb72bd10b57d92cb4d52abf759b2f3a7"><code>8760275</code></a>
apply max_form_memory_size another level up in the parser</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/8d6a12e2af542a553853c870d106884a3cd1f73b"><code>8d6a12e</code></a>
start version 3.0.6</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/a7b121abc781b9a6557ca204f23247db654d0253"><code>a7b121a</code></a>
release version 3.0.5 (<a
href="https://redirect.github.com/pallets/werkzeug/issues/2961">#2961</a>)</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/9caf72ac060181a3171d91fd12279e071df430ca"><code>9caf72a</code></a>
release version 3.0.5</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/e28a2451e99457ce71e460af276a02f27a3bdba1"><code>e28a245</code></a>
catch OSError from getpass.getuser (<a
href="https://redirect.github.com/pallets/werkzeug/issues/2960">#2960</a>)</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/e6b4cce97eef17716004625bcf6754fa930f2618"><code>e6b4cce</code></a>
catch OSError from getpass.getuser</li>
<li>Additional commits viewable in <a
href="https://github.com/pallets/werkzeug/compare/3.0.4...3.0.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=werkzeug&package-manager=pip&previous-version=3.0.4&new-version=3.0.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/HyphaApp/hypha/network/alerts

).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Supersedes #3978 (remote branch change)

Fixes #3977

The linting and formatting on the js files are handled by Eslint and
pretter.

This config doesn't seem to be utilized by any tool.

Fix bug in submission-text-cleanup that made all tables display in the last field with a table (#4191)

Fixes #4189

The doc title filter had a small bug and we already have the
title_text_display property that make use of the
`SUBMISSION_TITLE_TEXT_TEMPLATE`.