Oliver
3504597e4a
Bump InvenTree software version to 1.4.2 ( #12291 )
2026-07-01 23:41:54 +10:00
github-actions[bot]
9793bba77a
Fix stocktake bug for counting serialized items ( #12280 ) ( #12282 )
...
* Fix stocktake bug for counting serialized items
* Add unit test
(cherry picked from commit 414aac0224 )
Co-authored-by: Oliver <oliver.henry.walters@gmail.com >
2026-06-30 17:09:23 +10:00
github-actions[bot]
ffc60cb189
[UI] Stock column fix ( #12268 ) ( #12269 )
...
* [UI] Fix StockColumn component
* stock table rendering tweaks
(cherry picked from commit 1da71ca3b9 )
Co-authored-by: Oliver <oliver.henry.walters@gmail.com >
2026-06-27 12:25:10 +10:00
github-actions[bot]
2ac8f608d8
Bug fix for exception handler ( #12257 ) ( #12261 )
...
(cherry picked from commit e847d96a88 )
Co-authored-by: Oliver <oliver.henry.walters@gmail.com >
2026-06-26 09:55:52 +10:00
Oliver
9ea33df847
Bump version to 1.4.1 ( #12242 )
2026-06-24 15:47:31 +10:00
Oliver
0a9a8b1c54
Add release entry for 1.4.0 ( #12237 )
...
* Add release entry for 1.4.0
* Mark version as 1.4.0
2026-06-24 13:53:55 +10:00
Oliver
74dc21b81c
[bug] Allocated query fix ( #12234 )
...
* Fix BuildLineFilter.filter_allocated
- Required for mysql backend
* Spoecify output field
2026-06-24 12:49:43 +10:00
Oliver
75b27bd10a
[UI] Tweak "order parts" wizard ( #12236 )
...
- Order supplier parts by "primary" value
- Attempt to auto-fill primary supplier part
2026-06-24 12:49:30 +10:00
Oliver
184ec37975
[UI] Tweak today color ( #12235 )
...
- Make "today" more obvious in calendar views
2026-06-24 12:49:19 +10:00
github-actions[bot]
6a2094e2a0
New Crowdin translations by GitHub Action ( #12192 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-24 11:44:51 +10:00
Matthias Mair
f21bc2d06f
extend barcode scans API ( #12233 )
...
* extend barcode scans with user perm check
* fix import
* fix call
* align error message
* add missing permissions to test
* remove erronous assign
* ensure permission erros knock through
2026-06-24 10:45:26 +10:00
Phil
3bf410c313
color scheme: Use the users prefered mode by default ( #12227 )
...
* color scheme: Use the users prefered colour scheme if one isn't defined in the store
* fix style
---------
Co-authored-by: Matthias Mair <code@mjmair.com >
2026-06-23 16:26:06 +10:00
Matthias Mair
ec845c61cd
Bump ty ( #12211 )
...
* bump ty
* various fixes
* fix settings
* bump stubs
* update pre-commit setup
* update ignore
* fix various issues
* fix style
* fix ignores
* fix wrong ty warnings
2026-06-22 08:26:31 +10:00
Oliver
50577da65a
Add meaningful message on CSRF failure ( #12216 )
...
* Add meaningful message on CSRF failure
* Add link to CSRF_FAILURE_VIEW
* Add unit test for new CSRF feedback
2026-06-20 23:49:36 +10:00
dependabot[bot]
204cff2f88
chore(deps): bump undici from 6.26.0 to 8.5.0 in /src/frontend ( #12214 )
...
Bumps [undici](https://github.com/nodejs/undici ) from 6.26.0 to 8.5.0.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v6.26.0...v8.5.0 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 8.5.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-20 13:14:34 +02:00
Oliver
5eaac37303
Fix signup warning ( #12213 )
...
- Should only fire on an actual signup attempt
2026-06-20 20:13:14 +10:00
dependabot[bot]
c4d67b65d7
chore(deps): bump undici from 8.4.1 to 8.5.0 in /src/frontend ( #12200 )
...
Bumps [undici](https://github.com/nodejs/undici ) from 8.4.1 to 8.5.0.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v8.4.1...v8.5.0 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 8.5.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com >
2026-06-20 12:02:19 +02:00
Oliver
ca16e6ec0a
Report locale updates ( #12208 )
...
* Optional 'locale' arg to format_money
- Allows override of system locale when generating reports
* Updated documentation
* Add unit tests
* Handle invalid locale
* Handle invalid locale
* Add new global setting to control currency locale in reports
* Use setting in reports
* Add CHANGELOG entry
* Further unit tests
* Add unit tests for new setting
* Update docs
* More docs
* Refactoring:
- Change REPORT_CURRENCY_LOCALE to REPORT_LOCALE
* Extend unit testing
* Refactor format_number
* Add unit tests for explicit format strings
* Update examples for format_date
* Updated unit tests
* Cleanup unit tests
* Fix more tests
* Adjust wording
* Remove global setting - simplify code
* Simplify unit tests
* Revert 'min_digits' to 'leading'
* Fix docs
* Refactor the render_currency function
- Move all functionality into report.py
* Cleanup duplicate code
* Updated docs
* Allow user to specify date_format
* Add support for 'leading' digits in render_currency
* Bug fix
* Fix unit test
* Add tests for "include_symbol"
2026-06-20 11:00:12 +10:00
dependabot[bot]
8a092b4d1d
chore(deps): bump the dependencies group across 1 directory with 12 updates ( #12210 )
...
* chore(deps): bump the dependencies group across 1 directory with 12 updates
Bumps the dependencies group with 12 updates in the /src/backend directory:
| Package | From | To |
| --- | --- | --- |
| [boto3](https://github.com/boto/boto3 ) | `1.43.23` | `1.43.28` |
| [botocore](https://github.com/boto/botocore ) | `1.43.23` | `1.43.28` |
| [django-js-asset](https://github.com/feincms/django-js-asset ) | `3.1.2` | `4.0.1` |
| [django-money](https://github.com/django-money/django-money ) | `3.6.0` | `3.6.1` |
| [grpcio](https://github.com/grpc/grpc ) | `1.81.0` | `1.81.1` |
| [protobuf](https://github.com/protocolbuffers/protobuf ) | `6.33.6` | `7.35.1` |
| [sentry-sdk](https://github.com/getsentry/sentry-python ) | `2.61.1` | `2.62.0` |
| [structlog](https://github.com/hynek/structlog ) | `25.5.0` | `26.1.0` |
| [tqdm](https://github.com/tqdm/tqdm ) | `4.68.1` | `4.68.2` |
| [wcwidth](https://github.com/jquast/wcwidth ) | `0.7.0` | `0.8.1` |
| [wrapt](https://github.com/GrahamDumpleton/wrapt ) | `1.17.3` | `2.2.1` |
| [zopfli](https://github.com/fonttools/py-zopfli ) | `0.4.2` | `0.4.3` |
Updates `boto3` from 1.43.23 to 1.43.28
- [Release notes](https://github.com/boto/boto3/releases )
- [Commits](https://github.com/boto/boto3/compare/1.43.23...1.43.28 )
Updates `botocore` from 1.43.23 to 1.43.28
- [Commits](https://github.com/boto/botocore/compare/1.43.23...1.43.28 )
Updates `django-js-asset` from 3.1.2 to 4.0.1
- [Changelog](https://github.com/feincms/django-js-asset/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/feincms/django-js-asset/compare/3.1.2...4.0.1 )
Updates `django-money` from 3.6.0 to 3.6.1
- [Release notes](https://github.com/django-money/django-money/releases )
- [Changelog](https://github.com/django-money/django-money/blob/main/docs/changes.rst )
- [Commits](https://github.com/django-money/django-money/compare/3.6.0...3.6.1 )
Updates `grpcio` from 1.81.0 to 1.81.1
- [Release notes](https://github.com/grpc/grpc/releases )
- [Commits](https://github.com/grpc/grpc/compare/v1.81.0...v1.81.1 )
Updates `protobuf` from 6.33.6 to 7.35.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases )
- [Commits](https://github.com/protocolbuffers/protobuf/commits )
Updates `sentry-sdk` from 2.61.1 to 2.62.0
- [Release notes](https://github.com/getsentry/sentry-python/releases )
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-python/compare/2.61.1...2.62.0 )
Updates `structlog` from 25.5.0 to 26.1.0
- [Release notes](https://github.com/hynek/structlog/releases )
- [Changelog](https://github.com/hynek/structlog/blob/main/CHANGELOG.md )
- [Commits](https://github.com/hynek/structlog/compare/25.5.0...26.1.0 )
Updates `tqdm` from 4.68.1 to 4.68.2
- [Release notes](https://github.com/tqdm/tqdm/releases )
- [Commits](https://github.com/tqdm/tqdm/compare/v4.68.1...v4.68.2 )
Updates `wcwidth` from 0.7.0 to 0.8.1
- [Release notes](https://github.com/jquast/wcwidth/releases )
- [Commits](https://github.com/jquast/wcwidth/compare/0.7.0...0.8.1 )
Updates `wrapt` from 1.17.3 to 2.2.1
- [Release notes](https://github.com/GrahamDumpleton/wrapt/releases )
- [Changelog](https://github.com/GrahamDumpleton/wrapt/blob/develop/docs/changes.rst )
- [Commits](https://github.com/GrahamDumpleton/wrapt/compare/1.17.3...2.2.1 )
Updates `zopfli` from 0.4.2 to 0.4.3
- [Release notes](https://github.com/fonttools/py-zopfli/releases )
- [Commits](https://github.com/fonttools/py-zopfli/compare/v0.4.2...v0.4.3 )
---
updated-dependencies:
- dependency-name: boto3
dependency-version: 1.43.28
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: botocore
dependency-version: 1.43.28
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: django-js-asset
dependency-version: 4.0.1
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: dependencies
- dependency-name: django-money
dependency-version: 3.6.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: grpcio
dependency-version: 1.81.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: protobuf
dependency-version: 7.35.1
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: dependencies
- dependency-name: sentry-sdk
dependency-version: 2.62.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: dependencies
- dependency-name: structlog
dependency-version: 26.1.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: dependencies
- dependency-name: tqdm
dependency-version: 4.68.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: wcwidth
dependency-version: 0.8.1
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: dependencies
- dependency-name: wrapt
dependency-version: 2.2.1
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: dependencies
- dependency-name: zopfli
dependency-version: 0.4.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix style
* general bump
* bump dev tools
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com >
2026-06-20 09:50:45 +10:00
Oliver
6657000d89
[UI] Fix NewsWidget ( #12205 )
2026-06-19 17:18:59 +10:00
Oliver
01fb74af25
[UI] Tree improvements ( #12204 )
...
* Hide expand icon for items without children
* Add searching to CategoryTree API
* Add "level" filter
* Automatically include parent tree when searching
* Include tree_id field
* Add search input to NavigationTree
* Add more API filters
* Load child nodes iteratively
* Fix dynamic loading of nodes
* Highlight selected item
* Include pathstring
* Fix insertion order
* Auto-expand to the selected ID
* Add "no results" message
* Refactor into generic components
* Expand to multi level
* Use async node loading functionality
* Add hovercard
* Implement same functionality for StockLocationTree API endpoint
* Adjust spacing
* Add connecting lines
* Add playwright test
* Bump API version
* Add CHANGELOG entry
* Update docs
* Update screenshot
2026-06-19 15:33:12 +10:00
dependabot[bot]
6285a11a65
chore(deps): bump pypdf from 6.13.0 to 6.13.3 in /src/backend ( #12201 )
...
* chore(deps): bump pypdf from 6.13.0 to 6.13.3 in /src/backend
Bumps [pypdf](https://github.com/py-pdf/pypdf ) from 6.13.0 to 6.13.3.
- [Release notes](https://github.com/py-pdf/pypdf/releases )
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md )
- [Commits](https://github.com/py-pdf/pypdf/compare/6.13.0...6.13.3 )
---
updated-dependencies:
- dependency-name: pypdf
dependency-version: 6.13.3
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix style
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com >
2026-06-19 13:47:50 +10:00
Oliver
f70d3e68d8
[UI] Fix status renderer functions ( #12202 )
...
Broken in recent refactor
2026-06-19 10:45:11 +10:00
dependabot[bot]
5ddccf8913
chore(deps): bump dompurify from 3.4.9 to 3.4.11 in /src/frontend ( #12199 )
...
Bumps [dompurify](https://github.com/cure53/DOMPurify ) from 3.4.9 to 3.4.11.
- [Release notes](https://github.com/cure53/DOMPurify/releases )
- [Commits](https://github.com/cure53/DOMPurify/compare/3.4.9...3.4.11 )
---
updated-dependencies:
- dependency-name: dompurify
dependency-version: 3.4.11
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-19 09:29:50 +10:00
Oliver
29b8ed91d2
[API] Adjust permissions for machine restart ( #12197 )
...
* [API] Adjust permissions for machine restart
Can only be actioned by a staff user
* Fix import
* Wrong class
* Extend unit test
* Bump API version
* Update CHANGELOG
2026-06-18 22:18:14 +10:00
Oliver
5b97acb79f
[bug] Fix double save ( #12194 )
...
* Prevent double-save when creating an order
* Prevent double-save for BuildOrder
* More fixes
* Additional unit tests
* Revert code, remove create method against StockTrackingList
* Fix mixins
2026-06-18 20:18:46 +10:00
Oliver
2ca86808bb
Fix order event name ( #12196 )
2026-06-18 20:00:18 +10:00
dependabot[bot]
c2f213a6c0
chore(deps): bump form-data from 4.0.5 to 4.0.6 in /src/frontend ( #12175 )
...
Bumps [form-data](https://github.com/form-data/form-data ) from 4.0.5 to 4.0.6.
- [Release notes](https://github.com/form-data/form-data/releases )
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md )
- [Commits](https://github.com/form-data/form-data/compare/v4.0.5...v4.0.6 )
---
updated-dependencies:
- dependency-name: form-data
dependency-version: 4.0.6
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com >
2026-06-18 18:36:16 +10:00
Oliver
fc15f30f8f
Report Generation Updates ( #12187 )
...
* Fix for TemplateEditor
- Allow dragging of split section
* Cleaner report template code
* Pass correct error message through
* Prevent multiple retries if running in worker thread
* Handle report merge error
* Add playwright tests for broken report printing
* Reduce scope for exception messages
* Reduce comment deltas
* Adjust unit test
* Raise ValidaitonError
* Handle message parsing
* Additional comment
* Fix unit tests
2026-06-18 13:41:44 +10:00
Oliver
4b29032c6e
System Health Checks ( #12193 )
...
* Add worker health check invoke task
* Increase frequency of heartbeat task
* Adjust default threshold for worker health check
* Add server_health invoke func
2026-06-18 12:46:46 +10:00
github-actions[bot]
c126e2b0af
New Crowdin translations by GitHub Action ( #12167 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-18 11:47:28 +10:00
dependabot[bot]
dbda5a783a
chore(deps): bump dompurify from 3.4.8 to 3.4.9 in /src/frontend ( #12174 )
...
Bumps [dompurify](https://github.com/cure53/DOMPurify ) from 3.4.8 to 3.4.9.
- [Release notes](https://github.com/cure53/DOMPurify/releases )
- [Commits](https://github.com/cure53/DOMPurify/compare/3.4.8...3.4.9 )
---
updated-dependencies:
- dependency-name: dompurify
dependency-version: 3.4.9
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com >
2026-06-18 09:57:52 +10:00
Matthias Mair
f602714dc9
fix(backend): import session metadata ( #12184 )
...
* add storage for historic import metadata for reporting and display purposes
fixes breakage fromhttps://github.com/inventree/InvenTree/pull/12169
* add api bump
* re-enable test
* fix migration
* ensure session is not overwritten
* fix statusrender without custom key
2026-06-18 08:10:32 +10:00
John Luetke
83a6729755
Change order custom status via api ( #11982 )
...
* Set custom_status_key via API
Refactor `custom_status_key` to be writable via the API and validate that the proposed value is valid for the current order status
* Refactor status_text serializer to consider custom status label
* Update api_version.py
* Additional unit testagainst N + 1
---------
Co-authored-by: Matthias Mair <code@mjmair.com >
Co-authored-by: Oliver Walters <oliver.henry.walters@gmail.com >
2026-06-17 17:59:37 +10:00
Oliver
546958a1cb
[UI] Additional table filters ( #12186 )
2026-06-17 15:02:07 +10:00
Oliver
38008d8204
Mysql filter fix ( #12185 )
...
* Improve "available" filter for BuildLine API endpoint
* Fix typo
* Additional unit tests
* Additional playwright tests
2026-06-17 14:50:17 +10:00
Oliver
a670eabd10
[import] specify fk lookup field ( #12180 )
...
* Raise error on multiple matches
* add new field to handle lookup_field selection
* Add unit tests
* Update frontend
* Bump API version
* Ensure string-iness of lookup field
2026-06-17 11:03:26 +10:00
Matthias Mair
91a4b2a1a5
fix(frontend): adress broken UI tests ( #12183 )
...
* try different matching mechanism
* fix for changes in #12168
* disable broken test from https://github.com/inventree/InvenTree/pull/12169
* revert observability perm change
2026-06-17 09:39:00 +10:00
dependabot[bot]
7da65c8e50
chore(deps): bump cryptography from 48.0.0 to 48.0.1 in /src/backend ( #12176 )
...
* chore(deps): bump cryptography from 48.0.0 to 48.0.1 in /src/backend
Bumps [cryptography](https://github.com/pyca/cryptography ) from 48.0.0 to 48.0.1.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/48.0.0...48.0.1 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-version: 48.0.1
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix style
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com >
2026-06-16 20:47:42 +02:00
Oliver
a8e5c83a94
Stocktake exporter updates ( #12179 )
...
* Optionally exclude zero-stock entries
* Add more columns to exported dataset
* Adjust unit test
* More test fixes
2026-06-16 14:14:51 +10:00
Matthias Mair
92419b3bdf
bump frontend ( #12137 )
...
* bump react-router
* upgrade to remove uuid
* upgrade
* bump a bit more
* lower mantine
2026-06-16 08:35:17 +10:00
Oliver
6c18e64020
Permissions fix ( #12168 )
...
* Tighten API permissions
- Require authenticated user for NotFoundView
- Hide 'active_plugins' behind is_authenticated
* Patch permissions hole in GlobalSettingsPermissions
* Additional API unit tests
* Require auth for observability endpoint
* Add explicit permission for PluginAdminDetail
* Bump API version
* Update unit tests
* Revert changes
2026-06-15 22:06:49 +10:00
Oliver
3c17367e3c
Data import permissions ( #12169 )
...
* Update data importer child permissions
- Row data
- Column data
* Add unit tests
* Cleanup session data after import is completed
* Further scope narrowing
2026-06-15 21:03:44 +10:00
Oliver
aece90512c
[UI] Edit cat param ( #12166 )
...
* Refactor form hook components
* Reset values when opening form
* Rebuild form field
2026-06-15 20:07:40 +10:00
Oliver
d951638e75
Part category parameters ( #12165 )
...
* Add parameter support for PartCategory
* Update frontend
* Bump API version
* Update CHANGELOG
2026-06-15 18:49:01 +10:00
Oliver
0b5db2f16a
Suppress dulwich warnings ( #12163 )
...
- Prevent erroneous dulwich warning messages
2026-06-14 18:20:57 +10:00
Khairil
9706bc672a
fix: support non-integer PKs in NotificationMessage (fixes UUID overflow) ( #12162 )
...
NotificationMessage.target_object_id and source_object_id were typed as
PositiveIntegerField, which overflows when the referenced model uses a
UUID primary key (e.g. MachineConfig). Django's GenericForeignKey stores
the PK as a string in the database, so the field type should be
CharField to accommodate any PK type (int, UUID, slug, etc.).
Changes:
- common/models.py: change target_object_id and source_object_id from
PositiveIntegerField to CharField(max_length=255) on NotificationMessage
- common/migrations/0044: AlterField migration for both columns
- order/tests.py: update assertion from integer 1 to str(1) since
CharField will now store the PK as a string
Fixes #12131
Signed-off-by: kaizeenn <khairil0153@gmail.com >
2026-06-14 18:20:16 +10:00
github-actions[bot]
43396284fa
New Crowdin translations by GitHub Action ( #12156 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-14 17:29:15 +10:00
Oliver
6638dba0b9
SelectionList Updates ( #12139 )
...
* Adjust panel layout
* edit list on click
* Optionally fetch selection list items
* Display in DetailDrawer
* Fix component locations
* Refactor entry table
* Add new entry
* Disable if locked
* Only validate choices if provided via API
* Mark "choices" as read-only
* Prevent delete of locked items
* Add more API unit tests
* Bump API version
* Adjust unit tests
* Default include choices
* Updated playwright test
* Improve test robustness
2026-06-14 12:12:15 +10:00
Oliver
2b4f303770
Improve security posture of PDF reporting ( #12160 )
...
* Add custom URL fetcher for PDF rendering
* Fix for report helper functions
* Use new fetcher
* Additional unit tests
* Add new setting to control remote URL fetching
* validate URLs against SSRF
* Add global setting to disable URL fetching entirely
* Update docs
* Fix capitalization
* Fix logging backend
* Update CHANGELOG
2026-06-14 10:55:51 +10:00