Tracking pull request to merge release-3.1.0 to master#2973
Open
kuanfandevops wants to merge 9 commits into
Open
Tracking pull request to merge release-3.1.0 to master#2973kuanfandevops wants to merge 9 commits into
kuanfandevops wants to merge 9 commits into
Conversation
…3012) The frontend dispatched getNotificationsCount() right after IDIR login, and any error from /api/notifications/count flipped errorRequest.hasErrors in the global reducer, causing App.js to render the full "We're sorry" StatusInterceptor instead of the router. A 500 from that one bell-counter endpoint locked users out of the entire app (issue #4448). Notifications are kept only as a historical view, so: - frontend/src/store/notificationTrigger.js: drop the post-login getNotificationsCount() dispatch. The notifications-page list fetch (getNotifications) stays in place for users who navigate there. - backend/api/viewsets/Notification.py: short-circuit the count action to a stable 200 returning {"unreadCount": 0}. Belt-and-braces guard for stale clients that still call the endpoint; no DB hit, no chance of 500. Other notification routes (list, statuses, subscribe, etc.) untouched.
The trstringer/manual-approval action creates a GitHub issue and assigns the approver list to it. JulianForeman and dhaselhan can no longer be assigned to issues in bcgov/tfrs, so issue creation 422s and the Test/Prod deploy step fails immediately: error creating issue: ... 422 Validation Failed assignees dhaselhan, julianforeman cannot be assigned to this issue Remove both from the approver lists in test-ci.yaml and prod-ci.yaml. Remaining approvers (AlexZorkin, kuanfandevops, prv-proton, kevin-hashimoto) still comfortably satisfy minimum-approvals (1 for test, 2 for prod).
* Feat: TFRS - hide Create Supplemental Report button - 3555 (#2981) Co-authored-by: Prashanth <Prashanth.venkateshappa@gov.bc.ca> * chore: upgrade GitHub Actions to Node 24 compatible versions (#2986) - actions/checkout: v3/v4.1.1 → v6.0.2 (Node 24) - actions/cache: v4.2.0 → v5.0.4 (Node 24) - mikefarah/yq: v4.40.5 → v4.52.4 - Mattraks/delete-workflow-runs: v2.0.4 → v2.1.0 - mad9000/actions-find-and-replace-string: @4 → @5 - softprops/action-gh-release: v1 → v2.6.1 - trstringer/manual-approval: v1.6.0 → v1.12.0 * feat: TFRS - hide BCeID login button - 4286 (#2987) * Bump urllib3 from 1.26.18 to 2.6.3 in /backend (#2983) Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.18 to 2.6.3. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.18...2.6.3) --- updated-dependencies: - dependency-name: urllib3 dependency-version: 2.6.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang.org/x/crypto in /security-scan/scan-coordinator (#2980) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.3.0 to 0.45.0. - [Commits](golang/crypto@v0.3.0...v0.45.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump requests from 2.31.0 to 2.32.4 in /backend (#2975) Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.4. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.31.0...v2.32.4) --- updated-dependencies: - dependency-name: requests dependency-version: 2.32.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump django from 3.2.25 to 4.2.26 in /backend (#2979) Bumps [django](https://github.com/django/django) from 3.2.25 to 4.2.26. - [Commits](django/django@3.2.25...4.2.26) --- updated-dependencies: - dependency-name: django dependency-version: 4.2.26 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Chore(deps): Bump django from 4.2.26 to 4.2.30 in /backend (#2988) Bumps [django](https://github.com/django/django) from 4.2.26 to 4.2.30. - [Commits](django/django@4.2.26...4.2.30) --- updated-dependencies: - dependency-name: django dependency-version: 4.2.30 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: fix docker build errors for backend and scan-coordinator * fix: Django 4.2 compat + dependabot rollup for release-3.0.1 (#2998) * fix: upgrade celery ecosystem for Django 4.2 compatibility django-celery-beat 1.4.0 imports ugettext_lazy which was removed in Django 4.0, breaking backend startup after the Django 3.2 -> 4.2 bump. Upgrade celery, kombu, billiard, amqp, vine and django-celery-beat to versions that support Django 4.2. Drop backports.zoneinfo (only needed for Python < 3.9) and relax tzdata pin so dependencies can resolve a current version. * chore(deps): roll up pending dependabot backend bumps Apply the seven open dependabot PRs against backend/requirements.txt (#2989-#2995) as a single commit alongside the celery upgrade, so release-3.0.1 gets one coherent dependency refresh instead of seven serial dependabot merges: - cryptography 39.0.1 -> 46.0.7 - Markdown 2.6.8 -> 3.8.1 - pyjwt 2.1.0 -> 2.12.0 - python-dotenv 0.21.0 -> 1.2.2 - requests 2.32.4 -> 2.33.0 - sqlparse 0.4.4 -> 0.5.4 - urllib3 2.6.3 -> 2.7.0 * fix: pin python-dotenv to 1.2.1 for Python 3.9 backend image (#2999) * fix: pin cryptography to 43.0.3 to keep cp39 wheels cryptography 46.0.7 (rolled in via #2998) most likely fails to install on the python:3.9.20-bullseye backend image: recent cryptography releases tightened wheel availability and require OpenSSL 3.0 + a Rust toolchain to build from source, neither of which is in the base image. Backend OpenShift build #13 fails in ~1 minute, consistent with a fast pip resolution/compile error. Pin to 43.0.3 — the most recent release in the 43.x line, still ships cp39 manylinux wheels, and addresses the same CVEs the dependabot bump was targeting. * fix: pin python-dotenv to 1.2.1 (not 1.2.2) for Python 3.9 compat Build #13 OpenShift logs show the real failure: dependabot #2989 bumped python-dotenv to 1.2.2, which requires Python >=3.10 and so cannot be installed on the python:3.9.20-bullseye backend image. 1.2.1 is the highest release that still ships a cp39-compatible distribution. Also reverts the cryptography downgrade from the previous commit — the 46.0.7 wheel resolves cleanly (cp38-abi3 manylinux_2_28); cryptography was never the issue. * fix: pin py3.9-compatible deps (requests, urllib3, cffi, typing_extensions) (#3000) * fix: pin requests to 2.32.5 for Python 3.9 compat Backend OpenShift build #14 logs: ERROR: Could not find a version that satisfies the requirement requests==2.33.0 ERROR: Ignored the following versions that require a different python version: 2.33.0 Requires-Python >=3.10 Dependabot #2992 bumped requests to 2.33.0 which requires Python >=3.10; backend image is python:3.9.20. 2.32.5 is the highest cp39-compatible release and still patches CVE-2024-47081 (the bump's target). * fix: surface remaining py3.9 dep conflicts via local docker build Reproduced the OpenShift build locally against python:3.9.20-bullseye to flush out every remaining conflict in one pass instead of iterating through CI. Three additional fixes beyond the requests pin: - urllib3 2.7.0 -> 2.6.3 (2.7.0 requires Python >=3.10) - cffi 1.15.1 -> 2.0.0 (cryptography 46.0.7 requires cffi>=2.0.0) - typing_extensions 4.4.0 -> 4.13.2 (cryptography 46.0.7 requires typing-extensions>=4.13.2 on Python <3.11) Verified with a full 'pip install -r requirements.txt' in the matching base image: clean resolution and successful build of all wheels. * fix: make db_comments PatchedField compatible with Django 4.2 (#3005) Prod backend pod crashes on startup with: File "/app/db_comments/patch_fields.py", line 46, in __init__ super().__init__(verbose_name, name, **kwargs) File "django/db/models/fields/__init__.py", line 1371, in __init__ super().__init__(*args, **kwargs) File "django/db/models/fields/__init__.py", line 225, in __init__ self.db_comment = db_comment AttributeError: can't set attribute Django 4.2 added a native 'db_comment' argument to Field.__init__ and assigns it via 'self.db_comment = db_comment'. Our PatchedField defines db_comment as a read-only @Property, so the assignment fails — the project was relying on Django 3.2 never touching the attribute. Fix: - Add a setter on the property that stores the value in self._db_comment, matching what the existing getter reads from. - Stop stripping the db_comment kwarg before calling super(): Django now accepts it natively, so passing it through means the setter routes it to _db_comment for us. The getter's ForeignKey-aware formatting still composes the final value at read time. Verified locally against python:3.9.20-bullseye with the release-3.0.1 requirements: - patch_fields() applies cleanly - models.CharField(max_length=10, db_comment='x') instantiates without error and field.db_comment reads back as 'x' - Reassigning field.db_comment works * fix: Django 4.2 source + dependency compat for backend startup (#3007) Prod backend pod hits a cascade of Django 4.2 incompatibilities during django.setup() / autodiscover_modules. Reproduced locally against python:3.9.20-bullseye + the post-#2998 requirements; iterated 'python manage.py check' until clean. Final state passes with no errors. Changes: 1. backend/db_comments/patch_fields.py Django 4.2 added a native db_comment kwarg to Field.__init__ and does 'self.db_comment = db_comment'. Our PatchedField defined db_comment as a read-only @Property -> AttributeError. Add a setter that stores into self._db_comment and stop stripping the kwarg (Django handles it natively now). 2. backend/tfrs/urls.py, backend/api/urls.py 'django.conf.urls.url' was removed in Django 4.0. Replace with 'django.urls.re_path' (same behavior, takes regex). Also dedupe imports in tfrs/urls.py. 3. backend/requirements.txt - django-extensions 1.7.7 -> 3.2.3: 1.7.7 (2017) still imports 'django.utils.translation.ugettext' which was removed in Django 4.0. - djangorestframework 3.11.2 -> 3.14.0: 3.11.x still uses 'django.conf.urls.url' internally. 3.14 is the latest stable that supports Django 4.2 + Python 3.9. - setuptools>=65.5.1 -> >=65.5.1,<81: setuptools 81 removed pkg_resources, which coreapi 2.3.3 (transitive dep used by DRF's include_docs_urls) still imports. Pinning <81 keeps the shim until coreapi can be removed entirely. Supersedes #3005 (db_comments fix is included here). --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Prashanth <130073308+prv-proton@users.noreply.github.com> Co-authored-by: Prashanth <Prashanth.venkateshappa@gov.bc.ca> Co-authored-by: Kuan Fan <31664961+kuanfandevops@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kuan Fan <kuan.fan@gov.bc.ca>
* fix: short-circuit notifications/count to prevent app-wide lockout
The frontend dispatched getNotificationsCount() right after IDIR login,
and any error from /api/notifications/count flipped errorRequest.hasErrors
in the global reducer, causing App.js to render the full "We're sorry"
StatusInterceptor instead of the router. A 500 from that one bell-counter
endpoint locked users out of the entire app (issue #4448).
Notifications are kept only as a historical view, so:
- frontend/src/store/notificationTrigger.js: drop the post-login
getNotificationsCount() dispatch. The notifications-page list fetch
(getNotifications) stays in place for users who navigate there.
- backend/api/viewsets/Notification.py: short-circuit the count action
to a stable 200 returning {"unreadCount": 0}. Belt-and-braces guard
for stale clients that still call the endpoint; no DB hit, no chance
of 500.
Other notification routes (list, statuses, subscribe, etc.) untouched.
* use bitnamilegacy (#2985)
---------
Co-authored-by: Kuan Fan <31664961+kuanfandevops@users.noreply.github.com>
* fix: short-circuit notifications/count to prevent app-wide lockout
The frontend dispatched getNotificationsCount() right after IDIR login,
and any error from /api/notifications/count flipped errorRequest.hasErrors
in the global reducer, causing App.js to render the full "We're sorry"
StatusInterceptor instead of the router. A 500 from that one bell-counter
endpoint locked users out of the entire app (issue #4448).
Notifications are kept only as a historical view, so:
- frontend/src/store/notificationTrigger.js: drop the post-login
getNotificationsCount() dispatch. The notifications-page list fetch
(getNotifications) stays in place for users who navigate there.
- backend/api/viewsets/Notification.py: short-circuit the count action
to a stable 200 returning {"unreadCount": 0}. Belt-and-braces guard
for stale clients that still call the endpoint; no DB hit, no chance
of 500.
Other notification routes (list, statuses, subscribe, etc.) untouched.
* use bitnamilegacy (#2985)
---------
Co-authored-by: Kuan Fan <31664961+kuanfandevops@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.