Bump label-studio from 1.7.3 to 1.11.0 in /docs

[dependabot]

Bumps label-studio from 1.7.3 to 1.11.0.

Release notes

Sourced from label-studio's releases.

1.11.0

🌟 What's New

🎉 New Features

Consolidated Label Studio Codebase

This release introduces a simplified Label Studio repository structure.

Previously, the Label Studio frontend and Data Manager codebases were each located in a separate repository: label-studio-frontend and dm2. Starting with this release, the Label Studio Frontend and Data Manager code will be updated and maintained in the main label-studio repository.

The Label Studio Frontend code is now located in the label-studio repository under web/libs/editor, and the Data Manager code can be found under web/libs/datamanager. For more information, see our contributing guide.

This consolidated codebase has many benefits, including streamlined and simplified workflows, increased efficiency when performing cross-component changes, and improved navigation. Most importantly, a unified codebase will make it easier for our Open Source community to navigate and understand the Label Studio code architecture, lowering the barrier to entry for new contributors. (#5154)

🔐 Security

• This release includes several measures to increase SSRF protection (#5316), which address CVE-2023-47116 (HumanSignal/label-studio#5316):
  • When SSRF_PROTECTION_ENABLED is set to true (note that it defaults to false), our new default is to ban all IPs within reserved blocks, for both IPv4 and IPv6.
  • We are introducing two new environment variables, to be used in conjunction with SSRF_PROTECTION_ENABLED=true: USER_ADDITIONAL_BANNED_SUBNETS — Use this to specify additional IP addresses or CIDR blocks to ban from server-side requests (e.g. the URL-based file uploader). USE_DEFAULT_BANNED_SUBNETS — This is set to True by default. If you would like to have full control over banned subnets, you can set this to False and use USER_ADDITIONAL_BANNED_SUBNETS to specify all the IP addresses / CIDR blocks you’d like to disallow instead.
  • We have also improved our error messages to make it clearer when an action is being blocked due to SSRF protections.
• Implemented comprehensive HTML sanitization to safeguard against vulnerabilities and ensure a secure user experience. (#5232)
• Addressed several vulnerabilities found in the npm-axios package. (#5229)

🐞 Bug Fixes

• Fixed an issue where Label Studio crashed when configuring multiple hotkeys using the hotkey="," format. (#5240)
• Fixed an issue where credential validation was failing in the Label Studio interface for cloud storages configured using SDK. (#5228)
• Fixed an issue where cancelled and updated annotations were not recalculating is_labeled and other counters. (#4472)
• Fixed an issue where annotation drafts were not changing when switching to view all mode. (#5141)
• Fixed an issue where users would encounter an error when using the Storage filename filter in the Data Manager. (#5289)
• Fixed an issue where users were unable to use the View all annotations option when the project included images that had an empty URL. (#5245)
• Fixed an issue where relations were not displayed if they were added by a user while reviewing a task. (#5140)
• Fixed an issue where users were seeing the Comments tab (an Enterprise-only feature) when resizing their screen. (#5230)

🤩 Contributors

• @​juliosgarbi
• @​jombooth
• @​Gondragos
• @​hlomzik
• @​KonstantinKorotaev
• @​makseq
• @​Travis1282

1.10.1

🔐 Security

... (truncated)

Commits

• a9766f0 chore: Cherry picked OPTIC-353 into release 1.11.0 (#5353)
• 08e726c ci: PLATE-777: Add PR link to release notes (#5336)
• 2002e96 chore: Cherry picked DIA-820 and LEAP-396 into release 1.11.0 (#5332)
• 6a5f691 chore: Bump version to 1.11.0
• 05f3a3d ci: Update Feature Flags
• 0092831 docs: Add release notes for 2.9.0 (#5298)
• b57b91b fix: LEAP-458: implement storage_filename filter in data manager (#5289)
• a6c6472 ci: Fix FollowMerge monorepo src copy
• b52aea4 docs: DOC-157: Remove .avi from list of supported video file types (#5288)
• 219ebcc ci: PLATE-795: Use pyproject.toml as a source version (#5277)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[coderabbitai]

Important

Auto Review Skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit-tests for this file.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository from git and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[socket-security]

Removed dependencies detected. Learn more about Socket for GitHub ↗︎

🚮 Removed packages: pypi/bleach@5.0.0, pypi/bleach@5.0.0, pypi/boto3@1.16.28, pypi/boto3@1.16.28, pypi/botocore@1.19.28, pypi/botocore@1.19.28, pypi/google-api-core@2.10.0, pypi/google-api-core@2.10.0, pypi/google-auth@2.11.0, pypi/google-auth@2.11.0, pypi/google-cloud-logging@2.7.0, pypi/google-cloud-logging@2.7.0, pypi/grpc-google-iam-v1@0.12.3, pypi/jsonschema@3.2.0, pypi/jsonschema@3.2.0, pypi/label-studio@1.7.3, pypi/label-studio@1.7.3, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/pyrsistent@0.20.0, pypi/python-dateutil@2.8.1, pypi/python-dateutil@2.8.1

View full report↗︎

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.