inventree/InvenTree
2
0
Fork 0
mirror of https://github.com/inventree/InvenTree.git synced 2026-04-13 14:58:47 +00:00
Code Activity
17,635 Commits 10 Branches 155 Tags
8e1e5b73ffcb6d2a438433d0b4749871c750b576
Commit Graph

17635 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
8e1e5b73ff chore(deps): bump the dependencies group across 3 directories with 19 updates (#11714) 
* chore(deps): bump the dependencies group across 3 directories with 19 updates

Bumps the dependencies group with 1 update in the /contrib/dev_reqs directory: [requests](https://github.com/psf/requests).
Bumps the dependencies group with 2 updates in the /docs directory: [mkdocs-include-markdown-plugin](https://github.com/mondeja/mkdocs-include-markdown-plugin) and [mkdocs-redirects](https://github.com/ProperDocs/properdocs-redirects).
Bumps the dependencies group with 17 updates in the /src/backend directory:

| Package | From | To |
| --- | --- | --- |
| [requests](https://github.com/psf/requests) | `2.33.0` | `2.33.1` |
| [bleach](https://github.com/mozilla/bleach) | `4.1.0` | `6.3.0` |
| [blessed](https://github.com/jquast/blessed) | `1.34.0` | `1.38.0` |
| [boto3](https://github.com/boto/boto3) | `1.42.77` | `1.42.82` |
| [botocore](https://github.com/boto/botocore) | `1.42.77` | `1.42.82` |
| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.6` | `3.4.7` |
| [googleapis-common-protos](https://github.com/googleapis/google-cloud-python) | `1.73.1` | `1.74.0` |
| [grpcio](https://github.com/grpc/grpc) | `1.78.0` | `1.80.0` |
| [importlib-metadata](https://github.com/python/importlib_metadata) | `8.7.1` | `9.0.0` |
| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |
| [pip-licenses](https://github.com/raimon49/pip-licenses) | `5.5.1` | `5.5.5` |
| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.33.6` | `7.34.1` |
| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.56.0` | `2.57.0` |
| [tzdata](https://github.com/python/tzdata) | `2025.3` | `2026.1` |
| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `1.17.3` | `2.1.2` |
| [django-stubs](https://github.com/typeddjango/django-stubs) | `6.0.1` | `6.0.2` |
| [django-stubs-ext](https://github.com/typeddjango/django-stubs) | `6.0.1` | `6.0.2` |



Updates `requests` from 2.33.0 to 2.33.1
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.33.0...v2.33.1)

Updates `mkdocs-include-markdown-plugin` from 7.2.1 to 7.2.2
- [Release notes](https://github.com/mondeja/mkdocs-include-markdown-plugin/releases)
- [Commits](https://github.com/mondeja/mkdocs-include-markdown-plugin/compare/v7.2.1...v7.2.2)

Updates `mkdocs-redirects` from 1.2.2 to 1.2.3
- [Release notes](https://github.com/ProperDocs/properdocs-redirects/releases)
- [Commits](https://github.com/ProperDocs/properdocs-redirects/compare/v1.2.2...v1.2.3)

Updates `requests` from 2.33.0 to 2.33.1
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.33.0...v2.33.1)

Updates `bleach` from 4.1.0 to 6.3.0
- [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES)
- [Commits](https://github.com/mozilla/bleach/compare/v4.1.0...v6.3.0)

Updates `blessed` from 1.34.0 to 1.38.0
- [Release notes](https://github.com/jquast/blessed/releases)
- [Changelog](https://github.com/jquast/blessed/blob/master/docs/history.rst)
- [Commits](https://github.com/jquast/blessed/compare/1.34...1.38)

Updates `boto3` from 1.42.77 to 1.42.82
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](https://github.com/boto/boto3/compare/1.42.77...1.42.82)

Updates `botocore` from 1.42.77 to 1.42.82
- [Commits](https://github.com/boto/botocore/compare/1.42.77...1.42.82)

Updates `charset-normalizer` from 3.4.6 to 3.4.7
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.6...3.4.7)

Updates `googleapis-common-protos` from 1.73.1 to 1.74.0
- [Release notes](https://github.com/googleapis/google-cloud-python/releases)
- [Changelog](https://github.com/googleapis/google-cloud-python/blob/main/packages/google-cloud-documentai/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-cloud-python/compare/googleapis-common-protos-v1.73.1...googleapis-common-protos-v1.74.0)

Updates `grpcio` from 1.78.0 to 1.80.0
- [Release notes](https://github.com/grpc/grpc/releases)
- [Commits](https://github.com/grpc/grpc/compare/v1.78.0...v1.80.0)

Updates `importlib-metadata` from 8.7.1 to 9.0.0
- [Release notes](https://github.com/python/importlib_metadata/releases)
- [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst)
- [Commits](https://github.com/python/importlib_metadata/compare/v8.7.1...v9.0.0)

Updates `pillow` from 12.1.1 to 12.2.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0)

Updates `pip-licenses` from 5.5.1 to 5.5.5
- [Release notes](https://github.com/raimon49/pip-licenses/releases)
- [Changelog](https://github.com/raimon49/pip-licenses/blob/master/CHANGELOG.md)
- [Commits](https://github.com/raimon49/pip-licenses/compare/v-5.5.1...v-5.5.5)

Updates `protobuf` from 6.33.6 to 7.34.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `sentry-sdk` from 2.56.0 to 2.57.0
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/2.56.0...2.57.0)

Updates `tzdata` from 2025.3 to 2026.1
- [Release notes](https://github.com/python/tzdata/releases)
- [Changelog](https://github.com/python/tzdata/blob/master/NEWS.md)
- [Commits](https://github.com/python/tzdata/compare/2025.3...2026.1)

Updates `wrapt` from 1.17.3 to 2.1.2
- [Release notes](https://github.com/GrahamDumpleton/wrapt/releases)
- [Changelog](https://github.com/GrahamDumpleton/wrapt/blob/develop/docs/changes.rst)
- [Commits](https://github.com/GrahamDumpleton/wrapt/compare/1.17.3...2.1.2)

Updates `django-stubs` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/typeddjango/django-stubs/releases)
- [Commits](https://github.com/typeddjango/django-stubs/compare/6.0.1...6.0.2)

Updates `django-stubs-ext` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/typeddjango/django-stubs/releases)
- [Commits](https://github.com/typeddjango/django-stubs/compare/6.0.1...6.0.2)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.33.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: mkdocs-include-markdown-plugin
  dependency-version: 7.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: mkdocs-redirects
  dependency-version: 1.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: requests
  dependency-version: 2.33.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: bleach
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: blessed
  dependency-version: 1.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: boto3
  dependency-version: 1.42.82
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: botocore
  dependency-version: 1.42.82
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: charset-normalizer
  dependency-version: 3.4.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: googleapis-common-protos
  dependency-version: 1.74.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: grpcio
  dependency-version: 1.80.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: importlib-metadata
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: pillow
  dependency-version: 12.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: pip-licenses
  dependency-version: 5.5.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: protobuf
  dependency-version: 7.34.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: sentry-sdk
  dependency-version: 2.57.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: tzdata
  dependency-version: '2026.1'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: wrapt
  dependency-version: 2.1.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: django-stubs
  dependency-version: 6.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: django-stubs-ext
  dependency-version: 6.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix style

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
 2026-04-11 09:49:53 +10:00
Oliver
e6e775c1c0 Tweak admin for SelectionList model (#11712) 2026-04-10 14:33:22 +10:00
gunstr
16310617be Worker debugging (#11677) 
* Add debugging info for background workers to the devcontainer docs

* Add debugging info the the EventMixin docs

* Add an option to set sync=True to launch.json
 2026-04-10 11:38:35 +10:00
Oliver
01bb113396 [UI] Adjust "superuser warning" banner (#11696) 
* Fix typo

- evelevated -> elevated

* Add playwright test

* Add new control settings
 2026-04-10 11:37:37 +10:00
Oliver
9965ebcfa1 Selection lists updates (#11705) 
* Add search capability to selection list entry endpoint

* Use API lookup for selection entries

* Add renderer func

* Allow API filtering

* Fetch selectionentry data related to the selected data item

* remove now unneeded entry

* add missing modelinfo

* fix ref

* add api bump

* Provide optional single fetch function to API forms

- Useful if we need to perform a custom API call for initial data

* django-admin support for SelectionList

* Docstring improvements

* Apply 'active' filter

* Tweak api version entry

* Playwright tests

* Tweak docs wording

* Fix incorrect docstring

* Adjust playwright tests

---------

Co-authored-by: Matthias Mair <code@mjmair.com>
 2026-04-10 09:22:12 +10:00
Oliver
6701f4085d Improvements for data import (#11710) 
- Do not double migrate if no plugin data imported
- Prevent settings write on a settings read
 2026-04-10 09:21:57 +10:00
Oliver
1aa1296be8 Additional shipment helpers for order models (#11711) 2026-04-10 09:21:43 +10:00
Oliver
4b3b03ed4b Invoke verbosity (#11706) 
* Reduce verbosity of invoke tasks

- Suppress some django messages which are not useful to most users
- Verbosity can be added with --verbose flag

* Further improvements

* Better messaging

* Extra options

* No!
 2026-04-10 07:58:53 +10:00
dependabot[bot]
8d24abcb2a chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /src/backend (#11701) 
* chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /src/backend

Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.6 to 46.0.7.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/46.0.6...46.0.7)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* bump the rest

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
 2026-04-10 07:20:24 +10:00
Oliver
9ce5f27375 Template Updates (#11702) 
* Display filename pattern in template tables

* Add user update tracking to template models

* Update API / serializers

* Capture user information via API

* Display update information in tables

* Bump API version and CHANGELOG.md

* Prevent double increment of revision

* Fix
 2026-04-09 16:10:23 +10:00
Oliver
cdb8ad4c30 Update report example (#11704) 
* Update report example

* Fix typo
 2026-04-09 13:31:25 +10:00
Oliver
7da430f0e7 Adjust excludes in tasks.py (#11703) 
- Closes https://github.com/inventree/InvenTree/issues/11700
 2026-04-09 12:17:20 +10:00
dependabot[bot]
2466059e4e chore(deps-dev): bump vite from 7.1.11 to 7.3.2 in /src/frontend (#11679) 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.1.11 to 7.3.2.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.2/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.3.2
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
 2026-04-09 08:34:55 +10:00
Matthias Mair
ff2c3c7592 bump backend pkg (#11699) 
* bump django

* bump jwcrypto
 2026-04-09 08:34:30 +10:00
Oliver
cc77d1d5e6 [UI] Pass custom fields through to the importer session (#11688) 
* [UI] Pass custom fields through to the importer session

* Support custom model rendering within the data import wizard

* Update CHANGELOG.md

* Update UI version
 2026-04-08 23:50:16 +10:00
Oliver
b9a66da833 Fix storage helpers (#11697) 
* Fix storage helpers

- Remove os.path reliance
- Move to standard django accessors

* Refactor rebuild_thumbnails
 2026-04-08 22:54:42 +10:00
github-actions[bot]
91bf7619dc New Crowdin translations by GitHub Action (#11675) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-04-08 21:46:56 +10:00
Oliver
343f0975b6 Export fix (#11693) 
* Fix for ManufacturerPartList

- Support data export via API

* Add playwright tests

* Bump API version
 2026-04-08 19:16:31 +10:00
Oliver
360beeaf52 Table icon fix (#11694) 2026-04-08 19:16:10 +10:00
dependabot[bot]
fea08653c0 chore(deps): bump the dependencies group across 1 directory with 9 updates (#11671) 
* chore(deps): bump the dependencies group across 1 directory with 9 updates

Bumps the dependencies group with 9 updates in the /src/backend directory:

| Package | From | To |
| --- | --- | --- |
| [gunicorn](https://github.com/benoitc/gunicorn) | `25.2.0` | `25.3.0` |
| [bleach](https://github.com/mozilla/bleach) | `4.1.0` | `6.3.0` |
| [boto3](https://github.com/boto/boto3) | `1.42.76` | `1.42.77` |
| [botocore](https://github.com/boto/botocore) | `1.42.76` | `1.42.77` |
| [googleapis-common-protos](https://github.com/googleapis/google-cloud-python) | `1.73.0` | `1.73.1` |
| [importlib-metadata](https://github.com/python/importlib_metadata) | `8.7.1` | `9.0.0` |
| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.33.6` | `7.34.1` |
| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `1.17.3` | `2.1.2` |
| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.2.0` | `1.2.1` |



Updates `gunicorn` from 25.2.0 to 25.3.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](https://github.com/benoitc/gunicorn/compare/25.2.0...25.3.0)

Updates `bleach` from 4.1.0 to 6.3.0
- [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES)
- [Commits](https://github.com/mozilla/bleach/compare/v4.1.0...v6.3.0)

Updates `boto3` from 1.42.76 to 1.42.77
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](https://github.com/boto/boto3/compare/1.42.76...1.42.77)

Updates `botocore` from 1.42.76 to 1.42.77
- [Commits](https://github.com/boto/botocore/compare/1.42.76...1.42.77)

Updates `googleapis-common-protos` from 1.73.0 to 1.73.1
- [Release notes](https://github.com/googleapis/google-cloud-python/releases)
- [Changelog](https://github.com/googleapis/google-cloud-python/blob/main/packages/google-cloud-documentai/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-cloud-python/compare/googleapis-common-protos-v1.73.0...googleapis-common-protos-v1.73.1)

Updates `importlib-metadata` from 8.7.1 to 9.0.0
- [Release notes](https://github.com/python/importlib_metadata/releases)
- [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst)
- [Commits](https://github.com/python/importlib_metadata/compare/v8.7.1...v9.0.0)

Updates `protobuf` from 6.33.6 to 7.34.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `wrapt` from 1.17.3 to 2.1.2
- [Release notes](https://github.com/GrahamDumpleton/wrapt/releases)
- [Changelog](https://github.com/GrahamDumpleton/wrapt/blob/develop/docs/changes.rst)
- [Commits](https://github.com/GrahamDumpleton/wrapt/compare/1.17.3...2.1.2)

Updates `python-discovery` from 1.2.0 to 1.2.1
- [Release notes](https://github.com/tox-dev/python-discovery/releases)
- [Commits](https://github.com/tox-dev/python-discovery/compare/1.2.0...1.2.1)

---
updated-dependencies:
- dependency-name: gunicorn
  dependency-version: 25.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: bleach
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: boto3
  dependency-version: 1.42.77
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: botocore
  dependency-version: 1.42.77
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: googleapis-common-protos
  dependency-version: 1.73.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: importlib-metadata
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: protobuf
  dependency-version: 7.34.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: wrapt
  dependency-version: 2.1.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: python-discovery
  dependency-version: 1.2.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix style

* fix style

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
 2026-04-08 17:28:59 +10:00
Oliver
71373e3c19 Order line number (#11692) 
* Add "line number" field for external orders

* Updated serializers

* Add columns to UI tables

* Update form fields

* Adds API ordering

* Bump API version

* Update CHANGELOG.md
 2026-04-08 15:36:08 +10:00
Oliver
4d2ed8fcba Update parameter report helper (#11690) 
* Update parameter report helper

- Fallback to case insensitive lookup

* Add default value in case parameter is not found

* Add new report helper func
 2026-04-08 14:14:44 +10:00
Oliver
2753a437cc Fix spelling error in api_version.py (#11689) 2026-04-08 09:24:42 +10:00
Oliver
76b5cfcca2 Merge commit from fork 
* Ensure the MeUserSerializer correctly marks fields as read-only

* Bump API version

* Add unit tests for the "me" endpoint

* Additional unit tests

* Add OPTIONS test
 2026-04-08 08:19:39 +10:00
Nozomu Sasaki (Paul)
427a323914 Merge commit from fork 
* fix(security): use SandboxedEnvironment for PART_NAME_FORMAT rendering

- Switch jinja2.Environment to jinja2.sandbox.SandboxedEnvironment in
  part/helpers.py to prevent SSTI via template tags in PART_NAME_FORMAT.
- Set pk=1 on the dummy Part instance in the validator to ensure
  conditional expressions like {% if part.pk %} are properly evaluated
  during validation, closing the sandbox bypass vector.

Fixes GHSA-84jh-x777-8pqq

* Style fixes

---------

Co-authored-by: Paul <morimori-dev@github.com>
Co-authored-by: Oliver Walters <oliver.henry.walters@gmail.com>
 2026-04-08 08:17:36 +10:00
Oliver
b8ec300fbf Merge commit from fork 
* Add note to plugin docs.

* Adjust logic for PluginListTable

* Add superuser scope to PluginInstall API endpoint

* Update unit test for API endpoint

* Explicitly set PLUGINS_INSTALL_DISABLED if PLUGINS_ENABLED = False

* Check for superuser permission in installer.py

* Additional user checks

* Sanitize package name to protect against OS command injection
 2026-04-08 08:16:07 +10:00
Matthias Mair
9c0cb34106 Merge commit from fork 
* fix behaviour

* style fixes

---------

Co-authored-by: Oliver Walters <oliver.henry.walters@gmail.com>
 2026-04-08 08:13:39 +10:00
Oliver
68031d504f Merge commit from fork 
* Fix SSRF in remote image download

Add IP address validation to prevent Server-Side Request Forgery
when downloading images from remote URLs. The resolved IP is now
checked against private, loopback, link-local, and reserved ranges
before connecting.

Redirects are followed manually (up to 5 hops) with SSRF validation
at each step, preventing redirect-based bypass of URL format checks.

* Style fix

---------

Co-authored-by: tikket1 <chrisveres1@gmail.com>
 2026-04-08 08:11:18 +10:00
Oliver
437dddc75f [UI] Import context (#11685) 
* Refactor ImporterDrawer

- Use a single, globally accessible object
- Provide global state management

* Expose global importer state to the plugin interface

* Improve registration of data import serializers

* Update frontend version / docs

* Bump API version
 2026-04-08 06:01:00 +10:00
dependabot[bot]
448d775690 chore(deps): bump the dependencies group with 5 updates (#11680) 
Bumps the dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.1.0` | `4.1.1` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.2` | `6.0.0` |
| [hynek/setup-cached-uv](https://github.com/hynek/setup-cached-uv) | `2.3.0` | `2.5.0` |
| [github/codeql-action](https://github.com/github/codeql-action) | `4.31.10` | `4.35.1` |
| [crowdin/github-action](https://github.com/crowdin/github-action) | `2.15.2` | `2.16.0` |


Updates `sigstore/cosign-installer` from 4.1.0 to 4.1.1
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](ba7bc0a3fe...cad07c2e89)

Updates `codecov/codecov-action` from 5.5.2 to 6.0.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](671740ac38...57e3a136b7)

Updates `hynek/setup-cached-uv` from 2.3.0 to 2.5.0
- [Release notes](https://github.com/hynek/setup-cached-uv/releases)
- [Changelog](https://github.com/hynek/setup-cached-uv/blob/main/CHANGELOG.md)
- [Commits](757bedc3f9...4300ec2180)

Updates `github/codeql-action` from 4.31.10 to 4.35.1
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](cdefb33c0f...c10b8064de)

Updates `crowdin/github-action` from 2.15.2 to 2.16.0
- [Release notes](https://github.com/crowdin/github-action/releases)
- [Commits](ce33ce793a...7ca9c452bf)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: hynek/setup-cached-uv
  dependency-version: 2.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github/codeql-action
  dependency-version: 4.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: crowdin/github-action
  dependency-version: 2.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-07 08:05:31 +10:00
Oliver
8896a494e8 Skip import for zero length records (#11676) 2026-04-06 14:29:50 +10:00
Matthias Mair
e91f306245 feat(frontend): improve comms around danger of staff users (#11659) 
* docs: add more details around staff / superuser roles and their dangers

* make clear that staff users are dangerous

* make distinction clearer in API

* add error code and frontend warning about running with staff / admin user

* fix test

* bump api

* adapt banner warning

* make banner locally disableable

* add global option to disable elevated user alert
 2026-04-05 22:51:46 +10:00
github-actions[bot]
d358001827 New Crowdin translations by GitHub Action (#11662) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-04-05 12:08:50 +10:00
Oliver
a721a0fe35 Add documentation on background worker configuration options (#11673) 2026-04-04 12:41:55 +11:00
Oliver
3a1e860789 Storage fixes (#11672) 
* Use storage class rather than manually constructing URL

* Fix for report helpers
 2026-04-04 11:49:21 +11:00
Oliver
bb3293ef31 Updates to part revision support (#11670) 
* Update revision validation

* Refactor UI display

* Fix for usePartFields

* Rearrange part settings

* Better visuals

* Update docs

* use 'full_name' field

* Update playwright tests

* Adjust unit test

* Fix playwright tests
 2026-04-04 00:10:25 +11:00
Oliver
9c1d8c1b1d Docs updates (#11669) 
- Add notes about optional BOM items
 2026-04-03 14:40:43 +11:00
Oliver
4c456bb356 Update CHANGELOG.md (#11668) 
- Follow-up to https://github.com/inventree/InvenTree/pull/11648
 2026-04-03 14:37:54 +11:00
dependabot[bot]
884b0aa966 chore(deps): bump the dependencies group across 1 directory with 20 updates (#11661) 
* chore(deps): bump the dependencies group across 1 directory with 20 updates

Bumps the dependencies group with 20 updates in the /src/backend directory:

| Package | From | To |
| --- | --- | --- |
| [bleach](https://github.com/mozilla/bleach) | `4.1.0` | `6.3.0` |
| [blessed](https://github.com/jquast/blessed) | `1.33.0` | `1.34.0` |
| [boto3](https://github.com/boto/boto3) | `1.42.72` | `1.42.76` |
| [botocore](https://github.com/boto/botocore) | `1.42.72` | `1.42.76` |
| [djangorestframework](https://github.com/encode/django-rest-framework) | `3.17.0` | `3.17.1` |
| [gunicorn](https://github.com/benoitc/gunicorn) | `25.1.0` | `25.2.0` |
| [importlib-metadata](https://github.com/python/importlib_metadata) | `8.7.1` | `9.0.0` |
| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.33.6` | `7.34.1` |
| [redis](https://github.com/redis/redis-py) | `7.3.0` | `7.4.0` |
| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.55.0` | `2.56.0` |
| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `1.17.3` | `2.1.2` |
| [build](https://github.com/pypa/build) | `1.4.0` | `1.4.2` |
| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.4` | `7.13.5` |
| [django-silk](https://github.com/jazzband/django-silk) | `5.4.3` | `5.5.0` |
| [django-stubs](https://github.com/typeddjango/django-stubs) | `5.2.9` | `6.0.1` |
| [django-stubs-ext](https://github.com/typeddjango/django-stubs) | `5.2.9` | `6.0.1` |
| [filelock](https://github.com/tox-dev/py-filelock) | `3.25.0` | `3.25.2` |
| [identify](https://github.com/pre-commit/identify) | `2.6.17` | `2.6.18` |
| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.1.0` | `1.2.0` |
| [virtualenv](https://github.com/pypa/virtualenv) | `21.1.0` | `21.2.0` |



Updates `bleach` from 4.1.0 to 6.3.0
- [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES)
- [Commits](https://github.com/mozilla/bleach/compare/v4.1.0...v6.3.0)

Updates `blessed` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/jquast/blessed/releases)
- [Changelog](https://github.com/jquast/blessed/blob/master/docs/history.rst)
- [Commits](https://github.com/jquast/blessed/compare/1.33...1.34)

Updates `boto3` from 1.42.72 to 1.42.76
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](https://github.com/boto/boto3/compare/1.42.72...1.42.76)

Updates `botocore` from 1.42.72 to 1.42.76
- [Commits](https://github.com/boto/botocore/compare/1.42.72...1.42.76)

Updates `djangorestframework` from 3.17.0 to 3.17.1
- [Release notes](https://github.com/encode/django-rest-framework/releases)
- [Commits](https://github.com/encode/django-rest-framework/compare/3.17.0...3.17.1)

Updates `gunicorn` from 25.1.0 to 25.2.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](https://github.com/benoitc/gunicorn/compare/25.1.0...25.2.0)

Updates `importlib-metadata` from 8.7.1 to 9.0.0
- [Release notes](https://github.com/python/importlib_metadata/releases)
- [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst)
- [Commits](https://github.com/python/importlib_metadata/compare/v8.7.1...v9.0.0)

Updates `protobuf` from 6.33.6 to 7.34.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `redis` from 7.3.0 to 7.4.0
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](https://github.com/redis/redis-py/compare/v7.3.0...v7.4.0)

Updates `sentry-sdk` from 2.55.0 to 2.56.0
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/2.55.0...2.56.0)

Updates `wrapt` from 1.17.3 to 2.1.2
- [Release notes](https://github.com/GrahamDumpleton/wrapt/releases)
- [Changelog](https://github.com/GrahamDumpleton/wrapt/blob/develop/docs/changes.rst)
- [Commits](https://github.com/GrahamDumpleton/wrapt/compare/1.17.3...2.1.2)

Updates `build` from 1.4.0 to 1.4.2
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/build/compare/1.4.0...1.4.2)

Updates `coverage` from 7.13.4 to 7.13.5
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](https://github.com/coveragepy/coveragepy/compare/7.13.4...7.13.5)

Updates `django-silk` from 5.4.3 to 5.5.0
- [Release notes](https://github.com/jazzband/django-silk/releases)
- [Changelog](https://github.com/jazzband/django-silk/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jazzband/django-silk/compare/5.4.3...5.5.0)

Updates `django-stubs` from 5.2.9 to 6.0.1
- [Release notes](https://github.com/typeddjango/django-stubs/releases)
- [Commits](https://github.com/typeddjango/django-stubs/compare/5.2.9...6.0.1)

Updates `django-stubs-ext` from 5.2.9 to 6.0.1
- [Release notes](https://github.com/typeddjango/django-stubs/releases)
- [Commits](https://github.com/typeddjango/django-stubs/compare/5.2.9...6.0.1)

Updates `filelock` from 3.25.0 to 3.25.2
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](https://github.com/tox-dev/py-filelock/compare/3.25.0...3.25.2)

Updates `identify` from 2.6.17 to 2.6.18
- [Commits](https://github.com/pre-commit/identify/compare/v2.6.17...v2.6.18)

Updates `python-discovery` from 1.1.0 to 1.2.0
- [Release notes](https://github.com/tox-dev/python-discovery/releases)
- [Commits](https://github.com/tox-dev/python-discovery/compare/1.1.0...1.2.0)

Updates `virtualenv` from 21.1.0 to 21.2.0
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](https://github.com/pypa/virtualenv/compare/21.1.0...21.2.0)

---
updated-dependencies:
- dependency-name: bleach
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: blessed
  dependency-version: 1.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: boto3
  dependency-version: 1.42.76
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: botocore
  dependency-version: 1.42.76
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: djangorestframework
  dependency-version: 3.17.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: gunicorn
  dependency-version: 25.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: importlib-metadata
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: protobuf
  dependency-version: 7.34.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: redis
  dependency-version: 7.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: sentry-sdk
  dependency-version: 2.56.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: wrapt
  dependency-version: 2.1.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: build
  dependency-version: 1.4.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: coverage
  dependency-version: 7.13.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: django-silk
  dependency-version: 5.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: django-stubs
  dependency-version: 6.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: django-stubs-ext
  dependency-version: 6.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: filelock
  dependency-version: 3.25.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: identify
  dependency-version: 2.6.18
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: python-discovery
  dependency-version: 1.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: virtualenv
  dependency-version: 21.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix style

* more fixes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
 2026-04-03 14:16:39 +11:00
dependabot[bot]
2eb675ae9e chore(deps): bump pygments from 2.19.2 to 2.20.0 in /docs (#11637) 
* chore(deps): bump pygments from 2.19.2 to 2.20.0 in /docs

Bumps [pygments](https://github.com/pygments/pygments) from 2.19.2 to 2.20.0.
- [Release notes](https://github.com/pygments/pygments/releases)
- [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES)
- [Commits](https://github.com/pygments/pygments/compare/2.19.2...2.20.0)

---
updated-dependencies:
- dependency-name: pygments
  dependency-version: 2.20.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix style

* bump rest of deps

* fix pygments

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
 2026-04-03 14:16:25 +11:00
Matthias Mair
45de695d4f feat(backend): add request id (#11666) 
helpful for https://github.com/inventree/InvenTree/issues/9996
 2026-04-03 14:07:27 +11:00
Oliver
5c55f4f4c0 Migrate plugin tables (#11648) 
* Prevent creation of PluginConfig during migrations

* Refactor data import process

- Split into multiple separate steps

* Load plugins during data load / dump

- Required, otherwise we cannot dump the data

* Refactor export_records

- Use temporary file
- Cleanup docstring

* Force apps check on second validation step

* Improve import sequencing

* Update CI script

* Update migration docs

* CI pipeline for running import/export test

* Fix workflow naming

* Fix env vars

* Add placeholder script

* Fix matrix env vars

* Fix missing env var

* Install required packages

* Fix typo

* Tweak tasks.py

* Install dummy plugin as part of the

* Updated CI workflow

* Validate exported data

* Additional CI process

* Log mandatory plugins to INFO

* Force global setting

* Refactor CI pipeline

* Tweak file test

* Workflow updates

* Enable auto-update

* Test if import/export test should run

* Trigger if tasks.py changes
 2026-04-02 21:26:34 +11:00
github-actions[bot]
9aa2308f52 New Crowdin translations by GitHub Action (#11623) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-04-02 16:56:15 +11:00
Matthias Mair
5d1cbf4e9a refactor(backend): replace bleach with nh3 and bump weasy (#11655) 
* Replace bleach with nh3 for HTML sanitization

Agent-Logs-Url: https://github.com/matmair/InvenTree/sessions/913a447a-5efa-4fa3-b8b1-6af5feaa24f0

Co-authored-by: matmair <66015116+matmair@users.noreply.github.com>

* reduce diff

* bump weasy

* fix name

* remove old textual refs

* move defaults

* add some comments

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
 2026-04-02 15:35:15 +11:00
Matthias Mair
07a0bd2e24 remove duplicate requirements (#11654) 2026-04-02 10:46:41 +11:00
Matthias Mair
a8cef43484 docs: add more details around staff / superuser roles and their dangers (#11658) 2026-04-02 10:40:10 +11:00
Oliver
c8bcb924ca Reduce load on background worker (#11651) 
* Do not save setting with identical value

* Prevent task duplication

* Logic fixes

* Add unit test for task de-duplication

* Updated unit test
 2026-04-01 17:42:48 +11:00
Oliver
c89b0b7131 Memoize parameters for useInstance (#11652) 2026-04-01 17:06:38 +11:00
Oliver
080edc870f Better ordering for plugin settings (#11646) 
* Better ordering for plugin settings

- Followup to https://github.com/inventree/InvenTree/pull/11643
- Use order as provided by plugin

* Bug fix
 2026-04-01 16:18:55 +11:00
Oliver
6243aec9b7 Shipment parameters (#11641) 
* Add 'parameter' support for SalesOrderShipment model

* Add "parameters" tab for shipment view

* Playwright test

* Update CHANGELOG

* Update API version

* Install gettext

* Try yaml format

* Revert "Try yaml format"

This reverts commit 394a5551c8.

---------

Co-authored-by: Matthias Mair <code@mjmair.com>
 2026-04-01 10:31:49 +11:00