Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump nautobot from 2.1.2 to 2.1.9 #154

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 26, 2024

Bumps nautobot from 2.1.2 to 2.1.9.

Release notes

Sourced from nautobot's releases.

v2.1.9 - 2024-03-25

What's Changed

Security

  • #5450 - Updated django to ~3.2.25 due to CVE-2024-27351.
  • #5464 - Added requirement for user authentication to access the endpoint /extras/job-results/<uuid:pk>/log-table/; furthermore it will not allow an authenticated user to view log entries for a JobResult they don't otherwise have permission to view. (GHSA-m732-wvh2-7cq4)
  • #5464 - Added narrower permissions enforcement on the endpoints /extras/git-repositories/<uuid:pk>/sync/ and /extras/git-repositories/<uuid:pk>/dry-run/; a user who has change permissions for a subset of Git repositories is no longer permitted to sync or dry-run other repositories for which they lack the appropriate permissions. (GHSA-m732-wvh2-7cq4)
  • #5464 - Added narrower permissions enforcement on the /api/dcim/connected-device/?peer_device=...&?peer_interface=... REST API endpoint; a user who has view permissions for a subset of interfaces is no longer permitted to query other interfaces for which they lack permissions. (GHSA-m732-wvh2-7cq4)
  • #5464 - Added narrower permissions enforcement on all <app>/<model>/<uuid>/notes/ UI endpoints; a user must now have the appropriate extras.view_note permissions to view existing notes. (GHSA-m732-wvh2-7cq4)
  • #5464 - Added requirement for user authentication to access the REST API endpoints /api/redoc/, /api/swagger/, /api/swagger.json, and /api/swagger.yaml. (GHSA-m732-wvh2-7cq4)
  • #5464 - Added requirement for user authentication to access the /api/graphql REST API endpoint, even when EXEMPT_VIEW_PERMISSIONS is configured. (GHSA-m732-wvh2-7cq4)
  • #5464 - Added requirement for user authentication to access the endpoints /dcim/racks/<uuid>/dynamic-groups/, /dcim/devices/<uuid>/dynamic-groups/, /ipam/prefixes/<uuid>/dynamic-groups/, /ipam/ip-addresses/<uuid>/dynamic-groups/, /virtualization/clusters/<uuid>/dynamic-groups/, and /virtualization/virtual-machines/<uuid>/dynamic-groups/, even when EXEMPT_VIEW_PERMISSIONS is configured. (GHSA-m732-wvh2-7cq4)
  • #5464 - Added requirement for user authentication to access the endpoint /extras/secrets/provider/<str:provider_slug>/form/. (GHSA-m732-wvh2-7cq4)

Added

  • #5464 - Added nautobot.apps.utils.get_url_for_url_pattern and nautobot.apps.utils.get_url_patterns lookup functions.
  • #5464 - Added nautobot.apps.views.GenericView base class.

Changed

  • #5464 - Added support for view_name and view_description optional parameters when instantiating a nautobot.apps.api.OrderedDefaultRouter. Specifying these parameters is to be preferred over defining a custom APIRootView subclass when defining App API URLs.
  • #5464 - Added requirement for user authentication by default on the nautobot.apps.api.APIRootView class. As a consequence, viewing the browsable REST API root endpoints (e.g. /api/, /api/circuits/, /api/dcim/, etc.) now requires user authentication.

Removed

  • #5464 - Removed the URL endpoints /api/users/users/my-profile/, /api/users/users/session/, /api/users/tokens/authenticate/, and /api/users/tokens/logout/ as they are unused at this time.

Fixed

  • #5413 - Updated Device "LLDP Neighbors" detail panel to handle LLDP neighbors with MAC address as port-id.
  • #5423 - Fixed collapsable navbar for GraphiQL page /graphql.
  • #5423 - Fixed collapsable navbar for Admin page /admin.
  • #5423 - Fixed collapsable navbar for Django Rest Framework (DRF) page /api/.
  • #5423 - Improved footer responsiveness for certain media sizes.
  • #5464 - Fixed a 500 error when accessing any of the /dcim/<port-type>/<uuid>/connect/<termination_b_type>/ view endpoints with an invalid/nonexistent termination_b_type string.
  • #5466 - Remove duplicated location param in vlan table.

Dependencies

  • #5296 - Fixed bug in pyproject.toml that added coverage as a nautobot dependency instead of a development dependency.

Documentation

  • #5340 - Added installation documentation about recommended health-checks for Docker Compose and Kubernetes.
  • #5464 - Updated example views in the App developer documentation to include ObjectPermissionRequiredMixin or LoginRequiredMixin as appropriate best practices.

Housekeeping

... (truncated)

Commits
  • 27ee0c2 Merge pull request #5477 from nautobot/release/2.1.9
  • 961954a release v2.1.9
  • dd623e6 View authentication and permission fixes (#5464)
  • acb506d Add documentation about docker-compose/k8s health checks (#5449)
  • e265c8e Remove duplicated location param in vlan table (#5467)
  • 2e4ffd6 fix: Update Device lldp detail panel for MAC address port-id (#5413)
  • ce2350e Remove OrderedDict from dcim.models.racks.py (#5451)
  • 9ea4bba Fixed bug in pyproject.toml that added coverage as a nautobot dependency (#...
  • 6814cbe Pinned coverage to 6.4.0 to resolve issue with breakpoints in unit tests. (#5...
  • f8d5fdf Replace OrderedDict in routers.py (#5456)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [nautobot](https://github.com/nautobot/nautobot) from 2.1.2 to 2.1.9.
- [Release notes](https://github.com/nautobot/nautobot/releases)
- [Changelog](https://github.com/nautobot/nautobot/blob/develop/CHANGELOG.md)
- [Commits](nautobot/nautobot@v2.1.2...v2.1.9)

---
updated-dependencies:
- dependency-name: nautobot
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from glennmatthews as a code owner March 26, 2024 01:52
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 26, 2024
@dependabot dependabot bot requested review from lampwins and chadell as code owners March 26, 2024 01:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants