Oliver
9ce5f27375
Template Updates ( #11702 )
...
* Display filename pattern in template tables
* Add user update tracking to template models
* Update API / serializers
* Capture user information via API
* Display update information in tables
* Bump API version and CHANGELOG.md
* Prevent double increment of revision
* Fix
2026-04-09 16:10:23 +10:00
Oliver
cdb8ad4c30
Update report example ( #11704 )
...
* Update report example
* Fix typo
2026-04-09 13:31:25 +10:00
Oliver
7da430f0e7
Adjust excludes in tasks.py ( #11703 )
...
- Closes https://github.com/inventree/InvenTree/issues/11700
2026-04-09 12:17:20 +10:00
dependabot[bot]
2466059e4e
chore(deps-dev): bump vite from 7.1.11 to 7.3.2 in /src/frontend ( #11679 )
...
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite ) from 7.1.11 to 7.3.2.
- [Release notes](https://github.com/vitejs/vite/releases )
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md )
- [Commits](https://github.com/vitejs/vite/commits/v7.3.2/packages/vite )
---
updated-dependencies:
- dependency-name: vite
dependency-version: 7.3.2
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Oliver <oliver.henry.walters@gmail.com >
Co-authored-by: Matthias Mair <code@mjmair.com >
2026-04-09 08:34:55 +10:00
Matthias Mair
ff2c3c7592
bump backend pkg ( #11699 )
...
* bump django
* bump jwcrypto
2026-04-09 08:34:30 +10:00
Oliver
cc77d1d5e6
[UI] Pass custom fields through to the importer session ( #11688 )
...
* [UI] Pass custom fields through to the importer session
* Support custom model rendering within the data import wizard
* Update CHANGELOG.md
* Update UI version
2026-04-08 23:50:16 +10:00
Oliver
b9a66da833
Fix storage helpers ( #11697 )
...
* Fix storage helpers
- Remove os.path reliance
- Move to standard django accessors
* Refactor rebuild_thumbnails
2026-04-08 22:54:42 +10:00
github-actions[bot]
91bf7619dc
New Crowdin translations by GitHub Action ( #11675 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-08 21:46:56 +10:00
Oliver
343f0975b6
Export fix ( #11693 )
...
* Fix for ManufacturerPartList
- Support data export via API
* Add playwright tests
* Bump API version
2026-04-08 19:16:31 +10:00
Oliver
360beeaf52
Table icon fix ( #11694 )
2026-04-08 19:16:10 +10:00
dependabot[bot]
fea08653c0
chore(deps): bump the dependencies group across 1 directory with 9 updates ( #11671 )
...
* chore(deps): bump the dependencies group across 1 directory with 9 updates
Bumps the dependencies group with 9 updates in the /src/backend directory:
| Package | From | To |
| --- | --- | --- |
| [gunicorn](https://github.com/benoitc/gunicorn ) | `25.2.0` | `25.3.0` |
| [bleach](https://github.com/mozilla/bleach ) | `4.1.0` | `6.3.0` |
| [boto3](https://github.com/boto/boto3 ) | `1.42.76` | `1.42.77` |
| [botocore](https://github.com/boto/botocore ) | `1.42.76` | `1.42.77` |
| [googleapis-common-protos](https://github.com/googleapis/google-cloud-python ) | `1.73.0` | `1.73.1` |
| [importlib-metadata](https://github.com/python/importlib_metadata ) | `8.7.1` | `9.0.0` |
| [protobuf](https://github.com/protocolbuffers/protobuf ) | `6.33.6` | `7.34.1` |
| [wrapt](https://github.com/GrahamDumpleton/wrapt ) | `1.17.3` | `2.1.2` |
| [python-discovery](https://github.com/tox-dev/python-discovery ) | `1.2.0` | `1.2.1` |
Updates `gunicorn` from 25.2.0 to 25.3.0
- [Release notes](https://github.com/benoitc/gunicorn/releases )
- [Commits](https://github.com/benoitc/gunicorn/compare/25.2.0...25.3.0 )
Updates `bleach` from 4.1.0 to 6.3.0
- [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES )
- [Commits](https://github.com/mozilla/bleach/compare/v4.1.0...v6.3.0 )
Updates `boto3` from 1.42.76 to 1.42.77
- [Release notes](https://github.com/boto/boto3/releases )
- [Commits](https://github.com/boto/boto3/compare/1.42.76...1.42.77 )
Updates `botocore` from 1.42.76 to 1.42.77
- [Commits](https://github.com/boto/botocore/compare/1.42.76...1.42.77 )
Updates `googleapis-common-protos` from 1.73.0 to 1.73.1
- [Release notes](https://github.com/googleapis/google-cloud-python/releases )
- [Changelog](https://github.com/googleapis/google-cloud-python/blob/main/packages/google-cloud-documentai/CHANGELOG.md )
- [Commits](https://github.com/googleapis/google-cloud-python/compare/googleapis-common-protos-v1.73.0...googleapis-common-protos-v1.73.1 )
Updates `importlib-metadata` from 8.7.1 to 9.0.0
- [Release notes](https://github.com/python/importlib_metadata/releases )
- [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst )
- [Commits](https://github.com/python/importlib_metadata/compare/v8.7.1...v9.0.0 )
Updates `protobuf` from 6.33.6 to 7.34.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases )
- [Commits](https://github.com/protocolbuffers/protobuf/commits )
Updates `wrapt` from 1.17.3 to 2.1.2
- [Release notes](https://github.com/GrahamDumpleton/wrapt/releases )
- [Changelog](https://github.com/GrahamDumpleton/wrapt/blob/develop/docs/changes.rst )
- [Commits](https://github.com/GrahamDumpleton/wrapt/compare/1.17.3...2.1.2 )
Updates `python-discovery` from 1.2.0 to 1.2.1
- [Release notes](https://github.com/tox-dev/python-discovery/releases )
- [Commits](https://github.com/tox-dev/python-discovery/compare/1.2.0...1.2.1 )
---
updated-dependencies:
- dependency-name: gunicorn
dependency-version: 25.3.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: dependencies
- dependency-name: bleach
dependency-version: 6.3.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: dependencies
- dependency-name: boto3
dependency-version: 1.42.77
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: botocore
dependency-version: 1.42.77
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: googleapis-common-protos
dependency-version: 1.73.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: importlib-metadata
dependency-version: 9.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: dependencies
- dependency-name: protobuf
dependency-version: 7.34.1
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: dependencies
- dependency-name: wrapt
dependency-version: 2.1.2
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: dependencies
- dependency-name: python-discovery
dependency-version: 1.2.1
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix style
* fix style
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com >
Co-authored-by: Oliver <oliver.henry.walters@gmail.com >
2026-04-08 17:28:59 +10:00
Oliver
71373e3c19
Order line number ( #11692 )
...
* Add "line number" field for external orders
* Updated serializers
* Add columns to UI tables
* Update form fields
* Adds API ordering
* Bump API version
* Update CHANGELOG.md
2026-04-08 15:36:08 +10:00
Oliver
4d2ed8fcba
Update parameter report helper ( #11690 )
...
* Update parameter report helper
- Fallback to case insensitive lookup
* Add default value in case parameter is not found
* Add new report helper func
2026-04-08 14:14:44 +10:00
Oliver
2753a437cc
Fix spelling error in api_version.py ( #11689 )
2026-04-08 09:24:42 +10:00
Oliver
76b5cfcca2
Merge commit from fork
...
* Ensure the MeUserSerializer correctly marks fields as read-only
* Bump API version
* Add unit tests for the "me" endpoint
* Additional unit tests
* Add OPTIONS test
2026-04-08 08:19:39 +10:00
Nozomu Sasaki (Paul)
427a323914
Merge commit from fork
...
* fix(security): use SandboxedEnvironment for PART_NAME_FORMAT rendering
- Switch jinja2.Environment to jinja2.sandbox.SandboxedEnvironment in
part/helpers.py to prevent SSTI via template tags in PART_NAME_FORMAT.
- Set pk=1 on the dummy Part instance in the validator to ensure
conditional expressions like {% if part.pk %} are properly evaluated
during validation, closing the sandbox bypass vector.
Fixes GHSA-84jh-x777-8pqq
* Style fixes
---------
Co-authored-by: Paul <morimori-dev@github.com >
Co-authored-by: Oliver Walters <oliver.henry.walters@gmail.com >
2026-04-08 08:17:36 +10:00
Oliver
b8ec300fbf
Merge commit from fork
...
* Add note to plugin docs.
* Adjust logic for PluginListTable
* Add superuser scope to PluginInstall API endpoint
* Update unit test for API endpoint
* Explicitly set PLUGINS_INSTALL_DISABLED if PLUGINS_ENABLED = False
* Check for superuser permission in installer.py
* Additional user checks
* Sanitize package name to protect against OS command injection
2026-04-08 08:16:07 +10:00
Matthias Mair
9c0cb34106
Merge commit from fork
...
* fix behaviour
* style fixes
---------
Co-authored-by: Oliver Walters <oliver.henry.walters@gmail.com >
2026-04-08 08:13:39 +10:00
Oliver
68031d504f
Merge commit from fork
...
* Fix SSRF in remote image download
Add IP address validation to prevent Server-Side Request Forgery
when downloading images from remote URLs. The resolved IP is now
checked against private, loopback, link-local, and reserved ranges
before connecting.
Redirects are followed manually (up to 5 hops) with SSRF validation
at each step, preventing redirect-based bypass of URL format checks.
* Style fix
---------
Co-authored-by: tikket1 <chrisveres1@gmail.com >
2026-04-08 08:11:18 +10:00
Oliver
437dddc75f
[UI] Import context ( #11685 )
...
* Refactor ImporterDrawer
- Use a single, globally accessible object
- Provide global state management
* Expose global importer state to the plugin interface
* Improve registration of data import serializers
* Update frontend version / docs
* Bump API version
2026-04-08 06:01:00 +10:00
dependabot[bot]
448d775690
chore(deps): bump the dependencies group with 5 updates ( #11680 )
...
Bumps the dependencies group with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) | `4.1.0` | `4.1.1` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action ) | `5.5.2` | `6.0.0` |
| [hynek/setup-cached-uv](https://github.com/hynek/setup-cached-uv ) | `2.3.0` | `2.5.0` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `4.31.10` | `4.35.1` |
| [crowdin/github-action](https://github.com/crowdin/github-action ) | `2.15.2` | `2.16.0` |
Updates `sigstore/cosign-installer` from 4.1.0 to 4.1.1
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](ba7bc0a3fe...cad07c2e89https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](671740ac38...57e3a136b7https://github.com/hynek/setup-cached-uv/releases )
- [Changelog](https://github.com/hynek/setup-cached-uv/blob/main/CHANGELOG.md )
- [Commits](757bedc3f9...4300ec2180https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cdefb33c0f...c10b8064dehttps://github.com/crowdin/github-action/releases )
- [Commits](ce33ce793a...7ca9c452bfsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-07 08:05:31 +10:00
Oliver
8896a494e8
Skip import for zero length records ( #11676 )
2026-04-06 14:29:50 +10:00
Matthias Mair
e91f306245
feat(frontend): improve comms around danger of staff users ( #11659 )
...
* docs: add more details around staff / superuser roles and their dangers
* make clear that staff users are dangerous
* make distinction clearer in API
* add error code and frontend warning about running with staff / admin user
* fix test
* bump api
* adapt banner warning
* make banner locally disableable
* add global option to disable elevated user alert
2026-04-05 22:51:46 +10:00
github-actions[bot]
d358001827
New Crowdin translations by GitHub Action ( #11662 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-05 12:08:50 +10:00
Oliver
a721a0fe35
Add documentation on background worker configuration options ( #11673 )
2026-04-04 12:41:55 +11:00
Oliver
3a1e860789
Storage fixes ( #11672 )
...
* Use storage class rather than manually constructing URL
* Fix for report helpers
2026-04-04 11:49:21 +11:00
Oliver
bb3293ef31
Updates to part revision support ( #11670 )
...
* Update revision validation
* Refactor UI display
* Fix for usePartFields
* Rearrange part settings
* Better visuals
* Update docs
* use 'full_name' field
* Update playwright tests
* Adjust unit test
* Fix playwright tests
2026-04-04 00:10:25 +11:00
Oliver
9c1d8c1b1d
Docs updates ( #11669 )
...
- Add notes about optional BOM items
2026-04-03 14:40:43 +11:00
Oliver
4c456bb356
Update CHANGELOG.md ( #11668 )
...
- Follow-up to https://github.com/inventree/InvenTree/pull/11648
2026-04-03 14:37:54 +11:00
dependabot[bot]
884b0aa966
chore(deps): bump the dependencies group across 1 directory with 20 updates ( #11661 )
...
* chore(deps): bump the dependencies group across 1 directory with 20 updates
Bumps the dependencies group with 20 updates in the /src/backend directory:
| Package | From | To |
| --- | --- | --- |
| [bleach](https://github.com/mozilla/bleach ) | `4.1.0` | `6.3.0` |
| [blessed](https://github.com/jquast/blessed ) | `1.33.0` | `1.34.0` |
| [boto3](https://github.com/boto/boto3 ) | `1.42.72` | `1.42.76` |
| [botocore](https://github.com/boto/botocore ) | `1.42.72` | `1.42.76` |
| [djangorestframework](https://github.com/encode/django-rest-framework ) | `3.17.0` | `3.17.1` |
| [gunicorn](https://github.com/benoitc/gunicorn ) | `25.1.0` | `25.2.0` |
| [importlib-metadata](https://github.com/python/importlib_metadata ) | `8.7.1` | `9.0.0` |
| [protobuf](https://github.com/protocolbuffers/protobuf ) | `6.33.6` | `7.34.1` |
| [redis](https://github.com/redis/redis-py ) | `7.3.0` | `7.4.0` |
| [sentry-sdk](https://github.com/getsentry/sentry-python ) | `2.55.0` | `2.56.0` |
| [wrapt](https://github.com/GrahamDumpleton/wrapt ) | `1.17.3` | `2.1.2` |
| [build](https://github.com/pypa/build ) | `1.4.0` | `1.4.2` |
| [coverage](https://github.com/coveragepy/coveragepy ) | `7.13.4` | `7.13.5` |
| [django-silk](https://github.com/jazzband/django-silk ) | `5.4.3` | `5.5.0` |
| [django-stubs](https://github.com/typeddjango/django-stubs ) | `5.2.9` | `6.0.1` |
| [django-stubs-ext](https://github.com/typeddjango/django-stubs ) | `5.2.9` | `6.0.1` |
| [filelock](https://github.com/tox-dev/py-filelock ) | `3.25.0` | `3.25.2` |
| [identify](https://github.com/pre-commit/identify ) | `2.6.17` | `2.6.18` |
| [python-discovery](https://github.com/tox-dev/python-discovery ) | `1.1.0` | `1.2.0` |
| [virtualenv](https://github.com/pypa/virtualenv ) | `21.1.0` | `21.2.0` |
Updates `bleach` from 4.1.0 to 6.3.0
- [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES )
- [Commits](https://github.com/mozilla/bleach/compare/v4.1.0...v6.3.0 )
Updates `blessed` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/jquast/blessed/releases )
- [Changelog](https://github.com/jquast/blessed/blob/master/docs/history.rst )
- [Commits](https://github.com/jquast/blessed/compare/1.33...1.34 )
Updates `boto3` from 1.42.72 to 1.42.76
- [Release notes](https://github.com/boto/boto3/releases )
- [Commits](https://github.com/boto/boto3/compare/1.42.72...1.42.76 )
Updates `botocore` from 1.42.72 to 1.42.76
- [Commits](https://github.com/boto/botocore/compare/1.42.72...1.42.76 )
Updates `djangorestframework` from 3.17.0 to 3.17.1
- [Release notes](https://github.com/encode/django-rest-framework/releases )
- [Commits](https://github.com/encode/django-rest-framework/compare/3.17.0...3.17.1 )
Updates `gunicorn` from 25.1.0 to 25.2.0
- [Release notes](https://github.com/benoitc/gunicorn/releases )
- [Commits](https://github.com/benoitc/gunicorn/compare/25.1.0...25.2.0 )
Updates `importlib-metadata` from 8.7.1 to 9.0.0
- [Release notes](https://github.com/python/importlib_metadata/releases )
- [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst )
- [Commits](https://github.com/python/importlib_metadata/compare/v8.7.1...v9.0.0 )
Updates `protobuf` from 6.33.6 to 7.34.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases )
- [Commits](https://github.com/protocolbuffers/protobuf/commits )
Updates `redis` from 7.3.0 to 7.4.0
- [Release notes](https://github.com/redis/redis-py/releases )
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES )
- [Commits](https://github.com/redis/redis-py/compare/v7.3.0...v7.4.0 )
Updates `sentry-sdk` from 2.55.0 to 2.56.0
- [Release notes](https://github.com/getsentry/sentry-python/releases )
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-python/compare/2.55.0...2.56.0 )
Updates `wrapt` from 1.17.3 to 2.1.2
- [Release notes](https://github.com/GrahamDumpleton/wrapt/releases )
- [Changelog](https://github.com/GrahamDumpleton/wrapt/blob/develop/docs/changes.rst )
- [Commits](https://github.com/GrahamDumpleton/wrapt/compare/1.17.3...2.1.2 )
Updates `build` from 1.4.0 to 1.4.2
- [Release notes](https://github.com/pypa/build/releases )
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pypa/build/compare/1.4.0...1.4.2 )
Updates `coverage` from 7.13.4 to 7.13.5
- [Release notes](https://github.com/coveragepy/coveragepy/releases )
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst )
- [Commits](https://github.com/coveragepy/coveragepy/compare/7.13.4...7.13.5 )
Updates `django-silk` from 5.4.3 to 5.5.0
- [Release notes](https://github.com/jazzband/django-silk/releases )
- [Changelog](https://github.com/jazzband/django-silk/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jazzband/django-silk/compare/5.4.3...5.5.0 )
Updates `django-stubs` from 5.2.9 to 6.0.1
- [Release notes](https://github.com/typeddjango/django-stubs/releases )
- [Commits](https://github.com/typeddjango/django-stubs/compare/5.2.9...6.0.1 )
Updates `django-stubs-ext` from 5.2.9 to 6.0.1
- [Release notes](https://github.com/typeddjango/django-stubs/releases )
- [Commits](https://github.com/typeddjango/django-stubs/compare/5.2.9...6.0.1 )
Updates `filelock` from 3.25.0 to 3.25.2
- [Release notes](https://github.com/tox-dev/py-filelock/releases )
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst )
- [Commits](https://github.com/tox-dev/py-filelock/compare/3.25.0...3.25.2 )
Updates `identify` from 2.6.17 to 2.6.18
- [Commits](https://github.com/pre-commit/identify/compare/v2.6.17...v2.6.18 )
Updates `python-discovery` from 1.1.0 to 1.2.0
- [Release notes](https://github.com/tox-dev/python-discovery/releases )
- [Commits](https://github.com/tox-dev/python-discovery/compare/1.1.0...1.2.0 )
Updates `virtualenv` from 21.1.0 to 21.2.0
- [Release notes](https://github.com/pypa/virtualenv/releases )
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst )
- [Commits](https://github.com/pypa/virtualenv/compare/21.1.0...21.2.0 )
---
updated-dependencies:
- dependency-name: bleach
dependency-version: 6.3.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: dependencies
- dependency-name: blessed
dependency-version: 1.34.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: dependencies
- dependency-name: boto3
dependency-version: 1.42.76
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: botocore
dependency-version: 1.42.76
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: djangorestframework
dependency-version: 3.17.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: gunicorn
dependency-version: 25.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: dependencies
- dependency-name: importlib-metadata
dependency-version: 9.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: dependencies
- dependency-name: protobuf
dependency-version: 7.34.1
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: dependencies
- dependency-name: redis
dependency-version: 7.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: dependencies
- dependency-name: sentry-sdk
dependency-version: 2.56.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: dependencies
- dependency-name: wrapt
dependency-version: 2.1.2
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: dependencies
- dependency-name: build
dependency-version: 1.4.2
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: coverage
dependency-version: 7.13.5
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: django-silk
dependency-version: 5.5.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: dependencies
- dependency-name: django-stubs
dependency-version: 6.0.1
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: dependencies
- dependency-name: django-stubs-ext
dependency-version: 6.0.1
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: dependencies
- dependency-name: filelock
dependency-version: 3.25.2
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: identify
dependency-version: 2.6.18
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: python-discovery
dependency-version: 1.2.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: dependencies
- dependency-name: virtualenv
dependency-version: 21.2.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix style
* more fixes
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com >
2026-04-03 14:16:39 +11:00
dependabot[bot]
2eb675ae9e
chore(deps): bump pygments from 2.19.2 to 2.20.0 in /docs ( #11637 )
...
* chore(deps): bump pygments from 2.19.2 to 2.20.0 in /docs
Bumps [pygments](https://github.com/pygments/pygments ) from 2.19.2 to 2.20.0.
- [Release notes](https://github.com/pygments/pygments/releases )
- [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES )
- [Commits](https://github.com/pygments/pygments/compare/2.19.2...2.20.0 )
---
updated-dependencies:
- dependency-name: pygments
dependency-version: 2.20.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix style
* bump rest of deps
* fix pygments
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com >
2026-04-03 14:16:25 +11:00
Matthias Mair
45de695d4f
feat(backend): add request id ( #11666 )
...
helpful for https://github.com/inventree/InvenTree/issues/9996
2026-04-03 14:07:27 +11:00
Oliver
5c55f4f4c0
Migrate plugin tables ( #11648 )
...
* Prevent creation of PluginConfig during migrations
* Refactor data import process
- Split into multiple separate steps
* Load plugins during data load / dump
- Required, otherwise we cannot dump the data
* Refactor export_records
- Use temporary file
- Cleanup docstring
* Force apps check on second validation step
* Improve import sequencing
* Update CI script
* Update migration docs
* CI pipeline for running import/export test
* Fix workflow naming
* Fix env vars
* Add placeholder script
* Fix matrix env vars
* Fix missing env var
* Install required packages
* Fix typo
* Tweak tasks.py
* Install dummy plugin as part of the
* Updated CI workflow
* Validate exported data
* Additional CI process
* Log mandatory plugins to INFO
* Force global setting
* Refactor CI pipeline
* Tweak file test
* Workflow updates
* Enable auto-update
* Test if import/export test should run
* Trigger if tasks.py changes
2026-04-02 21:26:34 +11:00
github-actions[bot]
9aa2308f52
New Crowdin translations by GitHub Action ( #11623 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-02 16:56:15 +11:00
Matthias Mair
5d1cbf4e9a
refactor(backend): replace bleach with nh3 and bump weasy ( #11655 )
...
* Replace bleach with nh3 for HTML sanitization
Agent-Logs-Url: https://github.com/matmair/InvenTree/sessions/913a447a-5efa-4fa3-b8b1-6af5feaa24f0
Co-authored-by: matmair <66015116+matmair@users.noreply.github.com >
* reduce diff
* bump weasy
* fix name
* remove old textual refs
* move defaults
* add some comments
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com >
2026-04-02 15:35:15 +11:00
Matthias Mair
07a0bd2e24
remove duplicate requirements ( #11654 )
2026-04-02 10:46:41 +11:00
Matthias Mair
a8cef43484
docs: add more details around staff / superuser roles and their dangers ( #11658 )
2026-04-02 10:40:10 +11:00
Oliver
c8bcb924ca
Reduce load on background worker ( #11651 )
...
* Do not save setting with identical value
* Prevent task duplication
* Logic fixes
* Add unit test for task de-duplication
* Updated unit test
2026-04-01 17:42:48 +11:00
Oliver
c89b0b7131
Memoize parameters for useInstance ( #11652 )
2026-04-01 17:06:38 +11:00
Oliver
080edc870f
Better ordering for plugin settings ( #11646 )
...
* Better ordering for plugin settings
- Followup to https://github.com/inventree/InvenTree/pull/11643
- Use order as provided by plugin
* Bug fix
2026-04-01 16:18:55 +11:00
Oliver
6243aec9b7
Shipment parameters ( #11641 )
...
* Add 'parameter' support for SalesOrderShipment model
* Add "parameters" tab for shipment view
* Playwright test
* Update CHANGELOG
* Update API version
* Install gettext
* Try yaml format
* Revert "Try yaml format"
This reverts commit 394a5551c8code@mjmair.com >
2026-04-01 10:31:49 +11:00
Matthias Mair
1f01229d30
fix(backend): API description ordering more deterministic ( #11649 )
...
* fix(backend): API description ordering more deterministic
* bump API
* Update API version history in api_version.py
2026-04-01 08:54:44 +11:00
Oliver
5f3e9a0652
Enforce deterministic ordering for plugin settings ( #11643 )
...
* Enforce deterministic ordering for plugin settings
* Fix typo
2026-03-31 20:45:25 +11:00
gunstr
e4ac02a840
[Doc] Clarify Stocktake date ( #11644 )
2026-03-31 19:54:24 +11:00
HuaYangTian
d557d2dff9
fix(i18n): compile backend translations during update ( #11613 )
...
* fix(i18n): compile backend translations during update
* fix(i18n): make backend translation compile optional in update
* ci: add fork ghcr publish workflow
* fix(ci): use valid docker build-push action ref
* ci: add gcp deploy workflow via iap ssh
* Delete .github/scripts/deploy_inventree_remote.sh
* Delete .github/workflows/fork_deploy_gce.yaml
* Delete .github/workflows/fork_publish_ghcr.yaml
---------
Co-authored-by: Matthias Mair <code@mjmair.com >
Co-authored-by: Oliver <oliver.henry.walters@gmail.com >
2026-03-31 13:02:54 +11:00
dependabot[bot]
d5fdedff4a
chore(deps): bump the dependencies group with 3 updates ( #11639 )
...
Bumps the dependencies group with 3 updates: [oasdiff/oasdiff-action](https://github.com/oasdiff/oasdiff-action ), [CodSpeedHQ/action](https://github.com/codspeedhq/action ) and [anchore/sbom-action](https://github.com/anchore/sbom-action ).
Updates `oasdiff/oasdiff-action` from 0.0.21 to 0.0.37
- [Release notes](https://github.com/oasdiff/oasdiff-action/releases )
- [Commits](1c611ffb12...1f38ea5ea0https://github.com/codspeedhq/action/releases )
- [Changelog](https://github.com/CodSpeedHQ/action/blob/main/CHANGELOG.md )
- [Commits](281164b0f0...1c8ae48435https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](57aae52805...e22c389904support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-31 09:54:09 +11:00
Oliver
092c43b49a
Update "date" field for StockItemTestResult ( #11586 )
...
* Update "date" field for StockItemTestResult
- Allow editing of date (via admin)
* Mark 'date' and 'user' as read-only unless importing
* Revert API field name
* Fix default value
* Fix migration
---------
Co-authored-by: Matthias Mair <code@mjmair.com >
2026-03-31 07:13:12 +11:00
Oliver
5c07ef2847
Add docs regarding copy button ( #11636 )
...
- Closes https://github.com/inventree/InvenTree/issues/11634
2026-03-31 07:11:48 +11:00
Oliver
4c0a3c5545
Add copy function to more columns ( #11635 )
2026-03-31 00:22:28 +11:00
Oliver
77744aeeac
Enhancements for recort import/export ( #11630 )
...
* Add management command to list installed apps
* Add metadata to exported data file
* Validate metadata for imported file
* Update CHANGELOG.md
* Update docs
* Use internal codes
* Refactor and add more metadata
* Adjust github action workflow
* Run with --force option to setup demo dataset
2026-03-31 00:18:48 +11:00
