search

openwisp / django-rest-framework-gis

Geographic add-ons for Django REST Framework. Maintained by the OpenWISP Project.
http://openwisp.org
MIT License
1.09k stars 201 forks source link

[deps] Update openwisp-utils[qa] requirement from ~=1.0.0 to ~=1.0.5 #300

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Updates the requirements on openwisp-utils[qa] to permit the latest version.

Release notes

Sourced from openwisp-utils[qa]'s releases.

1.0.5 [2023-11-24]

Security

  • (Medium risk) The labels displayed in the dashboard pie charts were not being escaped and hence the code was vulnerable to XSS attempts.
Changelog

Sourced from openwisp-utils[qa]'s changelog.

Version 1.0.5 [2023-11-24]

Security


- (Medium risk) The labels displayed in the dashboard pie charts were
  not being escaped and hence the code was vulnerable to XSS attempts.

Version 1.0.4 [2022-10-07]


Bugfixes

  • Fixed importlib-metadata dependency, pinned it to <5.0. The newer versions of importlib-metadata breaks openwisp-utils on Python 3.7.

Version 1.0.3 [2022-08-03]

Bugfixes


- Fixed **django-fitler** dependency, pinned it to ``~=21.1``.
  Earlier, it was installing the latest version of django-filter.

Version 1.0.2 [2022-07-01]


Bugfixes

  • Fixed empty charts showing annotations from the previous chart
  • Fixed dashboard template extra_config getting over-written when multiple dashboard templates are used
  • Fixed empty dashboard charts not displaying total as "0" <https://github.com/openwisp/openwisp-utils/issues/301>_

Version 1.0.1 [2022-04-07]

Bugfixes


- Fixed ``ImportError`` in click dependency of black
  (updated black dependency to ``black~=22.3.0``)
</tr></table>

... (truncated)

Commits
  • ca9e77f 1.0.5 release
  • 84dc4ce [tests] Install openwisp-controller~=1.0
  • 6b02b87 [deps] Upgraded selenium
  • 1f604a8 [fix] Make sure to HTML escape all dashboard labels
  • dbbb4ba 1.0.4 release
  • fb217ec [docs] Added changelog for 1.0.4
  • 3fd4f1c [deps] Pinned importlib-metadata
  • 1158dba [docs] Added note on SVG images to OPENWISP_EMAIL_LOGO
  • bfbbb5f [docs] Fixed wrong OPENWISP_ADMIN_DASHBOARD_ENABLED default value
  • c62e409 1.0.3 release
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)