profile
viewpoint
Suraj Shetty surajshetty3416 @frappe Mumbai Software Developer at @frappe

frappe/erpnext 7519

Free and Open Source Alternative to SAP

frappe/frappe 2038

Low Code Open Source Framework in Python and JS

frappe/books 1086

Free Desktop book-keeping software for small-businesses and freelancers.

frappe/bench 721

CLI to manage Multi-tenant deployments for Frappe apps

frappe/frappejs 205

Node + Electron + Vue based metadata web framework (inspired by Frappe)

frappe/frappe_io 32

Website for Frappe

frappe/esoc-18 4

ERPNext Summer of Code 2018

frappe/kyg 4

Know Your Government (India)

netchampfaris/hazri 1

the hazri app

netchampfaris/screen-share-extension 1

Passes messages between screen sharing peers

PR closed frappe/frappe

Reviewers
feat: 'bench migrate/migrate process' Optimization for quick sync up fixtures in DB #12235

<!--

Some key notes before you open a PR:

  1. Select which branch should this PR be merged in?
  2. PR name follows convention
  3. All tests pass locally, UI and Unit tests
  4. All business logic and validations must be on the server-side
  5. Update necessary Documentation
  6. Put closes #XXXX in your comment to auto-close the issue that your PR fixes

Also, if you're new here

  • Documentation Guidelines => https://github.com/frappe/erpnext/wiki/Updating-Documentation

  • Contribution Guide => https://github.com/frappe/frappe/blob/develop/.github/CONTRIBUTING.md

  • Pull Request Checklist => https://github.com/frappe/erpnext/wiki/Pull-Request-Checklist

--> Pull Request for - "bench migrate" Optimization for Quick Sync up fixtures in DB #12235 As per Observed in frappe codebase, I found below Observations

Problem:

  • While bench migrate we migrate all fixtures .json which are present in the respective directory of app, In that process, bench migrate re-insert all fields which are not updated as well as the new one/updated and also in simple bench migrate process it does the same. Due to this, we are doing unnecessary Alteration in Database if there is no change in other fields like custom_field.json,property_setter.json,role.json etc … and bench migrate takes too much of time just to syncing.

  • Another Major Point. if you have multiple Apps in System, fixtures of the last app erased by fixtures of another app (Next app - last migrated app) if both fixtures are not in sync and we end with issues/bug fixes and developer goes into a panic situation 😓.

Solution:

  • I have Added one condition, which checks whether field already exists or not in the Database with the same modified date. if it is not modified then it exits from the loop and if it is a new field or modified then it will insert into the custom field.

  • For Multiple App, it will not override other apps fixtures in Database. Will update only those are modified or updated.

  • Due to this Fix, we improved bench migrate process check below Screenshot for analysis on the server-side. image

+10 -2

0 comment

2 changed files

shrikant9867

pr closed time in 2 hours

PR opened frappe/frappe

feat: Util to get datetime in specific timezone

Usage

Screenshot 2021-01-21 at 1 20 39 PM

+12 -3

0 comment

2 changed files

pr created time in 6 hours

push eventfrappe/frappe

prssanna

commit sha a440a8d7ddf92b5e77ce608309134a36f744bc2b

fix: escape kanban name in data attribute

view details

prssanna

commit sha dff870ead656b264a47dc7778d48fddea89fdd5e

Merge branch 'rebrand-ui' of https://github.com/frappe/frappe into rebrand-ui

view details

push time in 8 hours

Pull request review commentfrappe/frappe

feat: Hide Child Records for a Nested DocType via User Permissions

 frappe.ui.form.on('User Permission', { 		if (frm.doc.apply_to_all_doctypes) { 			frm.set_value('applicable_for', null); 		}+	},++	show_exclude_descendants: frm => {
	toggle_exclude_descendants: frm => {
marination

comment created time in 9 hours

Pull request review commentfrappe/frappe

feat: Hide Child Records for a Nested DocType via User Permissions

 frappe.ui.form.on('User Permission', { 			() => frappe.set_route('query-report', 'Permitted Documents For User', 				{ user: frm.doc.user })); 		frm.trigger('set_applicable_for_constraint');+		frm.trigger('show_exclude_descendants'); 	},  	allow: frm => {-		if(frm.doc.for_value) {-			frm.set_value('for_value', null);+		if (frm.doc.allow) {+			if (frm.doc.for_value) {+				frm.set_value('for_value', null);+			}+			frm.trigger('show_exclude_descendants');
			frm.trigger('toggle_exclude_descendants');
marination

comment created time in 9 hours

Pull request review commentfrappe/frappe

feat: Hide Child Records for a Nested DocType via User Permissions

 frappe.ui.form.on('User Permission', { 			() => frappe.set_route('query-report', 'Permitted Documents For User', 				{ user: frm.doc.user })); 		frm.trigger('set_applicable_for_constraint');+		frm.trigger('show_exclude_descendants');
		frm.trigger('toggle_exclude_descendants');

Maybe, rename this as toggle_exclude_descendants instead of show_exclude_descendants because it will also hide the checkbox.

marination

comment created time in 9 hours

Pull request review commentfrappe/frappe

feat: Hide Child Records for a Nested DocType via User Permissions

 def add_user_permissions(data): 		data = json.loads(data) 	data = frappe._dict(data) -	d = check_applicable_doc_perm(data.user, data.doctype, data.docname)+	# get all doctypes on whom this permission os applied
	# get all doctypes on whom this permission is applied
marination

comment created time in 10 hours

push eventfrappe/frappe

prssanna

commit sha aaa4fc6b3552ffdcb83c5fd2a366e889b51f0794

fix: dropdown divider style

view details

push time in 9 hours

push eventfrappe/frappe

prssanna

commit sha 3026801cf0e635c2ca62a4a4b7c8cdbaa4f68cf6

fix: kanban switcher in page custom actions

view details

push time in 9 hours

Pull request review commentfrappe/frappe

fix: Check for fieldlevel permission for report query

 def get_form_params():  	fields = data["fields"] +	if ((isinstance(fields, string_types) and fields == "*")+		or (isinstance(fields, (list, tuple)) and len(fields) == 1 and fields[0] == "*")):+		parenttype = data.doctype+		data["fields"] = frappe.db.get_table_columns(parenttype)+		fields = data["fields"]+ 	for field in fields: 		key = field.split(" as ")[0]  		if key.startswith('count('): continue 		if key.startswith('sum('): continue 		if key.startswith('avg('): continue -		if "." in key:-			parenttype, fieldname = key.split(".")[0][4:-1], key.split(".")[1].strip("`")-		else:-			parenttype = data.doctype-			fieldname = field.strip("`")+		parenttype, fieldname = get_parent_dt_and_field(key, data) -		df = frappe.get_meta(parenttype).get_field(fieldname)+		if fieldname == "*":+			# * inside list is not allowed with other fields+			fields.remove(field)++		meta = frappe.get_meta(parenttype)+		df = meta.get_field(fieldname) -		fieldname = df.fieldname if df else None 		report_hide = df.report_hide if df else None  		# remove the field from the query if the report hide flag is set and current view is Report 		if report_hide and is_report: 			fields.remove(field) +		if df and fieldname in [df.fieldname for df in meta.get_high_permlevel_fields()]:+			if df.get('permlevel') not in meta.get_permlevel_access() and field in fields:

This fails for child table fields: image

(parenttype is not set in get_permissions)

surajshetty3416

comment created time in 11 hours

pull request commentfrappe/frappe

feat(Data Import): Handle import of DocTypes with tree structure

Oh, my apologies, I should be able to get to the documentation update next week. Thanks!

gwhitney

comment created time in 15 hours

create barnchfrappe/frappe

branch : snyk-fix-f40a8131737dbb81805c07d9a1c531e0

created branch time in 15 hours

push eventfrappe/frappe

snyk-bot

commit sha 19c6e0218db9b1dd95132693a96a8174fac2dc94

fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-PYYAML-590151

view details

push time in 15 hours

PR opened frappe/frappe

[Snyk] Security upgrade PyYAML from 5.3.1 to 5.4

<h3>Snyk has created this PR to fix one or more vulnerable packages in the pip dependencies of this project.</h3>

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • requirements.txt

<details> <summary>⚠️ <b>Warning</b></summary>

google-auth 1.18.0 has requirement rsa<4.1; python_version < "3", but you have rsa 4.5.
google-api-core 1.25.0 has requirement google-auth<2.0dev,>=1.21.1, but you have google-auth 1.18.0.

</details>

Vulnerabilities that will be fixed

By pinning:
Severity Priority Score (*) Issue Upgrade Breaking Change Exploit Maturity
high severity 876/1000 <br/> Why? Mature exploit, Has a fix available, CVSS 9.8 Arbitrary Code Execution <br/>SNYK-PYTHON-PYYAML-590151 PyYAML: <br> 5.3.1 -> 5.4 <br> No Mature

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the effected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI1MTBkOGZkMy04M2FmLTQ2MWEtOWFhNi1iNjc0ZjJjZmNhNjciLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjUxMGQ4ZmQzLTgzYWYtNDYxYS05YWE2LWI2NzRmMmNmY2E2NyJ9fQ==" width="0" height="0"/> 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

+1 -1

0 comment

1 changed file

pr created time in 15 hours

PR opened frappe/frappe

chore(deps): [security] bump socket.io from 2.2.0 to 2.4.0

Bumps socket.io from 2.2.0 to 2.4.0. This update includes a security fix. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-fxwf-4rqh-v8g3">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Insecure defaults due to CORS misconfiguration in socket.io</strong> The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.</p> <p>Affected versions: < 2.4.0</p> </blockquote> </details> <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/socketio/socket.io/releases">socket.io's releases</a>.</em></p> <blockquote> <h2>2.4.0</h2> <p>Related blog post: <a href="https://socket.io/blog/socket-io-2-4-0/">https://socket.io/blog/socket-io-2-4-0/</a></p> <h3>Features (from Engine.IO)</h3> <ul> <li>add support for all cookie options (<a href="https://github.com/socketio/engine.io/commit/19cc58264a06dca47ed401fbaca32dcdb80a903b">19cc582</a>)</li> <li>disable perMessageDeflate by default (<a href="https://github.com/socketio/engine.io/commit/5ad273601eb66c7b318542f87026837bf9dddd21">5ad2736</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>security:</strong> do not allow all origins by default (<a href="https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7">f78a575</a>)</li> <li>properly overwrite the query sent in the handshake (<a href="https://github.com/socketio/socket.io/commit/d33a619905a4905c153d4fec337c74da5b533a9e">d33a619</a>)</li> </ul> <p>:warning: <strong>BREAKING CHANGE</strong> :warning:</p> <p>Previously, CORS was enabled by default, which meant that a Socket.IO server sent the necessary CORS headers (<code>Access-Control-Allow-xxx</code>) to <strong>any</strong> domain. This will not be the case anymore, and you now have to explicitly enable it.</p> <p>Please note that you are not impacted if:</p> <ul> <li>you are using Socket.IO v2 and the <code>origins</code> option to restrict the list of allowed domains</li> <li>you are using Socket.IO v3 (disabled by default)</li> </ul> <p>This commit also removes the support for '' matchers and protocol-less URL:</p> <pre><code>io.origins('https://example.com:443'); => io.origins(['https://example.com']); io.origins('localhost:3000'); => io.origins(['http://localhost:3000']); io.origins('http://localhost:'); => io.origins(['http://localhost:3000']); io.origins('*:3000'); => io.origins(['http://localhost:3000']); </code></pre> <p>To restore the previous behavior (please use with caution):</p> <pre lang="js"><code>io.origins((_, callback) => { callback(null, true); }); </code></pre> <p>See also:</p> <ul> <li><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS">https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS</a></li> <li><a href="https://socket.io/docs/v3/handling-cors/">https://socket.io/docs/v3/handling-cors/</a></li> <li><a href="https://socket.io/docs/v3/migrating-from-2-x-to-3-0/#CORS-handling">https://socket.io/docs/v3/migrating-from-2-x-to-3-0/#CORS-handling</a></li> </ul> <p>Thanks a lot to <a href="https://github.com/ni8walk3r"><code>@ni8walk3r</code></a> for the security report.</p> <h4>Links:</h4> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/socketio/socket.io/blob/2.4.0/CHANGELOG.md">socket.io's changelog</a>.</em></p> <blockquote> <h1><a href="https://github.com/socketio/socket.io/compare/2.3.0...2.4.0">2.4.0</a> (2021-01-04)</h1> <h3>Bug Fixes</h3> <ul> <li><strong>security:</strong> do not allow all origins by default (<a href="https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7">f78a575</a>)</li> <li>properly overwrite the query sent in the handshake (<a href="https://github.com/socketio/socket.io/commit/d33a619905a4905c153d4fec337c74da5b533a9e">d33a619</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/socketio/socket.io/commit/873fdc55eddd672960fdbc1325ccb7c4bf466f05"><code>873fdc5</code></a> chore(release): 2.4.0</li> <li><a href="https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7"><code>f78a575</code></a> fix(security): do not allow all origins by default</li> <li><a href="https://github.com/socketio/socket.io/commit/d33a619905a4905c153d4fec337c74da5b533a9e"><code>d33a619</code></a> fix: properly overwrite the query sent in the handshake</li> <li><a href="https://github.com/socketio/socket.io/commit/3951a79359c19f9497de664d96a8f9f80196a405"><code>3951a79</code></a> chore: bump engine.io version</li> <li><a href="https://github.com/socketio/socket.io/commit/6fa026fc94fb3a1e6674b8a2c1211b24ee38934a"><code>6fa026f</code></a> ci: migrate to GitHub Actions</li> <li><a href="https://github.com/socketio/socket.io/commit/47161a65d40c2587535de750ac4c7d448e5842ba"><code>47161a6</code></a> [chore] Release 2.3.0</li> <li><a href="https://github.com/socketio/socket.io/commit/cf39362014f5ff13a17168b74772c43920d6e4fd"><code>cf39362</code></a> [chore] Bump socket.io-parser to version 3.4.0</li> <li><a href="https://github.com/socketio/socket.io/commit/4d01b2c84cc8dcd6968e422d44cb5e78851058b9"><code>4d01b2c</code></a> test: remove deprecated Buffer usage (<a href="https://github-redirect.dependabot.com/socketio/socket.io/issues/3481">#3481</a>)</li> <li><a href="https://github.com/socketio/socket.io/commit/82271921db9d5d2048322a0c9466ffcb09b2a501"><code>8227192</code></a> [docs] Fix the default value of the 'origins' parameter (<a href="https://github-redirect.dependabot.com/socketio/socket.io/issues/3464">#3464</a>)</li> <li><a href="https://github.com/socketio/socket.io/commit/1150eb50e9ce4f15cbd86c51de69df82f3194206"><code>1150eb5</code></a> [chore] Bump engine.io to version 3.4.0</li> <li>Additional commits viewable in <a href="https://github.com/socketio/socket.io/compare/2.2.0...2.4.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+78 -90

0 comment

2 changed files

pr created time in 16 hours

PR opened frappe/frappe

chore(deps): [security] bump socket.io from 2.0.4 to 2.4.1

Bumps socket.io from 2.0.4 to 2.4.1. This update includes a security fix. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-fxwf-4rqh-v8g3">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Insecure defaults due to CORS misconfiguration in socket.io</strong> The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.</p> <p>Affected versions: < 2.4.0</p> </blockquote> </details> <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/socketio/socket.io/releases">socket.io's releases</a>.</em></p> <blockquote> <h2>2.4.1</h2> <p>This release reverts the breaking change introduced in <code>2.4.0</code> (<a href="https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7">https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7</a>).</p> <p>If you are using Socket.IO v2, you should explicitly allow/disallow cross-origin requests:</p> <ul> <li>without CORS (server and client are served from the same domain):</li> </ul> <pre lang="js"><code>io.origins((req, callback) => { callback(null, req.headers.origin === undefined); // cross-origin requests will not be allowed }); </code></pre> <ul> <li>with CORS (server and client are served from distinct domains):</li> </ul> <pre lang="js"><code>io.origins(["http://localhost:3000"]); // for local development io.origins(["https://example.com"]); </code></pre> <p>In any case, please consider upgrading to Socket.IO v3, where this security issue is now fixed (CORS is disabled by default).</p> <h3>Reverts</h3> <ul> <li>fix(security): do not allow all origins by default (<a href="https://github.com/socketio/socket.io/commit/a1690509470e9dd5559cec4e60908ca6c23e9ba0">a169050</a>)</li> </ul> <h4>Links:</h4> <ul> <li>Diff: <a href="https://github.com/socketio/socket.io/compare/2.4.0...2.4.1">https://github.com/socketio/socket.io/compare/2.4.0...2.4.1</a></li> <li>Client release: -</li> <li>engine.io version: <code>~3.5.0</code></li> <li>ws version: <code>~7.4.2</code></li> </ul> <h2>2.4.0</h2> <p>Related blog post: <a href="https://socket.io/blog/socket-io-2-4-0/">https://socket.io/blog/socket-io-2-4-0/</a></p> <h3>Features (from Engine.IO)</h3> <ul> <li>add support for all cookie options (<a href="https://github.com/socketio/engine.io/commit/19cc58264a06dca47ed401fbaca32dcdb80a903b">19cc582</a>)</li> <li>disable perMessageDeflate by default (<a href="https://github.com/socketio/engine.io/commit/5ad273601eb66c7b318542f87026837bf9dddd21">5ad2736</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>security:</strong> do not allow all origins by default (<a href="https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7">f78a575</a>)</li> <li>properly overwrite the query sent in the handshake (<a href="https://github.com/socketio/socket.io/commit/d33a619905a4905c153d4fec337c74da5b533a9e">d33a619</a>)</li> </ul> <p>:warning: <strong>BREAKING CHANGE</strong> :warning:</p> <p>Previously, CORS was enabled by default, which meant that a Socket.IO server sent the necessary CORS headers (<code>Access-Control-Allow-xxx</code>) to <strong>any</strong> domain. This will not be the case anymore, and you now have to explicitly enable it.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/socketio/socket.io/blob/2.4.1/CHANGELOG.md">socket.io's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/socketio/socket.io/compare/2.4.0...2.4.1">2.4.1</a> (2021-01-07)</h2> <h3>Reverts</h3> <ul> <li>fix(security): do not allow all origins by default (<a href="https://github.com/socketio/socket.io/commit/a1690509470e9dd5559cec4e60908ca6c23e9ba0">a169050</a>)</li> </ul> <h1><a href="https://github.com/socketio/socket.io/compare/2.3.0...2.4.0">2.4.0</a> (2021-01-04)</h1> <h3>Bug Fixes</h3> <ul> <li><strong>security:</strong> do not allow all origins by default (<a href="https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7">f78a575</a>)</li> <li>properly overwrite the query sent in the handshake (<a href="https://github.com/socketio/socket.io/commit/d33a619905a4905c153d4fec337c74da5b533a9e">d33a619</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/socketio/socket.io/commit/e6b869738c73fa0ce9928974d823e50cc92f7a1a"><code>e6b8697</code></a> chore(release): 2.4.1</li> <li><a href="https://github.com/socketio/socket.io/commit/a1690509470e9dd5559cec4e60908ca6c23e9ba0"><code>a169050</code></a> revert: fix(security): do not allow all origins by default</li> <li><a href="https://github.com/socketio/socket.io/commit/873fdc55eddd672960fdbc1325ccb7c4bf466f05"><code>873fdc5</code></a> chore(release): 2.4.0</li> <li><a href="https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7"><code>f78a575</code></a> fix(security): do not allow all origins by default</li> <li><a href="https://github.com/socketio/socket.io/commit/d33a619905a4905c153d4fec337c74da5b533a9e"><code>d33a619</code></a> fix: properly overwrite the query sent in the handshake</li> <li><a href="https://github.com/socketio/socket.io/commit/3951a79359c19f9497de664d96a8f9f80196a405"><code>3951a79</code></a> chore: bump engine.io version</li> <li><a href="https://github.com/socketio/socket.io/commit/6fa026fc94fb3a1e6674b8a2c1211b24ee38934a"><code>6fa026f</code></a> ci: migrate to GitHub Actions</li> <li><a href="https://github.com/socketio/socket.io/commit/47161a65d40c2587535de750ac4c7d448e5842ba"><code>47161a6</code></a> [chore] Release 2.3.0</li> <li><a href="https://github.com/socketio/socket.io/commit/cf39362014f5ff13a17168b74772c43920d6e4fd"><code>cf39362</code></a> [chore] Bump socket.io-parser to version 3.4.0</li> <li><a href="https://github.com/socketio/socket.io/commit/4d01b2c84cc8dcd6968e422d44cb5e78851058b9"><code>4d01b2c</code></a> test: remove deprecated Buffer usage (<a href="https://github-redirect.dependabot.com/socketio/socket.io/issues/3481">#3481</a>)</li> <li>Additional commits viewable in <a href="https://github.com/socketio/socket.io/compare/2.0.4...2.4.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+104 -117

0 comment

1 changed file

pr created time in 17 hours

issue openedfrappe/frappe

Image Description

The hero with Right Image "Web Template" Missed Image Description.

So this field make a problem with SEO

Therefore, I recommend adding this field

created time in 19 hours

PR opened frappe/frappe

Reviewers
fix: Preventing item qty from resetting to default on adding items using Add Multiple button

Issue: On adding items using Add Multiple button, Qty gets reset to default (1).

Screen-Recording-2021-01-20-at-7 11 17-PM

Solution: Making a single call to set values for Item code & Qty instead of two separate calls solves the issue.

Screen-Recording-2021-01-20-at-7 44 36-PM

+7 -3

0 comment

1 changed file

pr created time in 20 hours

push eventfrappe/frappe

Saqib Ansari

commit sha aa2360e589368d58b909fc9f49ad9dd028990da4

fix: cannot refresh grid_row

view details

Saqib Ansari

commit sha 4806dcff32fa4f3187c05877659741bb7b67179c

fix: sider issues

view details

Suraj Shetty

commit sha 723436ca5016c07e4161b9aa4a8c07afe6186916

Merge branch 'develop' into grid-row-refresh-fix

view details

mergify[bot]

commit sha d89ea9ee6010653dd078ebe1332fa89a8e037467

Merge pull request #12176 from nextchamp-saqib/grid-row-refresh-fix fix: cannot refresh grid_row

view details

push time in 20 hours

PR merged frappe/frappe

Reviewers
fix: cannot refresh grid_row

Fix: for a process related to point of sale in erpnext, grid_row_by_docname was empty and while removing an item from the cart, it tries to refresh the grid which tries to call refresh_field on the grid_row which is undefined.

To replicate the error:

  1. Open Point of Sale and add an item in the cart
  2. From Menu -> Click Save as Draft
  3. From Menu -> Click on Toggle Recent Orders
  4. Select the invoice saved as draft in 2nd step
  5. Click on Edit Order
  6. Now try removing the item from the cart.
  7. The browser console will display an error and the screen should be frozen.
+8 -6

1 comment

1 changed file

nextchamp-saqib

pr closed time in 20 hours

push eventfrappe/frappe

prssanna

commit sha d2d905be140647d404f089e9abb97bcc55a1c97e

fix: grid row index no longer dependant on doc index

view details

mergify[bot]

commit sha bd209058180d387e34033a04cff3f8f56a0d9e43

Merge pull request #12188 from prssanna/grid-form-keyboard-nav fix: grid row index no longer dependant on doc index for keyboard navigation

view details

push time in 21 hours

PR merged frappe/frappe

fix: grid row index no longer dependant on doc index for keyboard navigation

Keyboard navigation using Cmd + Up, Cmd + Down to toggle between grid rows would fail if the doc index didn't match the element row index. This PR changes that behaviour so that the DOM element index is used rather than the doc index.

+6 -4

0 comment

1 changed file

prssanna

pr closed time in 21 hours

delete branch frappe/frappe

delete branch : mergify/bp/version-13-beta/pr-12077

delete time in a day

Pull request review commentfrappe/frappe

fix(Auto Email Report): HTML download of auto email report breaks for columns with link field type

 def make_links(columns, data): 			elif col.fieldtype == "Dynamic Link": 				if col.options and row.get(col.fieldname) and row.get(col.options): 					row[col.fieldname] = get_link_to_form(row[col.options], row[col.fieldname])+			elif col.fieldtype == "Currency":+				row[col.fieldname] = frappe.format_value(row[col.fieldname], col)  	return columns, data++def update_field_types(columns):+	for col in columns:+		if col.fieldtype in  ("Link", "Dynamic Link", "Currency")  and col.options != "Currency":

It tries to get the default company currency if it is not specified in the options. This fails. So had to call the formatter for currency while we are calling the formatters for links and dynamic links here

hasnain2808

comment created time in a day

Pull request review commentfrappe/frappe

fix: Check for fieldlevel permission for report query

 def get_form_params():  	fields = data["fields"] +	if ((isinstance(fields, string_types) and fields == "*")+		or (isinstance(fields, (list, tuple)) and len(fields) == 1 and fields[0] == "*")):+		parenttype = data.doctype+		data["fields"] = frappe.db.get_table_columns(parenttype)+		fields = data["fields"]+ 	for field in fields: 		key = field.split(" as ")[0]  		if key.startswith('count('): continue 		if key.startswith('sum('): continue 		if key.startswith('avg('): continue -		if "." in key:-			parenttype, fieldname = key.split(".")[0][4:-1], key.split(".")[1].strip("`")-		else:-			parenttype = data.doctype-			fieldname = field.strip("`")+		parenttype, fieldname = get_parent_dt_and_field(key, data) -		df = frappe.get_meta(parenttype).get_field(fieldname)+		if fieldname == "*":+			# * inside list is not allowed with other fields+			fields.remove(field)++		meta = frappe.get_meta(parenttype)+		df = meta.get_field(fieldname) -		fieldname = df.fieldname if df else None 		report_hide = df.report_hide if df else None  		# remove the field from the query if the report hide flag is set and current view is Report 		if report_hide and is_report: 			fields.remove(field) +		if df and fieldname in [df.fieldname for df in meta.get_high_permlevel_fields()]:+			if df.get('permlevel') not in meta.get_permlevel_access():+				fields.remove(field)

Check if field exists, in case it has been removed already (if report_hide is set).

surajshetty3416

comment created time in a day

Pull request review commentfrappe/frappe

fix field list passed as string so append works for calendar view

 def get_events(doctype, start, end, field_map, filters=None, fields=None): 		fields = [field_map.start, field_map.end, field_map.title, 'name']  	if field_map.color:+		if isinstance(fields, str):+			fields = json.loads ( fields )
		fields = frappe.parse_json(fields)

frappe.parse_json handles this. Also can you move this piece of code to the top of the function?

ollyboy

comment created time in a day

Pull request review commentfrappe/frappe

feat: ability to set default desk page

    "fieldname": "hide_custom",    "fieldtype": "Check",    "label": "Hide Custom DocTypes and Reports"+  },+  {+   "default": "0",

Can you add a description for this field?

nextchamp-saqib

comment created time in a day

more