Bumps [requests](https://github.com/psf/requests) from 2.29.0 to 2.31.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.31.0</h2>
<h2>2.31.0 (2023-05-22)</h2>
<p><strong>Security</strong></p>
<ul>
<li>
<p>Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to
potential
forwarding of <code>Proxy-Authorization</code> headers to destination
servers when
following HTTPS redirects.</p>
<p>When proxies are defined with user info (<a
href="https://user:pass@proxy:8080">https://user:pass@proxy:8080</a>),
Requests
will construct a <code>Proxy-Authorization</code> header that is
attached to the request to
authenticate with the proxy.</p>
<p>In cases where Requests receives a redirect response, it previously
reattached
the <code>Proxy-Authorization</code> header incorrectly, resulting in
the value being
sent through the tunneled connection to the destination server. Users
who rely on
defining their proxy credentials in the URL are <em>strongly</em>
encouraged to upgrade
to Requests 2.31.0+ to prevent unintentional leakage and rotate their
proxy
credentials once the change has been fully deployed.</p>
<p>Users who do not use a proxy or do not supply their proxy credentials
through
the user information portion of their proxy URL are not subject to this
vulnerability.</p>
<p>Full details can be read in our <a
href="https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q">Github
Security Advisory</a>
and <a
href="https://nvd.nist.gov/vuln/detail/CVE-2023-32681">CVE-2023-32681</a>.</p>
</li>
</ul>
<h2>v2.30.0</h2>
<h2>2.30.0 (2023-05-03)</h2>
<p><strong>Dependencies</strong></p>
<ul>
<li>
<p>⚠️ Added support for urllib3 2.0. ⚠️</p>
<p>This may contain minor breaking changes so we advise careful testing
and
reviewing <a
href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html</a>
prior to upgrading.</p>
<p>Users who wish to stay on urllib3 1.x can pin to
<code>urllib3<2</code>.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.31.0 (2023-05-22)</h2>
<p><strong>Security</strong></p>
<ul>
<li>
<p>Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to
potential
forwarding of <code>Proxy-Authorization</code> headers to destination
servers when
following HTTPS redirects.</p>
<p>When proxies are defined with user info (<a
href="https://user:pass@proxy:8080">https://user:pass@proxy:8080</a>),
Requests
will construct a <code>Proxy-Authorization</code> header that is
attached to the request to
authenticate with the proxy.</p>
<p>In cases where Requests receives a redirect response, it previously
reattached
the <code>Proxy-Authorization</code> header incorrectly, resulting in
the value being
sent through the tunneled connection to the destination server. Users
who rely on
defining their proxy credentials in the URL are <em>strongly</em>
encouraged to upgrade
to Requests 2.31.0+ to prevent unintentional leakage and rotate their
proxy
credentials once the change has been fully deployed.</p>
<p>Users who do not use a proxy or do not supply their proxy credentials
through
the user information portion of their proxy URL are not subject to this
vulnerability.</p>
<p>Full details can be read in our <a
href="https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q">Github
Security Advisory</a>
and <a
href="https://nvd.nist.gov/vuln/detail/CVE-2023-32681">CVE-2023-32681</a>.</p>
</li>
</ul>
<h2>2.30.0 (2023-05-03)</h2>
<p><strong>Dependencies</strong></p>
<ul>
<li>
<p>⚠️ Added support for urllib3 2.0. ⚠️</p>
<p>This may contain minor breaking changes so we advise careful testing
and
reviewing <a
href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html</a>
prior to upgrading.</p>
<p>Users who wish to stay on urllib3 1.x can pin to
<code>urllib3<2</code>.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="147c8511dd"><code>147c851</code></a>
v2.31.0</li>
<li><a
href="74ea7cf7a6"><code>74ea7cf</code></a>
Merge pull request from GHSA-j8r2-6x86-q33q</li>
<li><a
href="3022253346"><code>3022253</code></a>
test on pypy 3.8 and pypy 3.9 on windows and macos (<a
href="https://redirect.github.com/psf/requests/issues/6424">#6424</a>)</li>
<li><a
href="b639e66c81"><code>b639e66</code></a>
test on py3.12 (<a
href="https://redirect.github.com/psf/requests/issues/6448">#6448</a>)</li>
<li><a
href="d3d504436e"><code>d3d5044</code></a>
Fixed a small typo (<a
href="https://redirect.github.com/psf/requests/issues/6452">#6452</a>)</li>
<li><a
href="2ad18e0e10"><code>2ad18e0</code></a>
v2.30.0</li>
<li><a
href="f2629e9e3c"><code>f2629e9</code></a>
Remove strict parameter (<a
href="https://redirect.github.com/psf/requests/issues/6434">#6434</a>)</li>
<li>See full diff in <a
href="https://github.com/psf/requests/compare/v2.29.0...v2.31.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/grafana/oncall/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
# What this PR does
- Hide timeline numbering when `isDisabled` is being sent
- Fixed tooltips within expanded route for escalation chains actions
- Replaced GSelect with Select to allow refreshing list manually
# What this PR does
As the title says -> Refactored templates within templates&grouping
- File structure was changed
- Templates config added instead of manually rendering each item, this
way that config can be easily overwritten in oncall-private
# What this PR does
Fixes https://github.com/grafana/oncall/issues/1960.
## Checklist
- [x] Unit, integration, and e2e (if applicable) tests updated
- [x] Documentation added (or `pr:no public docs` PR label added if not
required)
- [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not
required)
Bring back `FCM_PROJECT_ID` env variable that was removed in
https://github.com/grafana/oncall/pull/1969.
I made an incorrect assumption that project ID is already specified in
the credentials file, but in fact project ID can be different from the
one in credentials file.
# What this PR does
Allow passing Google application credentials (used to send FCM messages
using `fcm-django`) as an environment variable
`GOOGLE_APPLICATION_CREDENTIALS_JSON_BASE64`. If the env variable is not
provided, credentials will be taken from file. This change allows uWSGI
workers send messages to FCM (currently it's not possible because the
uWSGI user doesn't have access to the credentials file) + makes
configuration more consistent.
Also removes a redundant `FCM_PROJECT_ID` env variable (Google
application credentials already contain the project ID).
## Which issue(s) this PR fixes
## Checklist
- [x] Unit, integration, and e2e (if applicable) tests updated
- [x] Documentation added (or `pr:no public docs` PR label added if not
required)
- [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not
required)
# What this PR does
- Fixed Templates view
- Fixed main integration page view for smaller screens
- Show No Escalation Chain/ChatOps (Slack/Telegram for now, no MS teams
yet)
# What this PR does
Fix inbound email endpoint bug when attaching files to email leads to
HTTP 500.
## Checklist
- [x] Unit, integration, and e2e (if applicable) tests updated
- [x] Documentation added (or `pr:no public docs` PR label added if not
required)
- [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not
required)
# What this PR does
Adds ability to send test push notification
---------
Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com>
Co-authored-by: Rares Mardare <rares.mardare@grafana.com>
# What this PR does
- Improvement to the local development environment for the grafana
plugin
- Run initial yarn build inside the docker container with the same
version that is later used for periodic rebuilds
- Removes the requirement for having yarn/nodejs installed locally
- Using a named volume for storing the node_modules, so they are only
stored once
- Remove the yarn install step from the Dockerfile
- Ideally we store the node_modules only once inside the named volumes.
Currently they are stored times
- on the host system outside of dockerin grafana-plugins/node_modules
- inside the docker image
- inside the anonymous docker volume created at the start of a container
- update `node` to 18.16.0 (14.17.0 has reached end-of-life as of 3
weeks ago)
## Which issue(s) this PR fixes
## Checklist
- [X] ~Unit, integration, and e2e (if applicable) tests updated~ N/A
- [ ] Documentation added (or `pr:no public docs` PR label added if not
required)
- [ ] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not
required)
---------
Co-authored-by: Joey Orlando <joseph.t.orlando@gmail.com>
Organizations that have been deleted outside OnCall were not being
cleaned up by this task as expected.
- Use PluginAuthToken instead of GCOM token == None to determine if the
oncall organization should be matched in GCOM
- Fix how delete was being checked for the instance, the previous method
does not work.
# What this PR does
## Which issue(s) this PR fixes
## Checklist
- [ ] Unit, integration, and e2e (if applicable) tests updated
- [ ] Documentation added (or `pr:no public docs` PR label added if not
required)
- [ ] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not
required)
Bumps
[pymdown-extensions](https://github.com/facelessuser/pymdown-extensions)
from 9.11 to 10.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/facelessuser/pymdown-extensions/releases">pymdown-extensions's
releases</a>.</em></p>
<blockquote>
<h2>10.0</h2>
<ul>
<li><strong>Break</strong>: Snippets: snippets will restrict snippets to
ensure they are under the <code>base_path</code> preventing snippets
relative to the <code>base_path</code> but not explicitly under it.
<code>restrict_base_path</code> can be set to <code>False</code> for
legacy
behavior.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e750734b7"><code>5e75073</code></a>
Update JS doc deps</li>
<li><a
href="b7bb4878d6"><code>b7bb487</code></a>
Merge pull request from GHSA-jh85-wwv9-24hv</li>
<li>See full diff in <a
href="https://github.com/facelessuser/pymdown-extensions/compare/9.11...10.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/grafana/oncall/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
# What this PR does
Fix for creating Integration
After creating Integration we land on Integration page, not a table
Added error notification for TemplateFoEdit obj to avoid crashing
Loading state for AlertGroup List
Small style fixes
# What this PR does
## Which issue(s) this PR fixes
## Checklist
- [ ] Unit, integration, and e2e (if applicable) tests updated
- [ ] Documentation added (or `pr:no public docs` PR label added if not
required)
- [ ] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not
required)
# What this PR does
add a new endpoint, `GET /maintenance-mode/`, which returns either a
string message pulled from the
`CURRENTLY_UNDERGOING_MAINTENANCE_MESSAGE` env var, or `None` + update
the UI to conditionally show this message if it is set
<img width="1321" alt="Screenshot 2023-05-10 at 11 28 16"
src="https://github.com/grafana/oncall/assets/9406895/833a77fb-3a90-4f9f-88d6-dae0d98d99d4">
## Checklist
- [x] Unit, integration, and e2e (if applicable) tests updated
- [x] Documentation added (or `pr:no public docs` PR label added if not
required) (N/A)
- [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not
required)
- Do not close drawer when clicking outside of it
- Update title to show the close icon
- Add cancel button
- Move `forward_all` above `data`
- Enable/Disable `data` based on `forward_all` value
