inventree/InvenTree
2
0
Fork 0
mirror of https://github.com/inventree/InvenTree.git synced 2026-04-16 16:28:47 +00:00
Code Activity
17,615 Commits 13 Branches 155 Tags
71373e3c19b5045dc369b98e3e9b3be9854c415c
Commit Graph

1230 Commits

Author SHA1 Message Date
Oliver
71373e3c19 Order line number (#11692) 
* Add "line number" field for external orders

* Updated serializers

* Add columns to UI tables

* Update form fields

* Adds API ordering

* Bump API version

* Update CHANGELOG.md
 2026-04-08 15:36:08 +10:00
Oliver
4d2ed8fcba Update parameter report helper (#11690) 
* Update parameter report helper

- Fallback to case insensitive lookup

* Add default value in case parameter is not found

* Add new report helper func
 2026-04-08 14:14:44 +10:00
Oliver
2753a437cc Fix spelling error in api_version.py (#11689) 2026-04-08 09:24:42 +10:00
Oliver
76b5cfcca2 Merge commit from fork 
* Ensure the MeUserSerializer correctly marks fields as read-only

* Bump API version

* Add unit tests for the "me" endpoint

* Additional unit tests

* Add OPTIONS test
 2026-04-08 08:19:39 +10:00
Nozomu Sasaki (Paul)
427a323914 Merge commit from fork 
* fix(security): use SandboxedEnvironment for PART_NAME_FORMAT rendering

- Switch jinja2.Environment to jinja2.sandbox.SandboxedEnvironment in
  part/helpers.py to prevent SSTI via template tags in PART_NAME_FORMAT.
- Set pk=1 on the dummy Part instance in the validator to ensure
  conditional expressions like {% if part.pk %} are properly evaluated
  during validation, closing the sandbox bypass vector.

Fixes GHSA-84jh-x777-8pqq

* Style fixes

---------

Co-authored-by: Paul <morimori-dev@github.com>
Co-authored-by: Oliver Walters <oliver.henry.walters@gmail.com>
 2026-04-08 08:17:36 +10:00
Oliver
b8ec300fbf Merge commit from fork 
* Add note to plugin docs.

* Adjust logic for PluginListTable

* Add superuser scope to PluginInstall API endpoint

* Update unit test for API endpoint

* Explicitly set PLUGINS_INSTALL_DISABLED if PLUGINS_ENABLED = False

* Check for superuser permission in installer.py

* Additional user checks

* Sanitize package name to protect against OS command injection
 2026-04-08 08:16:07 +10:00
Matthias Mair
9c0cb34106 Merge commit from fork 
* fix behaviour

* style fixes

---------

Co-authored-by: Oliver Walters <oliver.henry.walters@gmail.com>
 2026-04-08 08:13:39 +10:00
Oliver
68031d504f Merge commit from fork 
* Fix SSRF in remote image download

Add IP address validation to prevent Server-Side Request Forgery
when downloading images from remote URLs. The resolved IP is now
checked against private, loopback, link-local, and reserved ranges
before connecting.

Redirects are followed manually (up to 5 hops) with SSRF validation
at each step, preventing redirect-based bypass of URL format checks.

* Style fix

---------

Co-authored-by: tikket1 <chrisveres1@gmail.com>
 2026-04-08 08:11:18 +10:00
Oliver
437dddc75f [UI] Import context (#11685) 
* Refactor ImporterDrawer

- Use a single, globally accessible object
- Provide global state management

* Expose global importer state to the plugin interface

* Improve registration of data import serializers

* Update frontend version / docs

* Bump API version
 2026-04-08 06:01:00 +10:00
Matthias Mair
e91f306245 feat(frontend): improve comms around danger of staff users (#11659) 
* docs: add more details around staff / superuser roles and their dangers

* make clear that staff users are dangerous

* make distinction clearer in API

* add error code and frontend warning about running with staff / admin user

* fix test

* bump api

* adapt banner warning

* make banner locally disableable

* add global option to disable elevated user alert
 2026-04-05 22:51:46 +10:00
github-actions[bot]
d358001827 New Crowdin translations by GitHub Action (#11662) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-04-05 12:08:50 +10:00
Oliver
a721a0fe35 Add documentation on background worker configuration options (#11673) 2026-04-04 12:41:55 +11:00
Oliver
3a1e860789 Storage fixes (#11672) 
* Use storage class rather than manually constructing URL

* Fix for report helpers
 2026-04-04 11:49:21 +11:00
Oliver
bb3293ef31 Updates to part revision support (#11670) 
* Update revision validation

* Refactor UI display

* Fix for usePartFields

* Rearrange part settings

* Better visuals

* Update docs

* use 'full_name' field

* Update playwright tests

* Adjust unit test

* Fix playwright tests
 2026-04-04 00:10:25 +11:00
dependabot[bot]
884b0aa966 chore(deps): bump the dependencies group across 1 directory with 20 updates (#11661) 
* chore(deps): bump the dependencies group across 1 directory with 20 updates

Bumps the dependencies group with 20 updates in the /src/backend directory:

| Package | From | To |
| --- | --- | --- |
| [bleach](https://github.com/mozilla/bleach) | `4.1.0` | `6.3.0` |
| [blessed](https://github.com/jquast/blessed) | `1.33.0` | `1.34.0` |
| [boto3](https://github.com/boto/boto3) | `1.42.72` | `1.42.76` |
| [botocore](https://github.com/boto/botocore) | `1.42.72` | `1.42.76` |
| [djangorestframework](https://github.com/encode/django-rest-framework) | `3.17.0` | `3.17.1` |
| [gunicorn](https://github.com/benoitc/gunicorn) | `25.1.0` | `25.2.0` |
| [importlib-metadata](https://github.com/python/importlib_metadata) | `8.7.1` | `9.0.0` |
| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.33.6` | `7.34.1` |
| [redis](https://github.com/redis/redis-py) | `7.3.0` | `7.4.0` |
| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.55.0` | `2.56.0` |
| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `1.17.3` | `2.1.2` |
| [build](https://github.com/pypa/build) | `1.4.0` | `1.4.2` |
| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.4` | `7.13.5` |
| [django-silk](https://github.com/jazzband/django-silk) | `5.4.3` | `5.5.0` |
| [django-stubs](https://github.com/typeddjango/django-stubs) | `5.2.9` | `6.0.1` |
| [django-stubs-ext](https://github.com/typeddjango/django-stubs) | `5.2.9` | `6.0.1` |
| [filelock](https://github.com/tox-dev/py-filelock) | `3.25.0` | `3.25.2` |
| [identify](https://github.com/pre-commit/identify) | `2.6.17` | `2.6.18` |
| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.1.0` | `1.2.0` |
| [virtualenv](https://github.com/pypa/virtualenv) | `21.1.0` | `21.2.0` |



Updates `bleach` from 4.1.0 to 6.3.0
- [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES)
- [Commits](https://github.com/mozilla/bleach/compare/v4.1.0...v6.3.0)

Updates `blessed` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/jquast/blessed/releases)
- [Changelog](https://github.com/jquast/blessed/blob/master/docs/history.rst)
- [Commits](https://github.com/jquast/blessed/compare/1.33...1.34)

Updates `boto3` from 1.42.72 to 1.42.76
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](https://github.com/boto/boto3/compare/1.42.72...1.42.76)

Updates `botocore` from 1.42.72 to 1.42.76
- [Commits](https://github.com/boto/botocore/compare/1.42.72...1.42.76)

Updates `djangorestframework` from 3.17.0 to 3.17.1
- [Release notes](https://github.com/encode/django-rest-framework/releases)
- [Commits](https://github.com/encode/django-rest-framework/compare/3.17.0...3.17.1)

Updates `gunicorn` from 25.1.0 to 25.2.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](https://github.com/benoitc/gunicorn/compare/25.1.0...25.2.0)

Updates `importlib-metadata` from 8.7.1 to 9.0.0
- [Release notes](https://github.com/python/importlib_metadata/releases)
- [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst)
- [Commits](https://github.com/python/importlib_metadata/compare/v8.7.1...v9.0.0)

Updates `protobuf` from 6.33.6 to 7.34.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `redis` from 7.3.0 to 7.4.0
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](https://github.com/redis/redis-py/compare/v7.3.0...v7.4.0)

Updates `sentry-sdk` from 2.55.0 to 2.56.0
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/2.55.0...2.56.0)

Updates `wrapt` from 1.17.3 to 2.1.2
- [Release notes](https://github.com/GrahamDumpleton/wrapt/releases)
- [Changelog](https://github.com/GrahamDumpleton/wrapt/blob/develop/docs/changes.rst)
- [Commits](https://github.com/GrahamDumpleton/wrapt/compare/1.17.3...2.1.2)

Updates `build` from 1.4.0 to 1.4.2
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/build/compare/1.4.0...1.4.2)

Updates `coverage` from 7.13.4 to 7.13.5
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](https://github.com/coveragepy/coveragepy/compare/7.13.4...7.13.5)

Updates `django-silk` from 5.4.3 to 5.5.0
- [Release notes](https://github.com/jazzband/django-silk/releases)
- [Changelog](https://github.com/jazzband/django-silk/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jazzband/django-silk/compare/5.4.3...5.5.0)

Updates `django-stubs` from 5.2.9 to 6.0.1
- [Release notes](https://github.com/typeddjango/django-stubs/releases)
- [Commits](https://github.com/typeddjango/django-stubs/compare/5.2.9...6.0.1)

Updates `django-stubs-ext` from 5.2.9 to 6.0.1
- [Release notes](https://github.com/typeddjango/django-stubs/releases)
- [Commits](https://github.com/typeddjango/django-stubs/compare/5.2.9...6.0.1)

Updates `filelock` from 3.25.0 to 3.25.2
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](https://github.com/tox-dev/py-filelock/compare/3.25.0...3.25.2)

Updates `identify` from 2.6.17 to 2.6.18
- [Commits](https://github.com/pre-commit/identify/compare/v2.6.17...v2.6.18)

Updates `python-discovery` from 1.1.0 to 1.2.0
- [Release notes](https://github.com/tox-dev/python-discovery/releases)
- [Commits](https://github.com/tox-dev/python-discovery/compare/1.1.0...1.2.0)

Updates `virtualenv` from 21.1.0 to 21.2.0
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](https://github.com/pypa/virtualenv/compare/21.1.0...21.2.0)

---
updated-dependencies:
- dependency-name: bleach
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: blessed
  dependency-version: 1.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: boto3
  dependency-version: 1.42.76
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: botocore
  dependency-version: 1.42.76
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: djangorestframework
  dependency-version: 3.17.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: gunicorn
  dependency-version: 25.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: importlib-metadata
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: protobuf
  dependency-version: 7.34.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: redis
  dependency-version: 7.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: sentry-sdk
  dependency-version: 2.56.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: wrapt
  dependency-version: 2.1.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: build
  dependency-version: 1.4.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: coverage
  dependency-version: 7.13.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: django-silk
  dependency-version: 5.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: django-stubs
  dependency-version: 6.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: django-stubs-ext
  dependency-version: 6.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: filelock
  dependency-version: 3.25.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: identify
  dependency-version: 2.6.18
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: python-discovery
  dependency-version: 1.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: virtualenv
  dependency-version: 21.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix style

* more fixes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
 2026-04-03 14:16:39 +11:00
dependabot[bot]
2eb675ae9e chore(deps): bump pygments from 2.19.2 to 2.20.0 in /docs (#11637) 
* chore(deps): bump pygments from 2.19.2 to 2.20.0 in /docs

Bumps [pygments](https://github.com/pygments/pygments) from 2.19.2 to 2.20.0.
- [Release notes](https://github.com/pygments/pygments/releases)
- [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES)
- [Commits](https://github.com/pygments/pygments/compare/2.19.2...2.20.0)

---
updated-dependencies:
- dependency-name: pygments
  dependency-version: 2.20.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix style

* bump rest of deps

* fix pygments

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
 2026-04-03 14:16:25 +11:00
Matthias Mair
45de695d4f feat(backend): add request id (#11666) 
helpful for https://github.com/inventree/InvenTree/issues/9996
 2026-04-03 14:07:27 +11:00
Oliver
5c55f4f4c0 Migrate plugin tables (#11648) 
* Prevent creation of PluginConfig during migrations

* Refactor data import process

- Split into multiple separate steps

* Load plugins during data load / dump

- Required, otherwise we cannot dump the data

* Refactor export_records

- Use temporary file
- Cleanup docstring

* Force apps check on second validation step

* Improve import sequencing

* Update CI script

* Update migration docs

* CI pipeline for running import/export test

* Fix workflow naming

* Fix env vars

* Add placeholder script

* Fix matrix env vars

* Fix missing env var

* Install required packages

* Fix typo

* Tweak tasks.py

* Install dummy plugin as part of the

* Updated CI workflow

* Validate exported data

* Additional CI process

* Log mandatory plugins to INFO

* Force global setting

* Refactor CI pipeline

* Tweak file test

* Workflow updates

* Enable auto-update

* Test if import/export test should run

* Trigger if tasks.py changes
 2026-04-02 21:26:34 +11:00
github-actions[bot]
9aa2308f52 New Crowdin translations by GitHub Action (#11623) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-04-02 16:56:15 +11:00
Matthias Mair
5d1cbf4e9a refactor(backend): replace bleach with nh3 and bump weasy (#11655) 
* Replace bleach with nh3 for HTML sanitization

Agent-Logs-Url: https://github.com/matmair/InvenTree/sessions/913a447a-5efa-4fa3-b8b1-6af5feaa24f0

Co-authored-by: matmair <66015116+matmair@users.noreply.github.com>

* reduce diff

* bump weasy

* fix name

* remove old textual refs

* move defaults

* add some comments

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
 2026-04-02 15:35:15 +11:00
Matthias Mair
07a0bd2e24 remove duplicate requirements (#11654) 2026-04-02 10:46:41 +11:00
Oliver
c8bcb924ca Reduce load on background worker (#11651) 
* Do not save setting with identical value

* Prevent task duplication

* Logic fixes

* Add unit test for task de-duplication

* Updated unit test
 2026-04-01 17:42:48 +11:00
Oliver
080edc870f Better ordering for plugin settings (#11646) 
* Better ordering for plugin settings

- Followup to https://github.com/inventree/InvenTree/pull/11643
- Use order as provided by plugin

* Bug fix
 2026-04-01 16:18:55 +11:00
Oliver
6243aec9b7 Shipment parameters (#11641) 
* Add 'parameter' support for SalesOrderShipment model

* Add "parameters" tab for shipment view

* Playwright test

* Update CHANGELOG

* Update API version

* Install gettext

* Try yaml format

* Revert "Try yaml format"

This reverts commit 394a5551c8.

---------

Co-authored-by: Matthias Mair <code@mjmair.com>
 2026-04-01 10:31:49 +11:00
Matthias Mair
1f01229d30 fix(backend): API description ordering more deterministic (#11649) 
* fix(backend): API description ordering more deterministic

* bump API

* Update API version history in api_version.py
 2026-04-01 08:54:44 +11:00
Oliver
5f3e9a0652 Enforce deterministic ordering for plugin settings (#11643) 
* Enforce deterministic ordering for plugin settings

* Fix typo
 2026-03-31 20:45:25 +11:00
Oliver
092c43b49a Update "date" field for StockItemTestResult (#11586) 
* Update "date" field for StockItemTestResult

- Allow editing of date (via admin)

* Mark 'date' and 'user' as read-only unless importing

* Revert API field name

* Fix default value

* Fix migration

---------

Co-authored-by: Matthias Mair <code@mjmair.com>
 2026-03-31 07:13:12 +11:00
Oliver
77744aeeac Enhancements for recort import/export (#11630) 
* Add management command to list installed apps

* Add metadata to exported data file

* Validate metadata for imported file

* Update CHANGELOG.md

* Update docs

* Use internal codes

* Refactor and add more metadata

* Adjust github action workflow

* Run with --force option to setup demo dataset
 2026-03-31 00:18:48 +11:00
Oliver
67d6026637 Remove duplicate entries in the API version list (#11629) 2026-03-30 19:58:57 +11:00
Oliver
dab4319033 Receive virtual parts (#11627) 
* Handle receive of virtual parts

- Update line item quantity
- Do not add any stock

* Add unit test

* Additional unit test

* UI form improvements

* Add playwright test

* Updated playwright tests
 2026-03-30 19:10:56 +11:00
dependabot[bot]
b4f230753f chore(deps): bump cryptography from 46.0.5 to 46.0.6 in /src/backend (#11619) 
* chore(deps): bump cryptography from 46.0.5 to 46.0.6 in /src/backend

Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.6.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/46.0.5...46.0.6)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix style

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
 2026-03-30 09:24:07 +11:00
github-actions[bot]
b4ab985e1e New Crowdin translations by GitHub Action (#11593) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-03-29 17:49:33 +11:00
Matthias Mair
e3c9a35bae feat(backend): add inventree version to every response (#11611) 
* feat(backend): add inventree version to every response

* add more info
 2026-03-29 14:27:05 +11:00
dependabot[bot]
100555c9db chore(deps): bump pypdf from 6.9.1 to 6.9.2 in /src/backend (#11608) 
* chore(deps): bump pypdf from 6.9.1 to 6.9.2 in /src/backend

Bumps [pypdf](https://github.com/py-pdf/pypdf) from 6.9.1 to 6.9.2.
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2)

---
updated-dependencies:
- dependency-name: pypdf
  dependency-version: 6.9.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix style

* add playwright test

* Revert "add playwright test"

This reverts commit f0c661d6eb.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
 2026-03-27 07:29:54 +11:00
dependabot[bot]
d2e8c75de4 chore(deps): bump requests from 2.32.5 to 2.33.0 in /src/backend (#11609) 
* chore(deps): bump requests from 2.32.5 to 2.33.0 in /src/backend

Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.32.5...v2.33.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* style fix

* reduce diff

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
 2026-03-27 07:29:32 +11:00
Oliver
a1ec46a6b8 isGeneratingSchema fix (#11606) 
- Ignore sqlflush command
 2026-03-25 01:09:00 +11:00
Oliver
8ec61aca0a Update DataExport functionality (#11604) 
* Update DataExport functionality

- Chunk queryset into memory

* Allow larger number of queries for chunked database fetching

* Handle possible exception in unit testing
 2026-03-25 00:35:08 +11:00
Oliver
b98fc9c7a0 Restrict queryset for DataImportSession (#11602) 
* Restrict queryset for DataImportSession

- Only allow non-staff users to see their own sessions

* Add unit test

* raise PermissionDenied if no user info available
 2026-03-24 23:28:58 +11:00
Matthias Mair
ae593bd7c4 chore(backend): full backend/image bump (#11571) 
* full bump

* bump base image

* update comment

* fix ty errors

* lower allauth
 2026-03-23 21:46:45 +11:00
Oliver
1e0a0aa79d Add option to "asset" tag to control error raising (#11591) 2026-03-22 17:15:14 +11:00
github-actions[bot]
0feba9fbfb New Crowdin translations by GitHub Action (#11498) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-03-22 13:31:14 +11:00
Oliver
8e289a3208 [API] Category star fix (#11588) 
* [API] Bug fix for PartStar and PartCategoryStar

- Logic refactor and fixes

* Add playwright tests

* Remove debug statements

* Revert API string changes
 2026-03-21 23:47:11 +11:00
Bradley Zylstra
cf619b4184 [Bug] Import-records fix when importing from older InvenTree+Postgres version (#10862) 
* Fixed issue where importing data from older versions of InvenTree+Postgres would fail

* Update tasks.py

Changed .startswith to exact matching for users.userprofile.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update tasks.py

Added validation checks to user primary key pairing dict.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Reverted tasks.py, disabled signals in user model when importing data

---------

Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-21 22:46:03 +11:00
Oliver
3a3816307e Make WAL mode configurable for sqlite (#11585) 2026-03-21 19:46:22 +11:00
Oliver
6d8606bbe4 Refactoring for report helper functions (#11579) 
* Refactoring for media file report helper functions

* Updated unit tests

* Improved error handling

* Generic path return for asset

* Fix return type annotations

* Fix existing test

* Tweaked unit test

* Collect static files in CI

* Run static step for all DB tests

* Update action.yaml

* Fix for action.yaml

* Updated unit tests
 2026-03-21 17:38:41 +11:00
Oliver
5adf33d354 Improvements for get_bulk_queryset (#11581) 
* Improvements for get_bulk_queryset

- Limit scope to base view queryset
- Remove ability to provide arbitrary filters
- Remove feedback if zero items are found

* Adjust unit test

* Remove filter test

* Update CHANGELOG.md
 2026-03-21 17:17:35 +11:00
Oliver
c5bf915d10 Adjust DataOutput API endpoint (#11580) 
* DataOutput API fix

- Prevent non-staff users from accessing unrelated DataOutput instances

* Add unit tests
 2026-03-21 15:14:59 +11:00
Oliver
5f9972e75e [plugin] Cache busting for plugin static files (#11565) 
* Add helper to check the existence of a static file

* Log error if plugin static file does not exist

* Support cache busting for plugin files

* Use Pathlib instead

* Improve generic URL resolution

* Add unit test
 2026-03-20 15:42:15 +11:00
Oliver
fc730b9af7 Save user info (#11572) 
* Record user info when creating stock item

* Add unit test

* Add playwright test
 2026-03-20 15:41:44 +11:00
Oliver
8c2592b3c2 Fix parent field for StockItemSerializer (#11573) 
* Fix parent field for StockItemSerializer

- Closes https://github.com/inventree/InvenTree/issues/11507

* Bump API version
 2026-03-20 15:41:35 +11:00