2
0
mirror of https://github.com/inventree/InvenTree.git synced 2026-07-04 06:00:38 +00:00

17948 Commits

Author SHA1 Message Date
Oliver 0a9a8b1c54 Add release entry for 1.4.0 (#12237)
* Add release entry for 1.4.0

* Mark version as 1.4.0
1.4.0
2026-06-24 13:53:55 +10:00
Oliver 74dc21b81c [bug] Allocated query fix (#12234)
* Fix BuildLineFilter.filter_allocated

- Required for mysql backend

* Spoecify output field
2026-06-24 12:49:43 +10:00
Oliver 75b27bd10a [UI] Tweak "order parts" wizard (#12236)
- Order supplier parts by "primary" value
- Attempt to auto-fill primary supplier part
2026-06-24 12:49:30 +10:00
Oliver 184ec37975 [UI] Tweak today color (#12235)
- Make "today" more obvious in calendar views
2026-06-24 12:49:19 +10:00
github-actions[bot] 6a2094e2a0 New Crowdin translations by GitHub Action (#12192)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-24 11:44:51 +10:00
Matthias Mair f21bc2d06f extend barcode scans API (#12233)
* extend barcode scans with user perm check

* fix import

* fix call

* align error message

* add missing permissions to test

* remove erronous assign

* ensure permission erros knock through
2026-06-24 10:45:26 +10:00
dependabot[bot] 78a00d320a chore(deps): bump the dependencies group with 3 updates (#12220)
Bumps the dependencies group with 3 updates: [oasdiff/oasdiff-action](https://github.com/oasdiff/oasdiff-action), [CodSpeedHQ/action](https://github.com/codspeedhq/action) and [crowdin/github-action](https://github.com/crowdin/github-action).


Updates `oasdiff/oasdiff-action` from 0.0.57 to 0.1.1
- [Release notes](https://github.com/oasdiff/oasdiff-action/releases)
- [Commits](https://github.com/oasdiff/oasdiff-action/compare/3530478ec30f84adedbfeb28f0d9527a290f50a9...5fbe96ede8d0c53aeadef122d7a0abb79152d493)

Updates `CodSpeedHQ/action` from 4.17.0 to 4.17.5
- [Release notes](https://github.com/codspeedhq/action/releases)
- [Changelog](https://github.com/CodSpeedHQ/action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codspeedhq/action/compare/9d332c4d90b43981c3e55ae8e38e68709996240f...c145068895e045cc725ee76fcd2307624b65c3af)

Updates `crowdin/github-action` from 2.16.2 to 2.16.3
- [Release notes](https://github.com/crowdin/github-action/releases)
- [Commits](https://github.com/crowdin/github-action/compare/8868a33591d21088edfc398968173a3b98d51706...52aa776766211d83d975df51f3b9c53c2f8ba35f)

---
updated-dependencies:
- dependency-name: oasdiff/oasdiff-action
  dependency-version: 0.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: CodSpeedHQ/action
  dependency-version: 4.17.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: crowdin/github-action
  dependency-version: 2.16.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-23 16:30:07 +10:00
Phil 3bf410c313 color scheme: Use the users prefered mode by default (#12227)
* color scheme: Use the users prefered colour scheme if one isn't defined in the store

* fix style

---------

Co-authored-by: Matthias Mair <code@mjmair.com>
2026-06-23 16:26:06 +10:00
Matthias Mair ec845c61cd Bump ty (#12211)
* bump ty

* various fixes

* fix settings

* bump stubs

* update pre-commit setup

* update ignore

* fix various issues

* fix style

* fix ignores

* fix wrong ty warnings
2026-06-22 08:26:31 +10:00
Andrey Lushnikov 6057aafe65 devops: fix chromium test uploads to flakiness.io (#12219)
Currently, only Firefox test results get uploaded to Flakiness.io.
This patch fixes the upload for chromium results as well, per
https://docs.flakiness.io/ci/github-actions-setup/
2026-06-22 07:17:09 +10:00
Oliver 50577da65a Add meaningful message on CSRF failure (#12216)
* Add meaningful message on CSRF failure

* Add link to CSRF_FAILURE_VIEW

* Add unit test for new CSRF feedback
2026-06-20 23:49:36 +10:00
开源斗士 8afc8b3d50 build(docker): compile backend translations during image build (#12203)
* build(docker): compile backend trasnlations during image build

* test(docker): verify compiled backend translations exist in image

Add checks to the "Test Docker Image" step that assert the compiled
django.mo files are present for a few representative languages (de, fr,
ru, zh_Hans). This guards the newly added backend translation
compilation step in the production Dockerfile, ensuring the multilingual
artifacts are produced at the expected locale paths.

* test(docker): verify compiled frontend translations exist in image
2026-06-20 22:51:38 +10:00
Oliver f1a1f6f18a Agents (#12212)
* Add AGENTS project awareness

* Fix formatting

* Additional info

* Update AGENTS.md

Co-authored-by: Matthias Mair <code@mjmair.com>

* Update CLAUDE.md

Co-authored-by: Matthias Mair <code@mjmair.com>

---------

Co-authored-by: Matthias Mair <code@mjmair.com>
2026-06-20 22:50:32 +10:00
dependabot[bot] 204cff2f88 chore(deps): bump undici from 6.26.0 to 8.5.0 in /src/frontend (#12214)
Bumps [undici](https://github.com/nodejs/undici) from 6.26.0 to 8.5.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v6.26.0...v8.5.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 8.5.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-20 13:14:34 +02:00
Oliver 5eaac37303 Fix signup warning (#12213)
- Should only fire on an actual signup attempt
2026-06-20 20:13:14 +10:00
dependabot[bot] c4d67b65d7 chore(deps): bump undici from 8.4.1 to 8.5.0 in /src/frontend (#12200)
Bumps [undici](https://github.com/nodejs/undici) from 8.4.1 to 8.5.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v8.4.1...v8.5.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 8.5.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2026-06-20 12:02:19 +02:00
Oliver ca16e6ec0a Report locale updates (#12208)
* Optional 'locale' arg to format_money

- Allows override of system locale when generating reports

* Updated documentation

* Add unit tests

* Handle invalid locale

* Handle invalid locale

* Add new global setting to control currency locale in reports

* Use setting in reports

* Add CHANGELOG entry

* Further unit tests

* Add unit tests for new setting

* Update docs

* More docs

* Refactoring:

- Change REPORT_CURRENCY_LOCALE to REPORT_LOCALE

* Extend unit testing

* Refactor format_number

* Add unit tests for explicit format strings

* Update examples for format_date

* Updated unit  tests

* Cleanup unit tests

* Fix more tests

* Adjust wording

* Remove global setting - simplify code

* Simplify unit tests

* Revert 'min_digits' to 'leading'

* Fix docs

* Refactor the render_currency function

- Move all functionality into report.py

* Cleanup duplicate code

* Updated docs

* Allow user to specify date_format

* Add support for 'leading' digits in render_currency

* Bug fix

* Fix unit test

* Add tests for "include_symbol"
2026-06-20 11:00:12 +10:00
dependabot[bot] 8a092b4d1d chore(deps): bump the dependencies group across 1 directory with 12 updates (#12210)
* chore(deps): bump the dependencies group across 1 directory with 12 updates

Bumps the dependencies group with 12 updates in the /src/backend directory:

| Package | From | To |
| --- | --- | --- |
| [boto3](https://github.com/boto/boto3) | `1.43.23` | `1.43.28` |
| [botocore](https://github.com/boto/botocore) | `1.43.23` | `1.43.28` |
| [django-js-asset](https://github.com/feincms/django-js-asset) | `3.1.2` | `4.0.1` |
| [django-money](https://github.com/django-money/django-money) | `3.6.0` | `3.6.1` |
| [grpcio](https://github.com/grpc/grpc) | `1.81.0` | `1.81.1` |
| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.33.6` | `7.35.1` |
| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.61.1` | `2.62.0` |
| [structlog](https://github.com/hynek/structlog) | `25.5.0` | `26.1.0` |
| [tqdm](https://github.com/tqdm/tqdm) | `4.68.1` | `4.68.2` |
| [wcwidth](https://github.com/jquast/wcwidth) | `0.7.0` | `0.8.1` |
| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `1.17.3` | `2.2.1` |
| [zopfli](https://github.com/fonttools/py-zopfli) | `0.4.2` | `0.4.3` |



Updates `boto3` from 1.43.23 to 1.43.28
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](https://github.com/boto/boto3/compare/1.43.23...1.43.28)

Updates `botocore` from 1.43.23 to 1.43.28
- [Commits](https://github.com/boto/botocore/compare/1.43.23...1.43.28)

Updates `django-js-asset` from 3.1.2 to 4.0.1
- [Changelog](https://github.com/feincms/django-js-asset/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/feincms/django-js-asset/compare/3.1.2...4.0.1)

Updates `django-money` from 3.6.0 to 3.6.1
- [Release notes](https://github.com/django-money/django-money/releases)
- [Changelog](https://github.com/django-money/django-money/blob/main/docs/changes.rst)
- [Commits](https://github.com/django-money/django-money/compare/3.6.0...3.6.1)

Updates `grpcio` from 1.81.0 to 1.81.1
- [Release notes](https://github.com/grpc/grpc/releases)
- [Commits](https://github.com/grpc/grpc/compare/v1.81.0...v1.81.1)

Updates `protobuf` from 6.33.6 to 7.35.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `sentry-sdk` from 2.61.1 to 2.62.0
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/2.61.1...2.62.0)

Updates `structlog` from 25.5.0 to 26.1.0
- [Release notes](https://github.com/hynek/structlog/releases)
- [Changelog](https://github.com/hynek/structlog/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hynek/structlog/compare/25.5.0...26.1.0)

Updates `tqdm` from 4.68.1 to 4.68.2
- [Release notes](https://github.com/tqdm/tqdm/releases)
- [Commits](https://github.com/tqdm/tqdm/compare/v4.68.1...v4.68.2)

Updates `wcwidth` from 0.7.0 to 0.8.1
- [Release notes](https://github.com/jquast/wcwidth/releases)
- [Commits](https://github.com/jquast/wcwidth/compare/0.7.0...0.8.1)

Updates `wrapt` from 1.17.3 to 2.2.1
- [Release notes](https://github.com/GrahamDumpleton/wrapt/releases)
- [Changelog](https://github.com/GrahamDumpleton/wrapt/blob/develop/docs/changes.rst)
- [Commits](https://github.com/GrahamDumpleton/wrapt/compare/1.17.3...2.2.1)

Updates `zopfli` from 0.4.2 to 0.4.3
- [Release notes](https://github.com/fonttools/py-zopfli/releases)
- [Commits](https://github.com/fonttools/py-zopfli/compare/v0.4.2...v0.4.3)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.43.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: botocore
  dependency-version: 1.43.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: django-js-asset
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: django-money
  dependency-version: 3.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: grpcio
  dependency-version: 1.81.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: protobuf
  dependency-version: 7.35.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: sentry-sdk
  dependency-version: 2.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: structlog
  dependency-version: 26.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: tqdm
  dependency-version: 4.68.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: wcwidth
  dependency-version: 0.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: wrapt
  dependency-version: 2.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: zopfli
  dependency-version: 0.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix style

* general bump

* bump dev tools

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2026-06-20 09:50:45 +10:00
Oliver 6657000d89 [UI] Fix NewsWidget (#12205) 2026-06-19 17:18:59 +10:00
Oliver 01fb74af25 [UI] Tree improvements (#12204)
* Hide expand icon for items without children

* Add searching to CategoryTree API

* Add "level" filter

* Automatically include parent tree when searching

* Include tree_id field

* Add search input to NavigationTree

* Add more API filters

* Load child nodes iteratively

* Fix dynamic loading of nodes

* Highlight selected item

* Include pathstring

* Fix insertion order

* Auto-expand to the selected ID

* Add "no results" message

* Refactor into generic components

* Expand to multi level

* Use async node loading functionality

* Add hovercard

* Implement same functionality for StockLocationTree API endpoint

* Adjust spacing

* Add connecting lines

* Add playwright test

* Bump API version

* Add CHANGELOG entry

* Update docs

* Update screenshot
2026-06-19 15:33:12 +10:00
dependabot[bot] 6285a11a65 chore(deps): bump pypdf from 6.13.0 to 6.13.3 in /src/backend (#12201)
* chore(deps): bump pypdf from 6.13.0 to 6.13.3 in /src/backend

Bumps [pypdf](https://github.com/py-pdf/pypdf) from 6.13.0 to 6.13.3.
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](https://github.com/py-pdf/pypdf/compare/6.13.0...6.13.3)

---
updated-dependencies:
- dependency-name: pypdf
  dependency-version: 6.13.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix style

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2026-06-19 13:47:50 +10:00
Oliver f70d3e68d8 [UI] Fix status renderer functions (#12202)
Broken in recent refactor
2026-06-19 10:45:11 +10:00
dependabot[bot] 5ddccf8913 chore(deps): bump dompurify from 3.4.9 to 3.4.11 in /src/frontend (#12199)
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.4.9 to 3.4.11.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](https://github.com/cure53/DOMPurify/compare/3.4.9...3.4.11)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.11
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-19 09:29:50 +10:00
Oliver 29b8ed91d2 [API] Adjust permissions for machine restart (#12197)
* [API] Adjust permissions for machine restart

Can only be actioned by a staff user

* Fix import

* Wrong class

* Extend unit test

* Bump API version

* Update CHANGELOG
2026-06-18 22:18:14 +10:00
Oliver 5b97acb79f [bug] Fix double save (#12194)
* Prevent double-save when creating an order

* Prevent double-save for BuildOrder

* More fixes

* Additional unit tests

* Revert code, remove create method against StockTrackingList

* Fix mixins
2026-06-18 20:18:46 +10:00
Oliver 2ca86808bb Fix order event name (#12196) 2026-06-18 20:00:18 +10:00
dependabot[bot] c2f213a6c0 chore(deps): bump form-data from 4.0.5 to 4.0.6 in /src/frontend (#12175)
Bumps [form-data](https://github.com/form-data/form-data) from 4.0.5 to 4.0.6.
- [Release notes](https://github.com/form-data/form-data/releases)
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](https://github.com/form-data/form-data/compare/v4.0.5...v4.0.6)

---
updated-dependencies:
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2026-06-18 18:36:16 +10:00
Oliver fc15f30f8f Report Generation Updates (#12187)
* Fix for TemplateEditor

- Allow dragging of split section

* Cleaner report template code

* Pass correct error message through

* Prevent multiple retries if running in worker thread

* Handle report merge error

* Add playwright tests for broken report printing

* Reduce scope for exception messages

* Reduce comment deltas

* Adjust unit test

* Raise ValidaitonError

* Handle message parsing

* Additional comment

* Fix unit tests
2026-06-18 13:41:44 +10:00
Oliver 4b29032c6e System Health Checks (#12193)
* Add worker health check invoke task

* Increase frequency of heartbeat task

* Adjust default threshold for worker health check

* Add server_health invoke func
2026-06-18 12:46:46 +10:00
github-actions[bot] c126e2b0af New Crowdin translations by GitHub Action (#12167)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-18 11:47:28 +10:00
dependabot[bot] dbda5a783a chore(deps): bump dompurify from 3.4.8 to 3.4.9 in /src/frontend (#12174)
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.4.8 to 3.4.9.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](https://github.com/cure53/DOMPurify/compare/3.4.8...3.4.9)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.9
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2026-06-18 09:57:52 +10:00
Matthias Mair 9e125be07e fix(ci): improve release pipe stability (#12191)
* update attestations step

* build stable channel release seperatly
2026-06-18 09:40:51 +10:00
Matthias Mair f602714dc9 fix(backend): import session metadata (#12184)
* add storage for historic import metadata for reporting and display purposes

fixes breakage fromhttps://github.com/inventree/InvenTree/pull/12169

* add api bump

* re-enable test

* fix migration

* ensure session is not overwritten

* fix statusrender without custom key
2026-06-18 08:10:32 +10:00
Matthias Mair c262efb25f fix(ci): disable running on dependabot and backport branches (#12189) 2026-06-18 08:07:37 +10:00
John Luetke 83a6729755 Change order custom status via api (#11982)
* Set custom_status_key via API

Refactor `custom_status_key` to be writable via the API and validate that the proposed value is valid for the current order status

* Refactor status_text serializer to consider custom status label

* Update api_version.py

* Additional unit testagainst N + 1

---------

Co-authored-by: Matthias Mair <code@mjmair.com>
Co-authored-by: Oliver Walters <oliver.henry.walters@gmail.com>
2026-06-17 17:59:37 +10:00
Oliver 546958a1cb [UI] Additional table filters (#12186) 2026-06-17 15:02:07 +10:00
Oliver 38008d8204 Mysql filter fix (#12185)
* Improve "available" filter for BuildLine API endpoint

* Fix typo

* Additional unit tests

* Additional playwright tests
2026-06-17 14:50:17 +10:00
Oliver a670eabd10 [import] specify fk lookup field (#12180)
* Raise error on multiple matches

* add new field to handle lookup_field selection

* Add unit tests

* Update frontend

* Bump API version

* Ensure string-iness of lookup field
2026-06-17 11:03:26 +10:00
Matthias Mair 91a4b2a1a5 fix(frontend): adress broken UI tests (#12183)
* try different matching mechanism

* fix for changes in #12168

* disable broken test from https://github.com/inventree/InvenTree/pull/12169

* revert observability perm change
2026-06-17 09:39:00 +10:00
dependabot[bot] 7da65c8e50 chore(deps): bump cryptography from 48.0.0 to 48.0.1 in /src/backend (#12176)
* chore(deps): bump cryptography from 48.0.0 to 48.0.1 in /src/backend

Bumps [cryptography](https://github.com/pyca/cryptography) from 48.0.0 to 48.0.1.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/48.0.0...48.0.1)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 48.0.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix style

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2026-06-16 20:47:42 +02:00
Oliver a8e5c83a94 Stocktake exporter updates (#12179)
* Optionally exclude zero-stock entries

* Add more columns to exported dataset

* Adjust unit test

* More test fixes
2026-06-16 14:14:51 +10:00
Matthias Mair 05b7e12abf bump docker base (#12178) 2026-06-16 10:21:31 +10:00
dependabot[bot] 5c95dfe484 chore(deps): bump the dependencies group with 4 updates (#12172)
Bumps the dependencies group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [codecov/codecov-action](https://github.com/codecov/codecov-action), [oasdiff/oasdiff-action](https://github.com/oasdiff/oasdiff-action) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/checkout` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10)

Updates `codecov/codecov-action` from 6.0.1 to 7.0.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/e79a6962e0d4c0c17b229090214935d2e33f8354...fb8b3582c8e4def4969c97caa2f19720cb33a72f)

Updates `oasdiff/oasdiff-action` from 0.0.51 to 0.0.57
- [Release notes](https://github.com/oasdiff/oasdiff-action/releases)
- [Commits](https://github.com/oasdiff/oasdiff-action/compare/f30668f65075c93440bd59ce2de73ce9e78751f4...3530478ec30f84adedbfeb28f0d9527a290f50a9)

Updates `github/codeql-action` from 4.36.0 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/7211b7c8077ea37d8641b6271f6a365a22a5fbfa...8aad20d150bbac5944a9f9d289da16a4b0d87c1e)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: codecov/codecov-action
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: oasdiff/oasdiff-action
  dependency-version: 0.0.57
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: github/codeql-action
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-16 08:35:58 +10:00
Matthias Mair 92419b3bdf bump frontend (#12137)
* bump react-router

* upgrade to remove uuid

* upgrade

* bump a bit more

* lower mantine
2026-06-16 08:35:17 +10:00
Oliver 6c18e64020 Permissions fix (#12168)
* Tighten API permissions

- Require authenticated user for NotFoundView
- Hide 'active_plugins' behind is_authenticated

* Patch permissions hole in GlobalSettingsPermissions

* Additional API unit tests

* Require auth for observability endpoint

* Add explicit permission for PluginAdminDetail

* Bump API version

* Update unit tests

* Revert changes
2026-06-15 22:06:49 +10:00
Oliver 3c17367e3c Data import permissions (#12169)
* Update data importer child permissions

- Row data
- Column data

* Add unit tests

* Cleanup session data after import is completed

* Further scope narrowing
2026-06-15 21:03:44 +10:00
Oliver aece90512c [UI] Edit cat param (#12166)
* Refactor form hook components

* Reset values when opening form

* Rebuild form field
2026-06-15 20:07:40 +10:00
Oliver d951638e75 Part category parameters (#12165)
* Add parameter support for PartCategory

* Update frontend

* Bump API version

* Update CHANGELOG
2026-06-15 18:49:01 +10:00
Oliver 0b5db2f16a Suppress dulwich warnings (#12163)
- Prevent erroneous dulwich warning messages
2026-06-14 18:20:57 +10:00
Khairil 9706bc672a fix: support non-integer PKs in NotificationMessage (fixes UUID overflow) (#12162)
NotificationMessage.target_object_id and source_object_id were typed as
PositiveIntegerField, which overflows when the referenced model uses a
UUID primary key (e.g. MachineConfig). Django's GenericForeignKey stores
the PK as a string in the database, so the field type should be
CharField to accommodate any PK type (int, UUID, slug, etc.).

Changes:
- common/models.py: change target_object_id and source_object_id from
  PositiveIntegerField to CharField(max_length=255) on NotificationMessage
- common/migrations/0044: AlterField migration for both columns
- order/tests.py: update assertion from integer 1 to str(1) since
  CharField will now store the PK as a string

Fixes #12131

Signed-off-by: kaizeenn <khairil0153@gmail.com>
2026-06-14 18:20:16 +10:00