Gavin D'souza
0ef99c3886
fix: Add signature to Communication.content if not already added
This fix adds a signature forcibly if found under the sender's
User.email_signature or default outgoing email account's signature
field.
The previous method of adding a comment into the Email didn't work since
Quill would discard comments before setting them. Adding signatures in
get_formatted_html didn't seem apt since it's used in QueueBuilder to
re-construct the Email before processing the Email Queue. This meant
that the email content that was added in the Communication record would
not be final. Now, we treat the signature as part of the Communication
content.
3 years ago
Gavin D'souza
adc69cb3ec
build: Upgrade Pillow dependency
This upgrade handles multiple high severity vulnerabilities. I've not
checked the affected code in great depth but the APIs we use may be
affected. If they could actually be exploited is another matter which
would take a whole lotta effort which I'd rather not test xD
Fixes: CWE-74, CWE-125, CWE-120, CWE-125, CWE-400
CVE IDs: CVE-2022-22817, CVE-2022-22816, CVE-2021-34552, CVE-2021-23437
3 years ago
Gavin D'souza
5798cfaf4c
build: Update iPython dependency
Updating dependency due to arbitrary code execution vulnerability in IPython that stems from IPython executing untrusted files in CWD. This vulnerability allows one user to run code as another.
ref: https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
Weaknesses: CWE-250, CWE-269, CWE-279
CVE ID: CVE-2022-21699
3 years ago
Sagar Vora
e5857fa56a
fix: improve setup wizard exception email
3 years ago
Sagar Vora
951ad3f844
chore(deps): bump werkzeug to latest version
3 years ago
Gavin D'souza
de2bcb08b4
fix!: Drop six PY2 compatibility package
3 years ago
ChillarAnand
4ceb179699
chore: Clean up requirements
3 years ago
Ankush Menat
121533cf13
refactor: remove chalk dependency
3 years ago
Ankush Menat
a0262fd779
refactor!: remove unittest-xml-reporting dependency
3 years ago
Ankush Menat
49b157e7e5
refactor!: remove ngrok from requirements.txt
3 years ago
Ankush Menat
a6c752458b
refactor!: remove faker from requirements.txt
3 years ago
Ankush Menat
8904a1c7ad
fix: remove pycups from requirements
3 years ago
KrithiRamani
0e16fc03ad
Update requirements.txt
Added version no for pycups
Co-authored-by: Ankush Menat <ankushmenat@gmail.com>
3 years ago
Krithi Ramani
78a89fdb99
renamed argument to file_path. Added pycups to requirements.txt
3 years ago
Gavin D'souza
39d63641f3
chore: Bump psycopg2-binary Python client
3 years ago
Ankush Menat
8d46b365d9
chore(deps): bump ipython to latest version
3 years ago
Faris Ansari
b8b8d1305f
fix: add cairocffi as requirement
3 years ago
Faris Ansari
0928c4c172
feat: Use weasyprint to generate PDF
- /printpreview route to preview HTML template
3 years ago
Gavin D'souza
783165c01e
fix: Retry get_redis_conn until "sure"
If ConnectionError or BusyLoadingError occurs, try every second for
up-to 10 times.
Why: `bench start` exits just as i run it at times. This happens when
the worker's processes each try to fetch a redis conn but redis isnt up
yet. The 3 workeer processes exit with 1 and our procman gives up too.
3 years ago
saxenabhishek
eb9d2bcd64
feat: Query builder
4 years ago
Gavin D'souza
3b310afc68
Revert "fix(test): Retry flaky test"
This reverts commit 7a30b2455e
.
4 years ago
Gavin D'souza
7a30b2455e
fix(test): Retry flaky test
test_update_document test randomly breaks in Postgres CI. The remedy right now is to re-run the builds until the success checks come up. This change retries the specific test 2 more times before failing the build
4 years ago
Gavin D'souza
165ff8e1bf
chore: Update PyJWT dependency
* Update pinned dep fromm 1.7.1 to 2.0.1
* Updated usages as per changelog
ref: https://python.libhunt.com/pyjwt-changelog
4 years ago
Gavin D'souza
9b4c191928
chore: Update Jinja2 dependency
Update from 2.11.3 to 3.0.1
Ref: https://jinja.palletsprojects.com/en/3.0.x/changes/
4 years ago
Gavin D'souza
295d44cee5
chore: Drop future from requirements.txt
4 years ago
Gavin D'souza
3adb84eb8d
chore: Drop watchdog dependency
Watchdog isn't used by Frappe, and there wasn't any mechanism to access
it directly either. By default, bench serve (or start) uses
Werkzeug's watchdogreloader
4 years ago
Gavin D'souza
d236a93169
chore: Replacing and updating bleach source list
* The library bleach-whitelist was deprecated and renamed to
bleach-allowlist.
* Updated the usages and requirements for the same.
4 years ago
Suraj Shetty
00b6a6729d
ci: Use right parallel test runner command
- Also, fix coverage & coveralls setup
4 years ago
Suraj Shetty
e33a09f4e6
refactor: Test runner
- fix style
- Handle global dependency
4 years ago
Mohammad Hasnain Mohsin Rajan
58a2c1f8b6
ci: fix coveralls ( #12971 )
* fix: add service
* Update ci-tests.yml
* Update ci-tests.yml
* fix: coverage version
* fix: coveralls
* Update requirements.txt
* fix: add service name env var
* ci: Set COVERALLS_SERVICE_NAME as github
* ci: add tokens
* Update ci-tests.yml
* ci: no rcfile
* fix: pin versions
Co-authored-by: Suraj Shetty <13928957+surajshetty3416@users.noreply.github.com>
4 years ago
Rohan Bansal
919a7b7218
fix: update dependencies
4 years ago
Rohan Bansal
3142723d41
feat: manage Python 3 compatiblity with dependencies
4 years ago
Mohammad Hasnain Mohsin Rajan
9070cdc73d
ci: fix coveralls ( #12971 )
* fix: add service
* Update ci-tests.yml
* Update ci-tests.yml
* fix: coverage version
* fix: coveralls
* Update requirements.txt
* fix: add service name env var
* ci: Set COVERALLS_SERVICE_NAME as github
* ci: add tokens
* Update ci-tests.yml
* ci: no rcfile
* fix: pin versions
Co-authored-by: Suraj Shetty <13928957+surajshetty3416@users.noreply.github.com>
4 years ago
Rohan Bansal
f617bfeba6
fix: update dependencies
4 years ago
Rohan Bansal
86851028ea
feat: manage Python 3 compatiblity with dependencies
4 years ago
Suraj Shetty
358a9fabea
fix: max_old_space_size limit for node processes ( #12494 )
Co-authored-by: Gavin D'souza <gavin18d@gmail.com>
4 years ago
Ankush Menat
00afecba6e
fix: console crash due upstream issue in ipython
Temporary solution is to pin jedi to one version lower.
Reference: https://github.com/ipython/ipython/issues/12740#issuecomment-751273584
4 years ago
Rushabh Mehta
ba053c190e
chore(Snyk): Security upgrade cryptography from 3.2 to 3.3.2 ( #12350 )
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Suraj Shetty <13928957+surajshetty3416@users.noreply.github.com>
4 years ago
Rushabh Mehta
f95d34918d
chore(Snyk): Security upgrade markdown2 from 2.3.9 to 2.4.0 ( #12331 )
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-MARKDOWN2-1063233
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
4 years ago
dependabot-preview[bot]
fdfdc6fa7f
chore(deps): [security] bump bleach from 3.1.4 to 3.3.0 ( #12309 )
Bumps [bleach](https://github.com/mozilla/bleach ) from 3.1.4 to 3.3.0. **This update includes a security fix.**
- [Release notes](https://github.com/mozilla/bleach/releases )
- [Changelog](https://github.com/mozilla/bleach/blob/master/CHANGES )
- [Commits](https://github.com/mozilla/bleach/compare/v3.1.4...v3.3.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
4 years ago
Rushabh Mehta
5b7e7ec39c
chore(Snyk): Security upgrade jinja2 from 2.11.1 to 2.11.3 ( #12297 )
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Suraj Shetty <13928957+surajshetty3416@users.noreply.github.com>
4 years ago
snyk-bot
19c6e0218d
fix: requirements.txt to reduce vulnerabilities
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-590151
4 years ago
Rushabh Mehta
fa80d26f4c
fix(minor): update requirements.txt
4 years ago
Abhishek Balam
d276a2d8e0
fix: remove extra pillow entry in requirements
4 years ago
Abhishek Balam
bd2e3530cd
fix: strip exif data from image files before uploading
4 years ago
Rohan Bansal
9a84a7eb45
feat: use giturlparse to parse Git URLs
4 years ago
Mangesh-Khairnar
ea0af8d2e2
chore: remove twilio from requirements
4 years ago
dependabot[bot]
22a7b3d039
chore(deps): bump cryptography from 2.8 to 3.2
Bumps [cryptography](https://github.com/pyca/cryptography ) from 2.8 to 3.2.
- [Release notes](https://github.com/pyca/cryptography/releases )
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/2.8...3.2 )
Signed-off-by: dependabot[bot] <support@github.com>
4 years ago
Snyk bot
f004b0592d
chore: Security upgrade rsa from 4.0 to 4.1 ( #11671 )
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-RSA-570831
4 years ago
Snyk bot
b720726207
chore: Update passlib to fix security issue ( #11664 )
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PASSLIB-569603
Co-authored-by: Suraj Shetty <13928957+surajshetty3416@users.noreply.github.com>
4 years ago