Re-sending

<!--

Some key notes before you open a PR:

1. Select which branch should this PR be merged in?
2. PR name follows convention
3. All tests pass locally, UI and Unit tests
4. All business logic and validations must be on the server-side
5. Update necessary Documentation
6. Put closes #XXXX in your comment to auto-close the issue that your PR fixes

Also, if you're new here

• Documentation Guidelines => https://github.com/frappe/erpnext/wiki/Updating-Documentation

• Contribution Guide => https://github.com/frappe/frappe/blob/develop/.github/CONTRIBUTING.md

• Pull Request Checklist => https://github.com/frappe/erpnext/wiki/Pull-Request-Checklist

--> Pull Request for - "bench migrate" Optimization for Quick Sync up fixtures in DB #12235 As per Observed in frappe codebase, I found below Observations

Problem:

• While bench migrate we migrate all fixtures .json which are present in the respective directory of app, In that process, bench migrate re-insert all fields which are not updated as well as the new one/updated and also in simple bench migrate process it does the same. Due to this, we are doing unnecessary Alteration in Database if there is no change in other fields like custom_field.json,property_setter.json,role.json etc … and bench migrate takes too much of time just to syncing.

• Another Major Point. if you have multiple Apps in System, fixtures of the last app erased by fixtures of another app (Next app - last migrated app) if both fixtures are not in sync and we end with issues/bug fixes and developer goes into a panic situation 😓.

Solution:

• I have Added one condition, which checks whether field already exists or not in the Database with the same modified date. if it is not modified then it exits from the loop and if it is a new field or modified then it will insert into the custom field.

• For Multiple App, it will not override other apps fixtures in Database. Will update only those are modified or updated.

• Due to this Fix, we improved bench migrate process check below Screenshot for analysis on the server-side.

Usage

	toggle_exclude_descendants: frm => {

		frm.trigger('toggle_exclude_descendants');

Maybe, rename this as toggle_exclude_descendants instead of show_exclude_descendants because it will also hide the checkbox.

			frm.trigger('toggle_exclude_descendants');

	# get all doctypes on whom this permission is applied

This fails for child table fields:

(parenttype is not set in get_permissions)

Oh, my apologies, I should be able to get to the documentation update next week. Thanks!

<h3>Snyk has created this PR to fix one or more vulnerable packages in the pip dependencies of this project.</h3>

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • requirements.txt

<details> <summary>⚠️ <b>Warning</b></summary>

google-auth 1.18.0 has requirement rsa<4.1; python_version < "3", but you have rsa 4.5.
google-api-core 1.25.0 has requirement google-auth<2.0dev,>=1.21.1, but you have google-auth 1.18.0.

</details>

Vulnerabilities that will be fixed

By pinning:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
	876/1000 <br/> Why? Mature exploit, Has a fix available, CVSS 9.8	Arbitrary Code Execution <br/>SNYK-PYTHON-PYYAML-590151	PyYAML: <br> 5.3.1 -> 5.4 <br>	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the effected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI1MTBkOGZkMy04M2FmLTQ2MWEtOWFhNi1iNjc0ZjJjZmNhNjciLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjUxMGQ4ZmQzLTgzYWYtNDYxYS05YWE2LWI2NzRmMmNmY2E2NyJ9fQ==" width="0" height="0"/> 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Bumps socket.io from 2.2.0 to 2.4.0. This update includes a security fix. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-fxwf-4rqh-v8g3">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Insecure defaults due to CORS misconfiguration in socket.io</strong> The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.</p> <p>Affected versions: < 2.4.0</p> </blockquote> </details> <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/socketio/socket.io/releases">socket.io's releases</a>.</em></p> <blockquote> <h2>2.4.0</h2> <p>Related blog post: <a href="https://socket.io/blog/socket-io-2-4-0/">https://socket.io/blog/socket-io-2-4-0/</a></p> <h3>Features (from Engine.IO)</h3> <ul> <li>add support for all cookie options (<a href="https://github.com/socketio/engine.io/commit/19cc58264a06dca47ed401fbaca32dcdb80a903b">19cc582</a>)</li> <li>disable perMessageDeflate by default (<a href="https://github.com/socketio/engine.io/commit/5ad273601eb66c7b318542f87026837bf9dddd21">5ad2736</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>security:</strong> do not allow all origins by default (<a href="https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7">f78a575</a>)</li> <li>properly overwrite the query sent in the handshake (<a href="https://github.com/socketio/socket.io/commit/d33a619905a4905c153d4fec337c74da5b533a9e">d33a619</a>)</li> </ul> <p>:warning: <strong>BREAKING CHANGE</strong> :warning:</p> <p>Previously, CORS was enabled by default, which meant that a Socket.IO server sent the necessary CORS headers (<code>Access-Control-Allow-xxx</code>) to <strong>any</strong> domain. This will not be the case anymore, and you now have to explicitly enable it.</p> <p>Please note that you are not impacted if:</p> <ul> <li>you are using Socket.IO v2 and the <code>origins</code> option to restrict the list of allowed domains</li> <li>you are using Socket.IO v3 (disabled by default)</li> </ul> <p>This commit also removes the support for '' matchers and protocol-less URL:</p> <pre><code>io.origins('https://example.com:443'); => io.origins(['https://example.com']); io.origins('localhost:3000'); => io.origins(['http://localhost:3000']); io.origins('http://localhost:'); => io.origins(['http://localhost:3000']); io.origins('*:3000'); => io.origins(['http://localhost:3000']); </code></pre> <p>To restore the previous behavior (please use with caution):</p> <pre lang="js"><code>io.origins((_, callback) => { callback(null, true); }); </code></pre> <p>See also:</p> <ul> <li><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS">https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS</a></li> <li><a href="https://socket.io/docs/v3/handling-cors/">https://socket.io/docs/v3/handling-cors/</a></li> <li><a href="https://socket.io/docs/v3/migrating-from-2-x-to-3-0/#CORS-handling">https://socket.io/docs/v3/migrating-from-2-x-to-3-0/#CORS-handling</a></li> </ul> <p>Thanks a lot to <a href="https://github.com/ni8walk3r"><code>@ni8walk3r</code></a> for the security report.</p> <h4>Links:</h4> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/socketio/socket.io/blob/2.4.0/CHANGELOG.md">socket.io's changelog</a>.</em></p> <blockquote> <h1><a href="https://github.com/socketio/socket.io/compare/2.3.0...2.4.0">2.4.0</a> (2021-01-04)</h1> <h3>Bug Fixes</h3> <ul> <li><strong>security:</strong> do not allow all origins by default (<a href="https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7">f78a575</a>)</li> <li>properly overwrite the query sent in the handshake (<a href="https://github.com/socketio/socket.io/commit/d33a619905a4905c153d4fec337c74da5b533a9e">d33a619</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/socketio/socket.io/commit/873fdc55eddd672960fdbc1325ccb7c4bf466f05"><code>873fdc5</code></a> chore(release): 2.4.0</li> <li><a href="https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7"><code>f78a575</code></a> fix(security): do not allow all origins by default</li> <li><a href="https://github.com/socketio/socket.io/commit/d33a619905a4905c153d4fec337c74da5b533a9e"><code>d33a619</code></a> fix: properly overwrite the query sent in the handshake</li> <li><a href="https://github.com/socketio/socket.io/commit/3951a79359c19f9497de664d96a8f9f80196a405"><code>3951a79</code></a> chore: bump engine.io version</li> <li><a href="https://github.com/socketio/socket.io/commit/6fa026fc94fb3a1e6674b8a2c1211b24ee38934a"><code>6fa026f</code></a> ci: migrate to GitHub Actions</li> <li><a href="https://github.com/socketio/socket.io/commit/47161a65d40c2587535de750ac4c7d448e5842ba"><code>47161a6</code></a> [chore] Release 2.3.0</li> <li><a href="https://github.com/socketio/socket.io/commit/cf39362014f5ff13a17168b74772c43920d6e4fd"><code>cf39362</code></a> [chore] Bump socket.io-parser to version 3.4.0</li> <li><a href="https://github.com/socketio/socket.io/commit/4d01b2c84cc8dcd6968e422d44cb5e78851058b9"><code>4d01b2c</code></a> test: remove deprecated Buffer usage (<a href="https://github-redirect.dependabot.com/socketio/socket.io/issues/3481">#3481</a>)</li> <li><a href="https://github.com/socketio/socket.io/commit/82271921db9d5d2048322a0c9466ffcb09b2a501"><code>8227192</code></a> [docs] Fix the default value of the 'origins' parameter (<a href="https://github-redirect.dependabot.com/socketio/socket.io/issues/3464">#3464</a>)</li> <li><a href="https://github.com/socketio/socket.io/commit/1150eb50e9ce4f15cbd86c51de69df82f3194206"><code>1150eb5</code></a> [chore] Bump engine.io to version 3.4.0</li> <li>Additional commits viewable in <a href="https://github.com/socketio/socket.io/compare/2.2.0...2.4.0">compare view</a></li> </ul> </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

</details>

Yes please do. The requirements.txt is mainly based on "this works, so freeze it" using pip freeze > requirements.txt.

Every now and then I just upgrade the packages to the then current version and test if it still works.

So I guess now is the time for a new upgrade of Python packages.

A PR will be much appreciated.

Bumps socket.io from 2.0.4 to 2.4.1. This update includes a security fix. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-fxwf-4rqh-v8g3">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Insecure defaults due to CORS misconfiguration in socket.io</strong> The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.</p> <p>Affected versions: < 2.4.0</p> </blockquote> </details> <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/socketio/socket.io/releases">socket.io's releases</a>.</em></p> <blockquote> <h2>2.4.1</h2> <p>This release reverts the breaking change introduced in <code>2.4.0</code> (<a href="https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7">https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7</a>).</p> <p>If you are using Socket.IO v2, you should explicitly allow/disallow cross-origin requests:</p> <ul> <li>without CORS (server and client are served from the same domain):</li> </ul> <pre lang="js"><code>io.origins((req, callback) => { callback(null, req.headers.origin === undefined); // cross-origin requests will not be allowed }); </code></pre> <ul> <li>with CORS (server and client are served from distinct domains):</li> </ul> <pre lang="js"><code>io.origins(["http://localhost:3000"]); // for local development io.origins(["https://example.com"]); </code></pre> <p>In any case, please consider upgrading to Socket.IO v3, where this security issue is now fixed (CORS is disabled by default).</p> <h3>Reverts</h3> <ul> <li>fix(security): do not allow all origins by default (<a href="https://github.com/socketio/socket.io/commit/a1690509470e9dd5559cec4e60908ca6c23e9ba0">a169050</a>)</li> </ul> <h4>Links:</h4> <ul> <li>Diff: <a href="https://github.com/socketio/socket.io/compare/2.4.0...2.4.1">https://github.com/socketio/socket.io/compare/2.4.0...2.4.1</a></li> <li>Client release: -</li> <li>engine.io version: <code>~3.5.0</code></li> <li>ws version: <code>~7.4.2</code></li> </ul> <h2>2.4.0</h2> <p>Related blog post: <a href="https://socket.io/blog/socket-io-2-4-0/">https://socket.io/blog/socket-io-2-4-0/</a></p> <h3>Features (from Engine.IO)</h3> <ul> <li>add support for all cookie options (<a href="https://github.com/socketio/engine.io/commit/19cc58264a06dca47ed401fbaca32dcdb80a903b">19cc582</a>)</li> <li>disable perMessageDeflate by default (<a href="https://github.com/socketio/engine.io/commit/5ad273601eb66c7b318542f87026837bf9dddd21">5ad2736</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>security:</strong> do not allow all origins by default (<a href="https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7">f78a575</a>)</li> <li>properly overwrite the query sent in the handshake (<a href="https://github.com/socketio/socket.io/commit/d33a619905a4905c153d4fec337c74da5b533a9e">d33a619</a>)</li> </ul> <p>:warning: <strong>BREAKING CHANGE</strong> :warning:</p> <p>Previously, CORS was enabled by default, which meant that a Socket.IO server sent the necessary CORS headers (<code>Access-Control-Allow-xxx</code>) to <strong>any</strong> domain. This will not be the case anymore, and you now have to explicitly enable it.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/socketio/socket.io/blob/2.4.1/CHANGELOG.md">socket.io's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/socketio/socket.io/compare/2.4.0...2.4.1">2.4.1</a> (2021-01-07)</h2> <h3>Reverts</h3> <ul> <li>fix(security): do not allow all origins by default (<a href="https://github.com/socketio/socket.io/commit/a1690509470e9dd5559cec4e60908ca6c23e9ba0">a169050</a>)</li> </ul> <h1><a href="https://github.com/socketio/socket.io/compare/2.3.0...2.4.0">2.4.0</a> (2021-01-04)</h1> <h3>Bug Fixes</h3> <ul> <li><strong>security:</strong> do not allow all origins by default (<a href="https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7">f78a575</a>)</li> <li>properly overwrite the query sent in the handshake (<a href="https://github.com/socketio/socket.io/commit/d33a619905a4905c153d4fec337c74da5b533a9e">d33a619</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/socketio/socket.io/commit/e6b869738c73fa0ce9928974d823e50cc92f7a1a"><code>e6b8697</code></a> chore(release): 2.4.1</li> <li><a href="https://github.com/socketio/socket.io/commit/a1690509470e9dd5559cec4e60908ca6c23e9ba0"><code>a169050</code></a> revert: fix(security): do not allow all origins by default</li> <li><a href="https://github.com/socketio/socket.io/commit/873fdc55eddd672960fdbc1325ccb7c4bf466f05"><code>873fdc5</code></a> chore(release): 2.4.0</li> <li><a href="https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7"><code>f78a575</code></a> fix(security): do not allow all origins by default</li> <li><a href="https://github.com/socketio/socket.io/commit/d33a619905a4905c153d4fec337c74da5b533a9e"><code>d33a619</code></a> fix: properly overwrite the query sent in the handshake</li> <li><a href="https://github.com/socketio/socket.io/commit/3951a79359c19f9497de664d96a8f9f80196a405"><code>3951a79</code></a> chore: bump engine.io version</li> <li><a href="https://github.com/socketio/socket.io/commit/6fa026fc94fb3a1e6674b8a2c1211b24ee38934a"><code>6fa026f</code></a> ci: migrate to GitHub Actions</li> <li><a href="https://github.com/socketio/socket.io/commit/47161a65d40c2587535de750ac4c7d448e5842ba"><code>47161a6</code></a> [chore] Release 2.3.0</li> <li><a href="https://github.com/socketio/socket.io/commit/cf39362014f5ff13a17168b74772c43920d6e4fd"><code>cf39362</code></a> [chore] Bump socket.io-parser to version 3.4.0</li> <li><a href="https://github.com/socketio/socket.io/commit/4d01b2c84cc8dcd6968e422d44cb5e78851058b9"><code>4d01b2c</code></a> test: remove deprecated Buffer usage (<a href="https://github-redirect.dependabot.com/socketio/socket.io/issues/3481">#3481</a>)</li> <li>Additional commits viewable in <a href="https://github.com/socketio/socket.io/compare/2.0.4...2.4.1">compare view</a></li> </ul> </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

</details>