Merge branch 'master' into block-notes

This commit is contained in:
Oliver 2026-05-26 22:10:35 +10:00 committed by GitHub
commit d1b37466ce
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 33 additions and 22 deletions

View File

@ -117,7 +117,7 @@ jobs:
python-version: ${{ env.python_version }}
cache: "pip"
- name: Run pre commit hook Checks
uses: j178/prek-action@6ad80277337ad479fe43bd70701c3f7f8aa74db3 # pin@v2
uses: j178/prek-action@bdca6f102f98e2b4c7029491a53dfd366469e33d # pin@v2
- name: Check Version
run: |
pip install --require-hashes -r contrib/dev_reqs/requirements.txt
@ -415,7 +415,7 @@ jobs:
path: .coverage
retention-days: 14
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # pin@v6.0.0
uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # pin@v6.0.1
if: always()
with:
token: ${{ secrets.CODECOV_TOKEN }}
@ -597,7 +597,7 @@ jobs:
- name: Run Tests
run: invoke dev.test --check --migrations --report --coverage --translations
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # pin@v6.0.0
uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # pin@v6.0.1
if: always()
with:
token: ${{ secrets.CODECOV_TOKEN }}
@ -734,7 +734,7 @@ jobs:
- name: Report coverage
run: cd src/frontend && npx nyc report --report-dir ./coverage --temp-dir .nyc_output --reporter=lcov --exclude-after-remap false
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # pin@v6.0.0
uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # pin@v6.0.1
with:
token: ${{ secrets.CODECOV_TOKEN }}
slug: inventree/InvenTree
@ -790,4 +790,4 @@ jobs:
with:
persist-credentials: false
- name: Run zizmor 🌈
uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6

View File

@ -67,6 +67,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
with:
sarif_file: results.sarif

View File

@ -10,7 +10,7 @@
# - Monitors source files for any changes, and live-reloads server
# Base image last bumped 2026-03-20
FROM python:3.14-slim-trixie@sha256:fb83750094b46fd6b8adaa80f66e2302ecbe45d513f6cece637a841e1025b4ca AS inventree_base
FROM python:3.14.5-slim-trixie@sha256:c845af9399020c7e562969a13689e929074a10fd057acd1b1fad06a2fb068e97 AS inventree_base
# Build arguments for this image
ARG commit_tag=""

View File

@ -199,10 +199,20 @@ In either case, ensure that the directory is available *on your local machine* a
## Error Rendering Component
Sometimes, following a software update, you may find that certain components of the web interface are not rendering correctly, and presented with a message similar to the screenshow below:
Sometimes, following a software update, you may find that certain components of the web interface are not rendering correctly, and presented with a message similar to the screenshot below:
{{ image("faq/boundary.png", "Error Rendering Component") }}
This is often due to a caching issue with your web browser. Try performing a hard refresh of the page to clear the cache, this should resolve the issue in most cases.
If the problem persists, refer to the [troubleshooting guide](./troubleshooting.md) for further assistance.
## Expression tree is too large
If you are running a large InvenTree deployment on an SQLite database, you may encounter an error similar to:
```
Expression tree is too large (maximum depth 1000)
```
This is a [known limitation of SQLite](https://www.sqlite.org/limits.html) which can occur when performing complex queries on a large database. Due to [structural limitations](./start/processes.md#sqlite-limitations) of SQLite, it is recommended to use a more robust database backend such as PostgreSQL for larger deployments.

View File

@ -1,5 +1,5 @@
---
title: Resources InvenTree receives
title: Sponsored Resources
---
The InvenTree project is grateful to receive resources from various vendors free of charge.
@ -18,5 +18,6 @@ Individuals and companies can also support via [GitHub sponsors](https://github.
## Past Supporters
Non comprehensive list of past supporters. The project stops consuming resources for various reasons, this does not mean they are not good resources.
- [Coveralls](https://coveralls.io/) - Code coverage as a service
- [Deepsource](https://deepsource.io/) - Code quality and security analysis

View File

@ -6,24 +6,24 @@ The InvenTree project is committed to providing a secure and safe environment fo
To that end, we have implemented a number of security measures over the years, which we will outline in this document.
## Organisational measures
## Organizational Measures
The InvenTree project is managed by a small team of developers, who are responsible for the ongoing development and maintenance of the software. Two geographically distributed users have administrative access to the InvenTree codebase. Merges are only done by one of these two users, the maintainer Oliver.
Read the Project [Governance](./project/governance.md) document for more information.
InvenTree is open-source, and we welcome contributions from the community. However, all contributions are reviewed and scrutinised before being merged into the codebase.
InvenTree is open-source, and we welcome contributions from the community. However, all contributions are reviewed and scrutinized before being merged into the codebase.
### Security Policy
The official [Security Policy]({{ sourcefile("SECURITY.md") }}) is available in the code repository.
We provide this document in our main repo to increase discoverabiltity to ensure that all security issues are handled in a timely manner.
We provide this document in our main repo to increase discoverability to ensure that all security issues are handled in a timely manner.
### Past Reports
If we become aware of a security issue, we will take immediate action to address the issue, and will provide a public disclosure of the issue once it has been resolved. We support assigning CVEs to security issues where appropriate. Our [past security advisories can be found here](https://github.com/inventree/InvenTree/security/advisories).
## Technical measures
## Technical Measures
### Code hosting
### Code Hosting
The InvenTree project is hosted on GitHub, and we rely on the security measures provided by GitHub to help protect the integrity of the codebase.
@ -35,24 +35,24 @@ Among those are:
- (Optional but encouraged) Two-factor authentication for user accounts
- (Optional but encouraged) Signed commits / actions
### Code style
### Code Style
We enforce style and security checks in our CI/CD pipeline, and we have several automated tests to ensure that the codebase is secure and functional.
Checks are run on every pull request, and we require that all checks pass before a pull request can be merged.
### Current versions
### Current Versions
InvenTree is built using the Django framework, which has a strong focus on security. We follow best practices for Django development, and we are committed to keeping the codebase up-to-date with the latest security patches and within supported versions.
### Test coverage
### Test Coverage
We run coverage tests on our codebase to ensure that we have a high level of test coverage above 90%. This is public and can be found [here](https://app.codecov.io/gh/inventree/InvenTree).
### Pinning dependencies
### Pinning Dependencies
We are pinning dependencies to specific versions - aiming for complete reproducibility of builds - wherever possible. Combined with continuous OSV checks, we are able to react quickly to security issues in our dependencies.
## Best practices
## Best Practices
We follow most of GitHubs community best practices, check our compliance [here](https://github.com/inventree/InvenTree/community).

View File

@ -87,7 +87,7 @@ nav:
- Project Details:
- Governance: project/governance.md
- Project Security: security.md
- Resources: project/resources.md
- Sponsored Resources: project/sponsored_resources.md
- Privacy: privacy.md
- Concepts:
- Terminology: concepts/terminology.md

View File

@ -50,7 +50,7 @@ def test_api_auth_performance():
'/api/order/so/shipment/',
#'/api/order/po/',
#'/api/order/po-line/',
'/api/user/roles/',
'/api/user/me/roles/',
'/api/parameter/',
'/api/parameter/template/',
],
@ -77,7 +77,7 @@ def test_api_list_performance(url):
'/api/order/so/shipment/',
'/api/order/po/',
'/api/order/po-line/',
'/api/user/roles/',
'/api/user/me/roles/',
'/api/parameter/',
'/api/parameter/template/',
],