search

ubyssey / ubyssey.ca

The code that powers www.ubyssey.ca
GNU General Public License v2.0
36 stars 41 forks source link

Bump wagtail from 2.15.3 to 5.1.3 #1323

Closed dependabot[bot] closed 10 months ago

dependabot[bot] commented 10 months ago

Bumps wagtail from 2.15.3 to 5.1.3.

Release notes

Sourced from wagtail's releases.

5.1.3

  • Fix: CVE-2023-45809: Disclosure of user names via admin bulk action views (Matt Westcott)
  • Fix: Fix SnippetBulkAction not respecting models definition (Sandro Rodrigues)
  • Fix: Correctly quote non-numeric primary keys on snippet inspect view (Sage Abdullah)
  • Fix: Prevent crash on snippet inspect view when displaying a null foreign key to an image (Sage Abdullah)
  • Fix: Populate the correct return value when creating a new snippet within the snippet chooser (claudobahn)
  • Fix: Reinstate missing filter by page type on page search (Matt Westcott)
  • Fix: Use the correct action log when creating a redirect (Thibaud Colas)

5.1.2

  • Fix: Avoid use of ignore_conflicts when creating extra permissions for snippets, for SQL Server compatibility (Sage Abdullah)
  • Fix: Ensure sequence on wagtailsearchpromotions_query table is correctly set after migrating data (Jake Howard)
  • Fix: Change spreadsheet export headings to match listing view column headings (Christer Jensen, Sage Abdullah)
  • Fix: Fix numbers, booleans, and None from being exported as strings (Christer Jensen)
  • Fix: Restore fallback on full-word search for snippet choosers and generic index views (Matt Westcott)
  • Fix: Restore compatibility with pre-7.15 versions of the Elasticsearch Python library, allowing use of Opensearch (Matt Westcott)
  • Fix: Fix error when pickling BaseSiteSetting instances (Matt Westcott)
  • Maintenance: For Python 3.13 support - upgrade Willow to v1.6.2, replace imghdr with Willow's built-in MIME type detection (Jake Howard)

5.1.1

  • Introduce wagtail.admin.ui.tables.BooleanColumn to display boolean values as icons (Sage Abdullah)
  • Fix: Show not-None falsy values instead of blank in generic table cell template (Sage Abdullah)
  • Fix: Fix read_only panels for fields with translatable choice labels (Florent Lebreton)

5.1

  • Add support for read-only FieldPanels (Andy Babic)
  • Add support for query-time boosting to Elasticsearch 6 and above (Shohan Dutta Roy)
  • Add support for Elasticsearch 8 (Matt Westcott, Wesley van Lee)
  • Mark calls to md5 as not being used for secure purposes, to avoid flagging on FIPS-mode systems (Sean Kelly)
  • Return filters from parse_query_string as a QueryDict to support multiple values (Aman Pandey)
  • Explicitly specify MenuItem.name for all admin menu and submenu items (Justin Koestinger)
  • Add oEmbed provider patterns for YouTube Shorts and YouTube Live URLs (valnuro, Fabien Le Frapper)
  • Add initial implementation of PagePermissionPolicy (Sage Abdullah)
  • Refactor UserPagePermissionsProxy and PagePermissionTester to use PagePermissionPolicy (Sage Abdullah, Tidiane Dia)
  • Add a predictable default ordering of the "Object/Other permissions" in the Group Editing view, allow this ordering to be customised (Daniel Kirkham)
  • Add AbstractImage.get_renditions() for efficient generation of multiple renditions (Andy Babic)
  • Optimise queries in collection permission policies using cache on the user object (Sage Abdullah)
  • Phone numbers entered via a link chooser will now have any spaces stripped out, ensuring a valid href="tel:..." attribute (Sahil Jangra)
  • Auto-select the StreamField block when only one block type is declared (Sébastien Corbin)
  • Add support for more advanced Draftail customisation APIs (Thibaud Colas)
  • Add the ability to export snippets listing via SnippetViewSet.list_export (Sage Abdullah)
  • Add support for adding HTML attrs on FieldPanel, FieldRowPanel, MultiFieldPanel, and others (Aman Pandey, Antoni Martyniuk, LB (Ben) Johnston)
  • Add support for --template option to wagtail start (Thibaud Colas)
  • Change to always cache renditions (Jake Howard)
  • Update link/document rich text tooltips for consistency with the inline toolbar (Albina Starykova)
  • Increase the contrast between the rich text / StreamField block picker and the page in dark mode (Albina Starykova)
  • Purge revisions of non-page models in purge_revisions command (Sage Abdullah)
  • Add support for AVIF images (Aman Pandey)
  • Change the default WebP quality to 80 to match AVIF (Aman Pandey)
  • Adopt optimised Wagtail logo in the admin interface (Albina Starykova)

... (truncated)

Changelog

Sourced from wagtail's changelog.

5.1.3 (19.10.2023)


 * Fix: CVE-2023-45809: Disclosure of user names via admin bulk action views (Matt Westcott)
 * Fix: Fix `SnippetBulkAction` not respecting `models` definition (Sandro Rodrigues)
 * Fix: Correctly quote non-numeric primary keys on snippet inspect view (Sage Abdullah)
 * Fix: Prevent crash on snippet inspect view when displaying a null foreign key to an image (Sage Abdullah)
 * Fix: Populate the correct return value when creating a new snippet within the snippet chooser (claudobahn)
 * Fix: Reinstate missing filter by page type on page search (Matt Westcott)
 * Fix: Use the correct action log when creating a redirect (Thibaud Colas)

5.1.2 (25.09.2023)

  • Fix: Avoid use of ignore_conflicts when creating extra permissions for snippets, for SQL Server compatibility (Sage Abdullah)
  • Fix: Ensure sequence on wagtailsearchpromotions_query table is correctly set after migrating data (Jake Howard)
  • Fix: Change spreadsheet export headings to match listing view column headings (Christer Jensen, Sage Abdullah)
  • Fix: Fix numbers, booleans, and None from being exported as strings (Christer Jensen)
  • Fix: Restore fallback on full-word search for snippet choosers and generic index views (Matt Westcott)
  • Fix: Restore compatibility with pre-7.15 versions of the Elasticsearch Python library, allowing use of Opensearch (Matt Westcott)
  • Fix: Fix error when pickling BaseSiteSetting instances (Matt Westcott)
  • Maintenance: For Python 3.13 support - upgrade Willow to v1.6.2, replace imghdr with Willow's built-in MIME type detection (Jake Howard)

5.1.1 (14.08.2023)


 * Introduce `wagtail.admin.ui.tables.BooleanColumn` to display boolean values as icons (Sage Abdullah)
 * Fix: Show not-`None` falsy values instead of blank in generic table cell template (Sage Abdullah)
 * Fix: Fix `read_only` panels for fields with translatable choice labels (Florent Lebreton)

5.1 (01.08.2023)



 * Add support for read-only FieldPanels (Andy Babic)
 * Add support for query-time boosting to Elasticsearch 6 and above (Shohan Dutta Roy)
 * Add support for Elasticsearch 8 (Matt Westcott, Wesley van Lee)
 * Mark calls to `md5` as not being used for secure purposes, to avoid flagging on FIPS-mode systems (Sean Kelly)
 * Return filters from `parse_query_string` as a `QueryDict` to support multiple values (Aman Pandey)
 * Explicitly specify `MenuItem.name` for all admin menu and submenu items (Justin Koestinger)
 * Add oEmbed provider patterns for YouTube Shorts and YouTube Live URLs (valnuro, Fabien Le Frapper)
 * Add initial implementation of `PagePermissionPolicy` (Sage Abdullah)
 * Refactor `UserPagePermissionsProxy` and `PagePermissionTester` to use `PagePermissionPolicy` (Sage Abdullah, Tidiane Dia)
 * Add a predictable default ordering of the "Object/Other permissions" in the Group Editing view, allow this ordering to be customised (Daniel Kirkham)
 * Add `AbstractImage.get_renditions()` for efficient generation of multiple renditions (Andy Babic)
 * Optimise queries in collection permission policies using cache on the user object (Sage Abdullah)
 * Phone numbers entered via a link chooser will now have any spaces stripped out, ensuring a valid href="tel:..." attribute (Sahil Jangra)
 * Auto-select the `StreamField` block when only one block type is declared (Sébastien Corbin)
</tr></table> 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>

<ul>
<li><a href="https://github.com/wagtail/wagtail/commit/582d4d9720ddb543a7327f6c75db1b7e9ec534e7"><code>582d4d9</code></a> Version bump to 5.1.3</li>
<li><a href="https://github.com/wagtail/wagtail/commit/b0b70b1a2eda91976f988b2a52ff78436e711cf8"><code>b0b70b1</code></a> Release note for CVE-2023-45809 in 5.1.3 (and fill in release date)</li>
<li><a href="https://github.com/wagtail/wagtail/commit/aa838f393d34a8b33e6a1811f9e89ec76c811a81"><code>aa838f3</code></a> Add 5.0.5 release note page</li>
<li><a href="https://github.com/wagtail/wagtail/commit/bc1178853114f6d06c0460fc40dfbda3ae3bb573"><code>bc11788</code></a> Release note for CVE-2023-45809 in 5.0.5</li>
<li><a href="https://github.com/wagtail/wagtail/commit/c8c313e077e87cc6d68e25860a38997c1f82b3f2"><code>c8c313e</code></a> Release note for CVE-2023-45809 in 4.1.9</li>
<li><a href="https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b"><code>bc96aed</code></a> Redirect away from user bulk actions when user has no permissions on users</li>
<li><a href="https://github.com/wagtail/wagtail/commit/190af7887d39ab6a1a2c3c3b389c2d44c121a2b1"><code>190af78</code></a> Add release notes for <a href="https://redirect.github.com/wagtail/wagtail/issues/11080">#11080</a>, <a href="https://redirect.github.com/wagtail/wagtail/issues/11081">#11081</a> in v5.1.3</li>
<li><a href="https://github.com/wagtail/wagtail/commit/087d566ef636bcbb366b894d9f3d70c5160504ec"><code>087d566</code></a> Use the correct action log when creating a redirect</li>
<li><a href="https://github.com/wagtail/wagtail/commit/6595b3dc04880c5fa03ae6d44d042fa324a0972a"><code>6595b3d</code></a> Docs - Fix typo for migration command in the section under Tag posts</li>
<li><a href="https://github.com/wagtail/wagtail/commit/893143b5abc8116a3d8d692a40437db659b2818f"><code>893143b</code></a> Fix port number in tutorial</li>
<li>Additional commits viewable in <a href="https://github.com/wagtail/wagtail/compare/v2.15.3...v5.1.3">compare view</a></li>
</ul>
</details>

<br />



[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=wagtail&package-manager=pip&previous-version=2.15.3&new-version=5.1.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 10 months ago

Superseded by #1345.