Merge pull request from GHSA-7j9p-67mm-5g87

[mtyaka]

• fix: Tool can only push grade to value in config

Before this commit, LTI tools were able to push grades to any block simply by modifying or creating a new line item with a resource_link_id containing a valid block.

This commit closes that loophole and resolves
security advisory GHSA-7j9p-67mm-5g87.

• chore: create release version

Co-authored-by: Zach Hancock zhancock@edx.org

[openedx-webhooks]

Thanks for the pull request, @mtyaka! Please note that it may take us up to several weeks or months to complete a review and merge your PR.

Feel free to add as much of the following information to the ticket as you can:

• supporting documentation
• Open edX discussion forum threads
• timeline information ("this must be merged by XX date", and why that is)
• partner information ("this is a course on edx.org")
• any other information that can help Product understand the context for the PR

All technical communication about the code itself will be done via the GitHub pull request interface. As a reminder, our process documentation is here.

Please let us know once your PR is ready for our review and all tests are green.

[codecov]

Codecov Report

Base: 96.61% // Head: 96.63% // Increases project coverage by +0.02% 🎉

Coverage data is based on head (a13b35b) compared to base (682c90e).
Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files

@@                Coverage Diff                 @@
##           security/4.5.1     #331      +/-   ##
==================================================
+ Coverage           96.61%   96.63%   +0.02%     
==================================================
  Files                  71       72       +1     
  Lines                5285     5319      +34     
==================================================
+ Hits                 5106     5140      +34     
  Misses                179      179              

Flag	Coverage Δ
unittests	96.63% <100.00%> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
lti_consumer/__init__.py	100.00% <100.00%> (ø)
lti_consumer/signals.py	100.00% <100.00%> (ø)
lti_consumer/tests/unit/test_models.py	100.00% <100.00%> (ø)
lti_consumer/tests/unit/test_signals.py	100.00% <100.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[idegtiarov]

LGTM!

[openedx-webhooks]

@mtyaka 🎉 Your pull request was merged! Please take a moment to answer a two question survey so we can improve your experience in the future.

[regisb]

Thanks everyone!