Bump psiturk from 2.3.11 to 3.2.1

[dependabot[bot]]

Bumps psiturk from 2.3.11 to 3.2.1.

Release notes

Sourced from psiturk's releases.

v3.2.1

Security release!

Fixes a SSTI vulnerability in ad and consent pages, NYUCCL/psiTurk#517, thanks @​BlaiseRitchie

(Apologies for the delay, couldn't immediately think of a way to do a security release)

v3.2.0

Added

• Add custom MTurk qualification support (#493)

• /dashboard/campaigns and /dashboard/tasks now warn if do_scheduler is False (#502)

• amt_services_wrapper's _get_local_hitids no longer queries the Participants table for hitids. Instead, it wholly relies on the Hit table (amt_hits by default). (#498) -- Thanks @​evankirkiles!

  Experiments that are migrating from psiturk v2 should run the new psiturk migrate db command when migrating to this release.

Fixed

• user_utils.PsiTurkAuthorization should not allow empty username or password! (#492)
• aws env vars AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are now preferred over anything set in a config file somewhere (#496, #500)
• Dashboard will refuse to start if secret_key is missing or if no valid mturk credentials (#497)
• Scheduler is started "paused" if do_scheduler is False, so that tasks can still be created, modified, and destroyed (#502)
• Campaigns' "update goal" functionality fixed -- the associated task is updated with the new goal (#502)
• example template for thanks-mturksubmit was missing a call to {{ super() }}, leading to no styles being loaded by default (#503)

Changed

• Migrate from Travis CI to Github Actions (#500)
• API now uses a custom error handler to pass sometimes-gory exception messages back to the api user (#502)
• Change the Participant.datastring column to be lazy-loaded, causing the datastring to not be loaded by the sqlalchemy model until explicilty requested. Leads to massive speed increases for any query involving the Participant table for cases where the datastring is large. (Thanks @​evankirkiles!)(#504)

v3.1.0

[3.1.0]

Added

• ability to launch the experiment server from a subdirectory instead of just the default directory by passing app_dir keyword argument to experiment_server.launch() (d781d4f0420004aa19462e59a653bddfcb12fa26)

Fixed

• Flask's StreamLogger is now used by default when ON_CLOUD=1, assuming no errorlog is set in the config file.
• fix download_datafiles scoping error (#487)

v3.0.6

Added

... (truncated)

Changelog

Sourced from psiturk's changelog.

[3.2.1]

Fixed

• Fix SSTI vulnerability in ad and consent pages (#517)

[3.2.0]

Added

• Add custom MTurk qualification support (#493)

• /dashboard/campaigns and /dashboard/tasks now warn if do_scheduler is False (#502)

• amt_services_wrapper's _get_local_hitids no longer queries the Participants table for hitids. Instead, it wholly relies on the Hit table (amt_hits by default). (#498) -- Thanks @​evankirkiles!

  Experiments that are migrating from psiturk v2 should run the new psiturk migrate db command when migrating to this release.

Fixed

• user_utils.PsiTurkAuthorization should not allow empty username or password! (#492)
• aws env vars AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are now preferred over anything set in a config file somewhere (#496, #500)
• Dashboard will refuse to start if secret_key is missing or if no valid mturk credentials (#497)
• Scheduler is started "paused" if do_scheduler is False, so that tasks can still be created, modified, and destroyed (#502)
• Campaigns' "update goal" functionality fixed -- the associated task is updated with the new goal (#502)
• example template for thanks-mturksubmit was missing a call to {{ super() }}, leading to no styles being loaded by default (#503)

Changed

• Migrate from Travis CI to Github Actions (#500)
• API now uses a custom error handler to pass sometimes-gory exception messages back to the api user (#502)
• Change the Participant.datastring column to be lazy-loaded, causing the datastring to not be loaded by the sqlalchemy model until explicitly requested. Leads to massive speed increases for any query involving the Participant table for cases where the datastring is large. (Thanks @​evankirkiles!)(#504)

[3.1.0]

Added

• ability to launch the experiment server from a subdirectory instead of just the default directory by passing app_dir keyword argument to experiment_server.launch() (#484)

Fixed

• Flask's StreamLogger is now used by default when ON_CLOUD=1, assuming no errorlog is set in the config file (#483)
• fix download_datafiles scoping error (#487)

3.0.6

Added

• added backwards compatibility for class InvalidUsage exception in experiment_errors.py, for custom.py files generated by old version of psiturk. This was previously throwing an exception in versions 3.0.0 – 3.0.5 (#479)

... (truncated)

Commits

• 2a2de2b bump to 3.2.1
• 47787e1 Fix SSTI vulnerability in ad and consent pages (#517)
• 231d566 bump to 3.2.0
• 82124c7 add missing links
• 7ab9c5d Deferred datastring column for insane Participant query speedup (#504)
• ba09ab1 fix missing call to super() in thanks-mturksubmit example template (#503)
• 4ae271b Remove getting local HIT id's from Participants table (#498)
• e96ae64 update docs to list that allow_repeats has moved
• 0a39e53 warn if not do_scheduler; fix if do_scheduler false; more verbose api error h...
• 1188980 Pin github action version for deploy, and skip existing (#501)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/fredcallaway/heroku-experiment/network/alerts).

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.