#5450 - Updated django to ~3.2.25 due to CVE-2024-27351.
#5464 - Added requirement for user authentication to access the endpoint /extras/job-results/<uuid:pk>/log-table/; furthermore it will not allow an authenticated user to view log entries for a JobResult they don't otherwise have permission to view. (GHSA-m732-wvh2-7cq4)
#5464 - Added narrower permissions enforcement on the endpoints /extras/git-repositories/<uuid:pk>/sync/ and /extras/git-repositories/<uuid:pk>/dry-run/; a user who has change permissions for a subset of Git repositories is no longer permitted to sync or dry-run other repositories for which they lack the appropriate permissions. (GHSA-m732-wvh2-7cq4)
#5464 - Added narrower permissions enforcement on the /api/dcim/connected-device/?peer_device=...&?peer_interface=... REST API endpoint; a user who has view permissions for a subset of interfaces is no longer permitted to query other interfaces for which they lack permissions. (GHSA-m732-wvh2-7cq4)
#5464 - Added narrower permissions enforcement on all <app>/<model>/<uuid>/notes/ UI endpoints; a user must now have the appropriate extras.view_note permissions to view existing notes. (GHSA-m732-wvh2-7cq4)
#5464 - Added requirement for user authentication to access the REST API endpoints /api/redoc/, /api/swagger/, /api/swagger.json, and /api/swagger.yaml. (GHSA-m732-wvh2-7cq4)
#5464 - Added requirement for user authentication to access the /api/graphql REST API endpoint, even when EXEMPT_VIEW_PERMISSIONS is configured. (GHSA-m732-wvh2-7cq4)
#5464 - Added requirement for user authentication to access the endpoints /dcim/racks/<uuid>/dynamic-groups/, /dcim/devices/<uuid>/dynamic-groups/, /ipam/prefixes/<uuid>/dynamic-groups/, /ipam/ip-addresses/<uuid>/dynamic-groups/, /virtualization/clusters/<uuid>/dynamic-groups/, and /virtualization/virtual-machines/<uuid>/dynamic-groups/, even when EXEMPT_VIEW_PERMISSIONS is configured. (GHSA-m732-wvh2-7cq4)
#5464 - Added requirement for user authentication to access the endpoint /extras/secrets/provider/<str:provider_slug>/form/. (GHSA-m732-wvh2-7cq4)
Added
#5464 - Added nautobot.apps.utils.get_url_for_url_pattern and nautobot.apps.utils.get_url_patterns lookup functions.
#5464 - Added nautobot.apps.views.GenericView base class.
Changed
#5464 - Added support for view_name and view_description optional parameters when instantiating a nautobot.apps.api.OrderedDefaultRouter. Specifying these parameters is to be preferred over defining a custom APIRootView subclass when defining App API URLs.
#5464 - Added requirement for user authentication by default on the nautobot.apps.api.APIRootView class. As a consequence, viewing the browsable REST API root endpoints (e.g. /api/, /api/circuits/, /api/dcim/, etc.) now requires user authentication.
Removed
#5464 - Removed the URL endpoints /api/users/users/my-profile/, /api/users/users/session/, /api/users/tokens/authenticate/, and /api/users/tokens/logout/ as they are unused at this time.
Fixed
#5413 - Updated Device "LLDP Neighbors" detail panel to handle LLDP neighbors with MAC address as port-id.
#5423 - Fixed collapsable navbar for GraphiQL page /graphql.
#5423 - Fixed collapsable navbar for Admin page /admin.
#5423 - Improved footer responsiveness for certain media sizes.
#5464 - Fixed a 500 error when accessing any of the /dcim/<port-type>/<uuid>/connect/<termination_b_type>/ view endpoints with an invalid/nonexistent termination_b_type string.
#5466 - Remove duplicated location param in vlan table.
Dependencies
#5296 - Fixed bug in pyproject.toml that added coverage as a nautobot dependency instead of a development dependency.
Documentation
#5340 - Added installation documentation about recommended health-checks for Docker Compose and Kubernetes.
#5464 - Updated example views in the App developer documentation to include ObjectPermissionRequiredMixin or LoginRequiredMixin as appropriate best practices.
Housekeeping
... (truncated)
Commits
27ee0c2 Merge pull request #5477 from nautobot/release/2.1.9
You can trigger a rebase of this PR by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/nautobot/nautobot-app-netbox-importer/network/alerts).
Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
Bumps nautobot from 2.1.2 to 2.1.9.
Release notes
Sourced from nautobot's releases.
... (truncated)
Commits
27ee0c2
Merge pull request #5477 from nautobot/release/2.1.9961954a
release v2.1.9dd623e6
View authentication and permission fixes (#5464)acb506d
Add documentation about docker-compose/k8s health checks (#5449)e265c8e
Remove duplicated location param in vlan table (#5467)2e4ffd6
fix: Update Device lldp detail panel for MAC address port-id (#5413)ce2350e
Remove OrderedDict from dcim.models.racks.py (#5451)9ea4bba
Fixed bug in pyproject.toml that addedcoverage
as a nautobot dependency (#...6814cbe
Pinned coverage to 6.4.0 to resolve issue with breakpoints in unit tests. (#5...f8d5fdf
Replace OrderedDict in routers.py (#5456)You can trigger a rebase of this PR by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show