Release v2.21.0 #8527
Merged
Release v2.21.0 #8527
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![cvat-bot[bot]](https://avatars.githubusercontent.com/in/406724?s=60&v=4){kind=small}
Update develop after v2.20.0
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Currently several permission classes dynamically determine scopes for `PATCH` endpoints, depending on request body fields. This is error-prone for a couple of reasons: * If you forget to add a default scope like `Scopes.VIEW`, then anyone can view the resource by submitting a `PATCH` request with an empty body. * If you add a field to a resource, but forget to define which scope it should be associated with, then anyone can modify this field on any instance of this resource. Both of these have happened previously; see <GHSA-gxhm-hg65-5gh2>. Attempt to harden the scope determination logic for such endpoints, so that such errors could not occur. Specifically: * Factor out the common logic (including the default scope) into a function. * Instead of checking for each known field in the request body, check every field in the body against a map of known fields, and abort if the field does not map to any scopes. A side effect of this change is that request bodies that set certain fields (such as `owner_id`) to the values they already have did not previously require the appropriate `UPDATE_*` scope, but now they do. This is for simplicity of implementation. I see no need to preserve the current behavior, since a user who does not have the requisite permission can simply omit the field from the request. Another side effect is that request bodies with unknown fields are now rejected, whereas previously such fields would be ignored. I think that's probably a good thing, since we can't properly fulfill such a request anyway - can't set a field that doesn't exist. This change detected a broken test in the unit test suite, so fix that.
<!-- Raise an issue to propose your change (https://github.com/cvat-ai/cvat/issues). It helps to avoid duplication of efforts from multiple independent contributors. Discuss your ideas with maintainers to be sure that changes will be approved and merged. Read the [Contribution guide](https://docs.cvat.ai/docs/contributing/). --> <!-- Provide a general summary of your changes in the Title above --> ### Motivation and context <!-- Why is this change required? What problem does it solve? If it fixes an open issue, please link to the issue here. Describe your changes in detail, add screenshots. --> Supporting YOLOv8 classification format ### How has this been tested? <!-- Please describe in detail how you tested your changes. Include details of your testing environment, and the tests you ran to see how your change affects other areas of the code, etc. --> ### Checklist <!-- Go over all the following points, and put an `x` in all the boxes that apply. If an item isn't applicable for some reason, then ~~explicitly strikethrough~~ the whole line. If you don't do that, GitHub will show incorrect progress for the pull request. If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [ ] I submit my changes into the `develop` branch - [ ] I have created a changelog fragment <!-- see top comment in CHANGELOG.md --> - [ ] I have updated the documentation accordingly - [ ] I have added tests to cover my changes - [ ] I have linked related issues (see [GitHub docs]( https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword)) - [ ] I have increased versions of npm packages if it is necessary ([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning), [cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning), [cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning) and [cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning)) ### License - [ ] I submit _my code changes_ under the same [MIT License]( https://github.com/cvat-ai/cvat/blob/develop/LICENSE) that covers the project. Feel free to contact the maintainers if that's a concern. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Added support for the "YOLOv8 Classification" format in the application, including export and import functionalities. - Updated documentation to include details about the new YOLOv8 Classification format. - **Bug Fixes** - Enhanced test coverage for the new YOLOv8 Classification format to ensure proper functionality in export and import processes. - **Documentation** - Integrated new entries in the README and detailed documentation for the YOLOv8 Classification format. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
### Motivation and context fix #4767 my docker-compose.https.yml: ```yaml # Copyright (C) 2018-2022 Intel Corporation # # SPDX-License-Identifier: MIT ### Checklist <!-- Go over all the following points, and put an `x` in all the boxes that apply. If an item isn't applicable for some reason, then ~~explicitly strikethrough~~ the whole line. If you don't do that, GitHub will show incorrect progress for the pull request. If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [x] I submit my changes into the `develop` branch - [x] I have created a changelog fragment <!-- see top comment in CHANGELOG.md --> - [x] I have updated the documentation accordingly - [x] I have added tests to cover my changes - [x] I have linked related issues (see [GitHub docs]( https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword)) - [x] I have increased versions of npm packages if it is necessary ([cvat-canvas](https://github.com/opencv/cvat/tree/develop/cvat-canvas#versioning), [cvat-core](https://github.com/opencv/cvat/tree/develop/cvat-core#versioning), [cvat-data](https://github.com/opencv/cvat/tree/develop/cvat-data#versioning) and [cvat-ui](https://github.com/opencv/cvat/tree/develop/cvat-ui#versioning)) ### License - [x] I submit _my code changes_ under the same [MIT License]( https://github.com/opencv/cvat/blob/develop/LICENSE) that covers the project. Feel free to contact the maintainers if that's a concern. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Introduced comprehensive documentation for implementing custom SSL certificates in the CVAT environment. - Provided step-by-step instructions for setting up and configuring Traefik to use custom certificates. - **Documentation** - Added a new file detailing the process of creating a certificates directory, modifying Traefik configuration, and starting CVAT with custom SSL certificates. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Andrey Zhavoronkov <andrey@cvat.ai>
- Allowed quality report computation for tasks to regular users (before this only admins could trigger custom report computations) - Refactored quality control tests --------- Co-authored-by: Maria Khrustaleva <maria@cvat.ai>
cvat-bot
bot
requested review from
azhavoro,
zhiltsov-max,
bsekachev,
SpecLad,
Marishka17 and
nmanovic
as code owners
|
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #8527 +/- ##
==========================================
- Coverage 74.35% 74.21% -0.15%
==========================================
Files 394 400 +6
Lines 42211 43207 +996
Branches 3896 3905 +9
==========================================
+ Hits 31384 32064 +680
- Misses 10827 11143 +316
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added
New task mode: Honeypots (GT pool) (Validation API core #8348)
New task creation options for quality control: Honeypots (GT pool), GT job (Validation API core #8348)
New GT job frame selection method:
random_per_job, which guarantees each job will have GT overlap (Validation API core #8348)[Server API] POST
/jobs/: new frame selection parameters, which accept percentages, instead of absolute values (Validation API core #8348)[Server API] GET
/api/tasks/{id}/got a newvalidation_modefield, reflecting the current validation configuration (immutable) (Validation API core #8348)[Server API] POST
/api/tasks/{id}/datagot a newvalidation_paramsfield, which allows to enableGTandGT_POOLvalidation for a task on its creation (Validation API core #8348)Added custom certificates documentation (Enable HTTPS use Custom Certificates #7508)
Support for YOLOv8 Classification format (YOLOv8 classification format #8475)
[Server API] An option to change real frames for honeypot frames in tasks with honeypots (Validation management core #8471)
[Server API] New endpoints for validation configuration management in tasks and jobs
/api/tasks/{id}/validation_layout,/api/jobs/{id}/validation_layout(Validation management core #8471)[Helm] Readiness and liveness probes (Added readiness and liveness probes #8488)
Changed
[Server API] POST
/jobs/.framesfield now expects relative frame numbers instead of absolute (source data) ones (Validation API core #8348)[Server API] Now chunks in tasks can be changed. There are new API elements to check chunk relevancy, if they are cached:
/api/tasks/{id}/data/metagot a new fieldchunks_updated_date,/api/tasks/{id}/data/?type=chunkgot 2 new headers:X-Updated-Date,X-Checksum(Validation management core #8471)Made the
PATCHendpoints for projects, tasks, jobs and memberships check the input more strictly (Harden access control in several PATCH endpoints #8493):[Server API] Quality report computation is now allowed to regular users (Allow quality reports to regular users #8511)
Fixed
?numberis used in the request and task frame step > 1 (Fix task creation with gt job and gt job frame access #8510)api/jobs/{id}/data/?type=frame(Fix task creation with gt job and gt job frame access #8510)