[pull] master from kiwitcms:master #378
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| return HttpResponseRedirect(reverse("bugs-get", args=[bug.pk])) | ||
| return HttpResponseRedirect(reverse("bugs-get", args=[bug.pk])) | ||
|
|
||
| return HttpResponseRedirect(request.META.get("HTTP_REFERER", "/")) |
Check warning
Code scanning / CodeQL
URL redirection from remote source Medium
|
You have successfully added a new CodeQL configuration |
|
You have successfully added a new CodeQL configuration |
these will end up in email Subject: header and that causes a traceback:
django/core/mail/message.py in forbid_multi_line_headers at line 60:
def forbid_multi_line_headers(name, val, encoding):
"""Forbid multi-line headers to prevent header injection."""
encoding = encoding or settings.DEFAULT_CHARSET
val = str(val) # val may be lazy
if "\n" in val or "\r" in val:
raise BadHeaderError(
"Header values can't contain newlines (got %r for header %r)" % (val, name)
)
Fixes Sentry KIWI-TCMS-P7, https://kiwitcms.sentry.io/issues/5547586648/
Bumps [eslint-plugin-promise](https://github.com/eslint-community/eslint-plugin-promise) from 6.2.0 to 6.4.0. - [Release notes](https://github.com/eslint-community/eslint-plugin-promise/releases) - [Changelog](https://github.com/eslint-community/eslint-plugin-promise/blob/main/CHANGELOG.md) - [Commits](eslint-community/eslint-plugin-promise@v6.2.0...v6.4.0) --- updated-dependencies: - dependency-name: eslint-plugin-promise dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
- EthicalAds is a GDPR-compliant ad network for devs - No cookie banners, and only dev-focused ads.
instead of maximizing to a set window size, see https://forum.robotframework.org/t/zooming-out-a-website/7285/2
Bumps [webpack](https://github.com/webpack/webpack) from 5.92.1 to 5.93.0. - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.92.1...v5.93.0) --- updated-dependencies: - dependency-name: webpack dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [eslint-plugin-promise](https://github.com/eslint-community/eslint-plugin-promise) from 6.4.0 to 6.6.0. - [Release notes](https://github.com/eslint-community/eslint-plugin-promise/releases) - [Changelog](https://github.com/eslint-community/eslint-plugin-promise/blob/main/CHANGELOG.md) - [Commits](eslint-community/eslint-plugin-promise@v6.4.0...v6.6.0) --- updated-dependencies: - dependency-name: eslint-plugin-promise dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
The remove_link function in testexecution.py has been refactored to handle the case where the query parameter is empty. This change ensures that the LinkReference objects are only deleted when the query is not empty, preventing any unintended deletions.
- we don't want to change the underlying API because many external clients depend on it - and we don't want to introduce a new major version for such a small change - and also because all of the delete/remove API methods allow the caller to actually delete eveything if they want to and such change is a deviation from the established behavior wrt the rest of the API. It is the responsibility of the caller to ensure that they are calling this method with sane arguments which is handled in the previous commit by @Melzmann. I believe this Fixes #3728 as it addresses the underlying root cause.
ImportError: cannot import name 'VersionChange' from 'sphinx.directives.other'
Bumps [psf/black](https://github.com/psf/black) from 24.4.2 to 24.8.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](psf/black@24.4.2...24.8.0) --- updated-dependencies: - dependency-name: psf/black dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
the h1 heading has changed to Delete instead of Are you sure
In https://code.djangoproject.com/ticket/35660, django/django#18514 _fixture_setup() becomes a class method and is now also called as part of setUpClass() while previously it was only called outside of it. - adjust signatures for the _fixture_setup() methods - turn self.rpc_client into a property note: for every test scenario we start as AnonymousUser and the login via RPC before actually calling the FUT. - no RPC calls into _fixture_setup(), use setUp() instead!
Bumps [webpack](https://github.com/webpack/webpack) from 5.99.8 to 5.99.9. - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.99.8...v5.99.9) --- updated-dependencies: - dependency-name: webpack dependency-version: 5.99.9 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
to fetch more info about reported bugs via Bugzilla integration interface
This reverts commit e3ba3ee.
This reverts commit 7b8e8a7.
https://docs.djangoproject.com/en/5.1/releases/5.1.9/ CVE-2025-32873: Denial-of-service possibility in strip_tags() not used in Kiwi TCMS
Bumps [uwsgi](https://uwsgi-docs.readthedocs.io/en/latest/) from 2.0.29 to 2.0.30. --- updated-dependencies: - dependency-name: uwsgi dependency-version: 2.0.30 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 5.6.0 to 6.0.0. - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md) - [Commits](python-gitlab/python-gitlab@v5.6.0...v6.0.0) --- updated-dependencies: - dependency-name: python-gitlab dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
…o dict to avoid the situation where an integration falls back to the OpenGraph implementation which returns a dict-compatible object but modernrpc/handlers/xmlhandler.py in dumps_result() doesn't know how to serialize that! Fixes Sentry KIWI-TCMS-VV, https://kiwitcms.sentry.io/issues/6660677083/
Bumps [django-tree-queries](https://github.com/matthiask/django-tree-queries) from 0.19.0 to 0.20.0. - [Changelog](https://github.com/feincms/django-tree-queries/blob/main/CHANGELOG.rst) - [Commits](feincms/django-tree-queries@0.19...0.20) --- updated-dependencies: - dependency-name: django-tree-queries dependency-version: 0.20.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [django-guardian](https://github.com/django-guardian/django-guardian) from 2.4.0 to 3.0.0. - [Release notes](https://github.com/django-guardian/django-guardian/releases) - [Commits](django-guardian/django-guardian@v2.4.0...3.0.0) --- updated-dependencies: - dependency-name: django-guardian dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [pygments](https://github.com/pygments/pygments) from 2.19.1 to 2.19.2. - [Release notes](https://github.com/pygments/pygments/releases) - [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES) - [Commits](pygments/pygments@2.19.1...2.19.2) --- updated-dependencies: - dependency-name: pygments dependency-version: 2.19.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
--- updated-dependencies: - dependency-name: markdown dependency-version: 3.8.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.31.0 to 2.32.0. - [Release notes](https://github.com/import-js/eslint-plugin-import/releases) - [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md) - [Commits](import-js/eslint-plugin-import@v2.31.0...v2.32.0) --- updated-dependencies: - dependency-name: eslint-plugin-import dependency-version: 2.32.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [django-simple-history](https://github.com/django-commons/django-simple-history) from 3.8.0 to 3.10.1. - [Release notes](https://github.com/django-commons/django-simple-history/releases) - [Changelog](https://github.com/django-commons/django-simple-history/blob/master/CHANGES.rst) - [Commits](django-commons/django-simple-history@3.8.0...3.10.1) --- updated-dependencies: - dependency-name: django-simple-history dependency-version: 3.10.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
prevents usernames being exposed in logs or anonymous analytics. Refs #3994
to prevent test plan summary being exposed in logs or anonymous analytics. Fixes #3994. All internal URLs generated inside Kiwi TCMS will be of the form /plan/<pk>/ however for compatibility with existing bookmarks and 3rd party systems it is also possible to specify the URL such as /plan/<pk>/<maybe-slug> where the last part will be ignored. Also removes the django-uuslug dependency.
Bumps [django-guardian](https://github.com/django-guardian/django-guardian) from 3.0.0 to 3.0.3. - [Release notes](https://github.com/django-guardian/django-guardian/releases) - [Commits](django-guardian/django-guardian@3.0.0...3.0.3) --- updated-dependencies: - dependency-name: django-guardian dependency-version: 3.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 6.0.0 to 6.1.0. - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md) - [Commits](python-gitlab/python-gitlab@v6.0.0...v6.1.0) --- updated-dependencies: - dependency-name: python-gitlab dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )