Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Meta inheritance in nested serializer classes #4692

Merged
merged 9 commits into from
Oct 23, 2023
Merged

Fix Meta inheritance in nested serializer classes #4692

merged 9 commits into from
Oct 23, 2023

Conversation

glennmatthews
Copy link
Contributor

@glennmatthews glennmatthews commented Oct 23, 2023
edited
Loading

Closes: GHSA-r2hw-74xv-4gqp

What's Changed

  • Fix an issue where nested serializers in 2.0.x didn't correctly inherit all appropriate Meta attributes from the base serializer.
  • Add some generic REST API tests to check for inadvertent exposure of sensitive information in the REST API.

TODO

  • Explanation of Change(s)
  • Added change log fragment(s) (for more information see the documentation)
  • n/a Attached Screenshots, Payload Example
  • Unit, Integration Tests
  • n/a Documentation Updates (when adding/changing features)
  • n/a Example Plugin Updates (when adding/changing features)
  • Outline Remaining Work, Constraints from Design

HanlinMiao
HanlinMiao approved these changes Oct 23, 2023
View reviewed changes
Copy link
Contributor

@HanlinMiao HanlinMiao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@glennmatthews glennmatthews mentioned this pull request Oct 23, 2023
Merged
3 tasks
@glennmatthews glennmatthews merged commit 1ce8e5c into develop Oct 23, 2023
21 checks passed
@glennmatthews glennmatthews deleted the u/glennmatthews-fix-ghsa-r2hw-74xv-4gqp branch October 23, 2023 20:56
glennmatthews added a commit that referenced this pull request Oct 24, 2023
@glennmatthews @timizuoebideri1
@bryanculver @HanlinMiao @gsnider2195 @dependabot
Merge pull request #4693 from nautobot/release/2.0.3
ea72936 
* Fix post upgrade bug

* fix rackrole also

* add unittest

* add unittest

* Apply suggestions from code review

* Seed version 2.0.3b1

* fix test

* Update 4604.fixed

Co-authored-by: Glenn Matthews <glenn.matthews@networktocode.com>

* Handle Docs Redirections (#4669)

* Add redirects for simple file renames.

* Add non-simple redirects for squashed/refactored pages.

* Deleted files pass 2

* Add changelog fragment

* Apply suggestions from code review

Co-authored-by: Glenn Matthews <glenn.matthews@networktocode.com>

* Alpha sort redirects

---------

Co-authored-by: Glenn Matthews <glenn.matthews@networktocode.com>

* Added validation step to handle invalid/legacy filters from v1.x in DynamicGroup form validation and silently ignore invalid filter data in DynamicGroupDetailView. (#4653)

* added a data migration to cleanup v1.x tag filter data in v2.x DynamicGroup instances

* Added validation step to handle invalid/legacy filters from v1.x in DynamicGroup form validation.

* pylint

* address PR feedback

* modify log message

* Fixed error `'IPAddressBulkAddForm' has no field named 'parent'` when bulk creating IPs via UI. (#4644)

* Fix bug

* Add unittest

* Update nautobot/ipam/tests/test_views.py

Co-authored-by: Gary Snider <75227981+gsnider2195@users.noreply.github.com>

* resolve PR feedback

* Add check for missing CIRD in form pattern

* Fix typo and replace model_form.vrf with model_form.dns_name

* fix flake8

* fix test failures

* fix test failures

* Add TODO

* fix failing test

---------

Co-authored-by: Timizuo <ebideritimizuo@gmail.com>
Co-authored-by: Gary Snider <75227981+gsnider2195@users.noreply.github.com>
Co-authored-by: Glenn Matthews <glenn.matthews@networktocode.com>

* Disable New UI by default (#4661)

Co-authored-by: Timizuo <ebideritimizuo@gmail.com>

* Ensured that job_class values ScheduledJob instances are transferred to task during v2 migration. (#4682)

* Bump urllib3 from 2.0.6 to 2.0.7 (#4671)

* Bump urllib3 from 2.0.6 to 2.0.7

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.6 to 2.0.7.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.0.6...2.0.7)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Change fragment

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Glenn Matthews <glenn.matthews@networktocode.com>

* Bump version

* Fix `Meta` inheritance in nested serializer classes (#4692)

* Add test coverage

* Fix issue

* Change fragment

* Add more change fragments

* Refine test implementation

* Add reference to GHSA

* Add admonition about use of fields = __all__ on serializers

* Add PR number

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Timizuo <ebideritimizuo@gmail.com>
Co-authored-by: Timizuo <94907097+timizuoebideri1@users.noreply.github.com>
Co-authored-by: Bryan Culver <31187+bryanculver@users.noreply.github.com>
Co-authored-by: Hanlin Miao <46973263+HanlinMiao@users.noreply.github.com>
Co-authored-by: Gary Snider <75227981+gsnider2195@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bryanculver bryanculver bryanculver approved these changes

@jathanism jathanism jathanism approved these changes

@HanlinMiao HanlinMiao HanlinMiao approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@glennmatthews @bryanculver @jathanism @HanlinMiao