2025.02.02 Release

Full Changelog: 2025.02.01...2025.02.02

This is regular dependency updates for ROHQ Release 2025.02.02

What’s being fixed
This update resolves three critical security vulnerabilities that affect most of our applications.

What’s included

Fixes for three critical security vulnerabilities
An update to Django from version 4.2.18 to 4.2.27, which includes the latest security patches

==============
Includes dependency updates for backend and one frontend update.
Bump the all-python-dependencies group across 1 directory with 13 upd… #700

Bump django from 4.2.18 to 4.2.27 in /src : #720

Bump form-data from 4.0.3 to 4.0.5 in /src : #705

2025.02.01

Release Notes for Version 2025.02.01

Front End: UI related

· New Features

o Dynamic Page Titles: Added support for dynamic page titles to enhance navigation. #646

· Bug Fixes

o Zoom Meeting Enhancements: Fixed an issue where Chromebook Linux OS users were prompted for a passcode when joining via web browser without Zoom app installed. #660, #658

· Enhancements

o Queue Name and Status in Reports: Enabled queue name and status inclusion in meeting report downloads. #520

o Notification Enhancements

§ UMich Identifier Added: Added a UMich identifier to notifications for improved communication clarity. #490

BackEnd:

· New Features

· Watchman Monitoring Setup: Implemented enhanced monitoring with Watchman for early issue identification. #647

· Email Search in Queues: Introduced email searching within queues for enhanced search capabilities. #645

· WebSocket Migration: Transitioned to partysocket for improved WebSocket reliability. #655

· Jest Testing Configuration: Added basic Jest testing setup with a sortQueue test. #654

· Bug Fixes

· Queue Data Export: Resolved an issue affecting queue data export functionality. #667

· CSRF Configuration: Added trusted origins configuration to enhance security against CSRF attacks. #661

· Improvements

· Descriptive Titles in Code: Refactored to add more descriptive titles in queue.tsx. #663

· Simplified Meeting Logs Query: Optimized meeting_start_logs query for improved performance. #520

· Base Image Updates: Updated base images to the latest versions, including bookworm and node-20. #659

· Queue Admin Interface: Improved the admin interface by showing only active queues and hosts, and implemented filter_horizontal for better filtering. #627, #662

· Maintenance

o Dependency Updates:

· NPM dependencies were updated across multiple directories for stability and security. #644, #652

· Python dependencies, including requests, were upgraded. #665, #666

· Twilio library was updated from 9.6.2 to 9.6.3. #671

New Contributors - We are excited to welcome @PraveshKunwar for their first contribution! Thank you for your valuable involvement. #647

===========================================Detail Below =====================================

What's Changed

• feat: fixes #639, added watchman monitoring setup by @PraveshKunwar in #647
• Bump the all-npm-dependencies group across 1 directory with 3 updates by @dependabot in #644
• feat: add the usage of dynamic page titles by @PraveshKunwar in #646
• added UMich identifier to notifications (iss. #490) by @PraveshKunwar in #650
• fix: Update base images to latest veresioon (bookworm and node-20) by @jonespm in #659
• fix: add attendee's full name or email to the zoom titles by @PraveshKunwar in #660
• feat: Add email searching logic for queue searches by @PraveshKunwar in #645
• style(QueueAdmin): use filter_horizontal for QueueAdmin by @PraveshKunwar in #662
• add queue name and status to meeting report (iss. #520) by @lsloan in #633
• Show only active queues and hosts in admin filters (iss. #627) by @lsloan in #664
• Bump the all-npm-dependencies group in /src with 2 updates by @dependabot in #652
• refactor: changed queue.tsx to add more descriptive titles by @PraveshKunwar in #663
• Bump requests from 2.32.3 to 2.32.4 in /src in the pip group by @dependabot in #666
• Bump the all-python-dependencies group across 1 directory with 9 updates by @dependabot in #665
• fix(CSRF): add configuration for CSRF trusted origins by @PraveshKunwar in #661
• feat: migrate WebSocket hook to use partysocket instead of reconnecting-websocket by @PraveshKunwar in #655
• feat(jest)!: added basic jest testing configuration w/a basic sortQueue test by @PraveshKunwar in #654
• Bump twilio from 9.6.2 to 9.6.3 in /src in the all-python-dependencies group by @dependabot in #671
• Fix bug in queue data export (iss. #667) by @lsloan in #670
• fix: removed passcode form from zoom meeting, not required anymore (iss. #657) by @PraveshKunwar in #658
• simplify meeting_start_logs view query (iss. #520) by @lsloan in #669

New Contributors

• @PraveshKunwar made their first contribution in #647

Full Changelog: 2025.01.02...2025.02.01

2025.01.02

What's Changed

This release focuses on our commitment to maintaining a secure, efficient, and user-friendly application.

Security and Maintenance
• Python Dependencies Update - Pull Request: #623
o Performed updates to all Python dependencies within one directory, covering two specific components.
o This proactive maintenance ensures continued security and performance of the system.
Feature Enhancements
• Admin Meeting Data Export - Pull Request: #620
o Implemented a new feature allowing the export of admin meeting data.
o Facilitates improved data management and operational efficiency for administrative tasks.
User Experience Improvements
• Cookie Consent React Module Upgrade - Pull Request: #631
o Upgraded the cookie consent React module to version 1.2.1.
o Enhances compliance with privacy regulations and refines user interactions with cookie permission settings.
• Cookie Consent Banner Hotfix
Pull Request: #636
o Applied a hotfix to the cookie consent banner.
o Ensures proper functionality and display, maintaining a seamless user experience.

Full Changelog: 2025.01.01...2025.01.02

2025.01.01

Build and Integration Enhancements:

• The build process has been improved with integration from officehours-prod (#524) by @jonespm in #579.

• Added Github info into the build image and displayed version info in the footer (#601, #602).
  Bug Fixes and Improvements:

• Corrected a newline issue in EMAIL_SUBJECT_PREFIX (#559) by @jadfalaoui in #587.

• Resolved None type error from previous bug fix in #587 by @jadfalaoui in #589.

Environment and Configuration Updates:

• Environment sample files are added for a smoother setup (#488) by @jonespm in #554.
• Adjustments made to switch QA hostnames to a test environment (#460) by @jonespm in #572.
• Implemented modifications in service files as part of fix #561 by @jonespm in #617.

Dependency Updates:

• Django version bumped from 4.2.16 to 4.2.17, then to 4.2.18 by @dependabot in #596 and #599.
• Updated Python from version 3.10 to 3.13 by @jonespm in #598.
• React and related NPM dependencies upgraded for better compatibility with privacy tools (#591, #594, #611, #614, #621).

Automation and Package Management:

• Dependabot configuration added for automated dependency management (#604).
• Dependencies for both Python and npm groups have been collectively updated in several pull requests (#606, #615, #619).

Deployment and Migration Adjustments:

• Use of GitHub packages for deployment is now in place (issue #561) by @lsloan in #608.
• Logic for get_backend_types has been moved out of models to prevent migration issues by @jonespm in #609.

New Contributor:

@jadfalaoui made their first contribution with a bug fix in #587.
Full Changelog: 1.11.1...2025.01.01

1.11.1

What's Changed

• Fixes #580 - Set no default password and turn off video by @jonespm in #581

Full Changelog: 1.11.0...1.11.1

1.11.0 Release

What's Changed

• Rename dataalert (iss. #526) by @jxiao21 in #528
• Bump djangorestframework from 3.14.0 to 3.15.2 in /src by @dependabot in #519
• Removed BlueJeans from codebase (iss. #462) by @zqian in #544
• Upgrade Django to v4.2.16 (iss. #503) by @lsloan in #542
• Adding a model to prevent Django from managing the view (iss. #529) by @jonespm in #530
• Bump body-parser and express in /src by @dependabot in #539
• Bump cookie and express in /src by @dependabot in #547
• Note text updated (iss. #533) by @zqian in #546
• Added debugpy support (iss. #514) by @zqian in #550
• Use get_random_secret_key (iss. #555) by @jonespm in #556
• Update docker-compose in README (iss. #557) by @jonespm in #558
• Create packages and builds on Github (iss. #454) by @jonespm in #552
• Bump webpack from 5.84.1 to 5.95.0 in /src by @dependabot in #548
• Kustomize production changes (iss. #524) by @lsloan in #551
• Removing incorrect migration in fix for (iss. #462) by @jonespm in #564
• Updating scaling minimum and limits for deployment (iss. #541) by @jonespm in #565
• Change qa hostnames to test (iss. #460) by @jonespm in #562
• Remove the redundant option (iss. #568) by @zqian in #569
• Adding support for Zoom pyzoom package by @jonespm in #553
• Added display of Time in Queue (iss. #532) by @zqian in #563
• Resources were in wrong part of the template (iss. #541) by @jonespm in #571
• Use correct Zoom settings (iss. #575) by @lsloan in #576

Full Changelog: 1.10.0...1.11.0

Note: List of changes and issues formatted using U-M GPT.

1.10.0 Release

What's Changed

Rel 1.11 Summary:

• We've updated many parts of our system to the latest versions, including Django, Express, and several other important tools. This helps keep everything running smoothly and securely.

Bug Fixes:

• Fixed an issue with our deployment settings.
• Resolved a bug with the REDIS_HOST setting which could have had extra spaces or newlines.
• Added a warning when a user mistakenly types in their email.
• Cleaned up log messages and fixed bugs related to user settings.

Improvements:

• Improved the way we handle secret information.
• Added a new method to verify your phone number via Twilio.
• Ensured better checks for Twilio settings in local environments.
• Added alerts on the home screen to inform users about data usage.
• Changed colors for queue status badges to make them easier to see.
• Made URLs work better within the app.
• Automatically redirect users to the login page as needed.
• Improved our automatic logout process.

New Features:

• Added the ability to handle meetings with no attendees and provided a way to delete them.
• Began work on a new reporting feature, including UI elements for downloading queue reports.
• Updated our system to display important info about Google Analytics and data use notifications.
• These updates ensure a more reliable, secure, and user-friendly experience.

---

• Fixes 463 - Prod imagestream for deployment was incorrect by @jonespm in #464
• Bump django from 3.2.24 to 3.2.25 in /src by @dependabot in #468
• add tests for settings, fix possible newline/space in REDIS_HOST by @Leonard6261 in #473
• Bump express from 4.18.2 to 4.19.2 in /src by @dependabot in #472
• Bump follow-redirects from 1.15.5 to 1.15.6 in /src by @dependabot in #467
• Bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /src by @dependabot in #471
• update secrets info; add splitting by @lsloan in #459
• Added Method for Verifying User Phone Numbers through Twilio by @andcarls in #474
• Added Warning Message When User Inputs Email (Resolved Issue #11) by @OscarSong2003 in #479
• Resolve #466: Switch Zoom code over to use the package by @peijli in #481
• 487: twilio settings check for local build by @jaydonkrooss in #489
• Draft PR for Issue #469 - adding text to home screen to alert users to data use by @jxiao21 in #495
• Changed colors for queue ID number "Open" queue status badges for accessibility by @jxiao21 in #496
• Bump requests from 2.31.0 to 2.32.0 in /src by @dependabot in #492
• Issue 422: handle urls by @jxiao21 in #504
• PR for #213: Automatic redirect to login by @jxiao21 in #499
• Fixes #359 Update log format by @jxiao21 in #507
• #197 Handle meetings with no attendees, add delete action by @jaydonkrooss in #498
• Automatic logout - second PR try, redirects by triggering logout button click event by @jxiao21 in #511
• Fixes #497: User Preferences bugs, refactor form logic for phone settings by @jaydonkrooss in #500
• Revert "Resolve #466: Switch Zoom code over to use the package" by @jonespm in #513
• #477 removed django.middleware.common.BrokenLinkEmailsMiddleware by @zqian in #478
• Fixes issue #97 - Initial work for reporting feature by @jonespm in #501
• Fixes #461 - Message in log about migrations 1.8.0 and 1.9.0 by @jonespm in #505
• #97, #470 : add UI elements for queue report downloads by @jaydonkrooss in #506
• Fixes #515 - Expose Postgres ports in development by @jonespm in #517
• Bump braces from 3.0.2 to 3.0.3 in /src by @dependabot in #508
• Bump ws from 8.13.0 to 8.17.1 in /src by @dependabot in #510
• 493: update Google Analytics settings, use Umich OneTrust banner by @jaydonkrooss in #518

New Contributors

• @Leonard6261 made their first contribution in #473
• @lsloan made their first contribution in #459
• @andcarls made their first contribution in #474
• @OscarSong2003 made their first contribution in #479
• @peijli made their first contribution in #481
• @jaydonkrooss made their first contribution in #489
• @jxiao21 made their first contribution in #495
• @zqian made their first contribution in #478

Full Changelog: 1.9.0...1.10.0

1.9.0 release

What's Changed

• Update kustomize process, migrate to ROSA (#441) by @ssciolla in #443
• Fix "Return to Previous Queue" button on another queue (#445) by @ssciolla in #446
• Bump django from 3.2.19 to 3.2.20 in /src by @dependabot in #444
• Bump django from 3.2.20 to 3.2.23 in /src by @dependabot in #448
• Bump postcss from 8.4.21 to 8.4.31 in /src by @dependabot in #447
• Tweak README formatting for consistency by @jlost in #449
• Bump follow-redirects from 1.15.2 to 1.15.5 in /src by @dependabot in #453
• Bump django from 3.2.23 to 3.2.24 in /src by @dependabot in #455
• #456 - Renames qa to test and updates some other variables as part of ROSA migration by @jonespm in #457

Full Changelog: 1.8.0...1.9.0

1.8.0 - Dependency update, minor bug fixes and enhancements

What's Changed

• Align queue language- problem 219 by @jzenas in #393
• Fixes #336, originally #396 Allow admins to edit users who haven't authorized any backends by @Tombow1 in #403
• Fixed issue #306: Enforce Meeting.backend_type in Meeting.queue.allowed_backends via API by @Frank-duuuu in #400
• Update backend dependencies (#383) by @ssciolla in #385
• Refactor search form and URL to use query (#398) by @ssciolla in #399
• Update frontend dependencies (#253, #390) by @ssciolla in #405
• Bump uvicorn to 0.22.0 (#416) by @ssciolla in #417
• Remove console.warn from validateString (#413) by @ssciolla in #415
• Update Google Analytics library and usage (#392) by @ssciolla in #412
• Create Dockerfile.openshift, modify service artifacts to use namespaced images (#418) by @ssciolla in #419
• Update css to change menu icon for small screens by @anishsundaram in #375
• Bump django from 3.2.18 to 3.2.19 in /src by @dependabot in #409
• Bump requests from 2.28.2 to 2.31.0 in /src by @dependabot in #411
• fixed issues 369 and 298 by @lialex123 in #402
• Fixes #420 - Remove args and command from service so it will use the Dockerfile values by @jonespm in #421
• Remove alert and unused utility function (#236) by @ssciolla in #423
• Switch to python:3.10-slim-bullseye (#427) by @ssciolla in #428
• Return HTTP status code and message when trying to change a started meeting (#357) by @ssciolla in #424
• Fix Manage Hosts spacing, remove unused pull-left class (#425) by @ssciolla in #426
• Add --save "" to redis-server command (#429) by @ssciolla in #430
• Return response in overridden update method (#432) by @ssciolla in #433
• Fix four UI issues (#434) by @ssciolla in #435
• Modify per UX suggestions (#438) by @ssciolla in #439

New Contributors

• @jzenas made their first contribution in #393
• @Tombow1 made their first contribution in #403
• @Frank-duuuu made their first contribution in #400
• @anishsundaram made their first contribution in #375
• @lialex123 made their first contribution in #402

Full Changelog: 1.7.0...1.8.0

1.7.0 - Select backend library updates, changes to support M1 development

What's Changed

• Fixes #367 - Dockerfile does not build on M1/ARM by @jonespm in #368
• Upgrade to Postgres 14, change client library setup (#381) by @ssciolla in #382
• Add platform flag to fix issue with locally built images (#388) by @ssciolla in #389
• Bump postgres to 14.7 (#394) by @ssciolla in #395

New Contributors

• @jonespm made their first contribution in #368

Full Changelog: 1.6.3...1.7.0