Release v2.7.0 #6847
Merged
Release v2.7.0 #6847
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- Raise an issue to propose your change (https://github.com/opencv/cvat/issues). It helps to avoid duplication of efforts from multiple independent contributors. Discuss your ideas with maintainers to be sure that changes will be approved and merged. Read the [Contribution guide](https://opencv.github.io/cvat/docs/contributing/). --> <!-- Provide a general summary of your changes in the Title above --> ### Motivation and context <!-- Why is this change required? What problem does it solve? If it fixes an open issue, please link to the issue here. Describe your changes in detail, add screenshots. --> Test for #6771 ### How has this been tested? <!-- Please describe in detail how you tested your changes. Include details of your testing environment, and the tests you ran to see how your change affects other areas of the code, etc. --> Added cypress test ### Checklist <!-- Go over all the following points, and put an `x` in all the boxes that apply. If an item isn't applicable for some reason, then ~~explicitly strikethrough~~ the whole line. If you don't do that, GitHub will show incorrect progress for the pull request. If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [x] I submit my changes into the `develop` branch - ~~[ ] I have added a description of my changes into the [CHANGELOG](https://github.com/opencv/cvat/blob/develop/CHANGELOG.md) file~~ - ~~[ ] I have updated the documentation accordingly~~ - [x] I have added tests to cover my changes - ~~[ ] I have linked related issues (see [GitHub docs]( https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword))~~ - ~~[ ] I have increased versions of npm packages if it is necessary ([cvat-canvas](https://github.com/opencv/cvat/tree/develop/cvat-canvas#versioning), [cvat-core](https://github.com/opencv/cvat/tree/develop/cvat-core#versioning), [cvat-data](https://github.com/opencv/cvat/tree/develop/cvat-data#versioning) and [cvat-ui](https://github.com/opencv/cvat/tree/develop/cvat-ui#versioning))~~ ### License - [x] I submit _my code changes_ under the same [MIT License]( https://github.com/opencv/cvat/blob/develop/LICENSE) that covers the project. Feel free to contact the maintainers if that's a concern.
See these several issues. They are connected to each other in some way. The thing is that nuclio has a default timeout of 1 minute. With this change we can force nuclio dashboard not to terminate the connection. nuclio/nuclio#3016 #3301 #6041
Minor quality of life improvement which helps managing status of users.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies
to a fixed version:
- cvat/requirements/base.txt
<details>
<summary>⚠️ <b>Warning</b></summary>
```
tensorboard 2.11.2 requires werkzeug, which is not installed.
tensorboard 2.11.2 has requirement setuptools>=41.0.0, but you have setuptools 39.0.1.
```
</details>
#### Vulnerabilities that will be fixed
##### By pinning:
Severity | Priority Score (*) | Issue | Upgrade | Breaking Change |
Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **658/1000** <br/> **Why?** Proof of Concept
exploit, Recently disclosed, Has a fix available, CVSS 5.3 | Directory
Traversal
<br/>[SNYK-PYTHON-GITPYTHON-5876644](https://snyk.io/vuln/SNYK-PYTHON-GITPYTHON-5876644)
| `gitpython:` <br> `3.1.33 -> 3.1.35` <br> | No | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Some vulnerabilities couldn't be fully fixed and so Snyk will still find
them when the project is tested again. This may be because the
vulnerability existed within more than one direct dependency, but not
all of the affected dependencies could be upgraded.
Check the changes in this PR to ensure they won't cause issues with your
project.
------------
**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open fix PRs.*
For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJkNTVhNzRlOS03MGJkLTRjZmUtYmEyYi02NjE4NzFjNTA4NmYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImQ1NWE3NGU5LTcwYmQtNGNmZS1iYTJiLTY2MTg3MWM1MDg2ZiJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/cvat/project/4bbc4b80-3fb9-4009-a7bb-51016d44946b?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project
settings](https://app.snyk.io/org/cvat/project/4bbc4b80-3fb9-4009-a7bb-51016d44946b?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch
logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: #
(snyk:metadata:{"prId":"d55a74e9-70bd-4cfe-ba2b-661871c5086f","prPublicId":"d55a74e9-70bd-4cfe-ba2b-661871c5086f","dependencies":[{"name":"gitpython","from":"3.1.33","to":"3.1.35"}],"packageManager":"pip","projectPublicId":"4bbc4b80-3fb9-4009-a7bb-51016d44946b","projectUrl":"https://app.snyk.io/org/cvat/project/4bbc4b80-3fb9-4009-a7bb-51016d44946b?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-PYTHON-GITPYTHON-5876644"],"upgrade":[],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"priorityScoreList":[658],"remediationStrategy":"vuln"})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Directory
Traversal](https://learn.snyk.io/lesson/directory-traversal/?loc=fix-pr)
The PR contains several improvements and changes that are mainly aimed
at supporting the crowdsourcing plugin.
**Server changes:**
- Added support for JSON filter description
- Fixed converter in AbstractArrayField
- Added logic for working with public assets (GET /assets/{uuid}/public
endpoint, is_public model field)
- Added several fixes for crowdsourcing users to be able to work
- Deleted dead code
- Added support for OPA rules that are located not in the default
directory
azhavoro
requested review from
bsekachev,
mdacoca,
SpecLad,
Marishka17 and
nmanovic
as code owners
Codecov Report
@@ Coverage Diff @@
## master #6847 +/- ##
==========================================
+ Coverage 82.43% 82.47% +0.03%
==========================================
Files 369 370 +1
Lines 39790 39831 +41
Branches 3547 3549 +2
==========================================
+ Hits 32802 32850 +48
+ Misses 6988 6981 -7
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[2.7.0] - 2023-09-10
Added
Fixed
cloud_storage_id(Fix swagger specification #6825)Security