Rapydo

:star2: New functionalities

- Added docker builds (moved from build-templates)
- Added support for python 3.12
- Added python 3.10 legacy backend
- Replaced Flask-Migrate commands with Alembic alternatives
- Password expiration can now be configured via PASSWORD_EXPIRATION_WARNING variable
- Configured PASSWORD_EXPIRATION_WARNING to disable password expiration checks when set to 0
- Add SMTP_REPLYTO env variable
- Add custom angular controls template
- Added support for ENABLE_ANGULAR_MULTI_LANGUAGE conf
- Added async_timeout to backend builds (used by Redis instead of asyncio)
- Set CYPRESS_CACHE_FOLDER to avoid permission errors
- Automatic fallback from pip3 to pip in case of exec errors
- Extended flake8 configuration with flake8-bugbear
- Add PIP_BIN env variable
- Add pytest-rerunfailures to restart flaky tests
- Improved mypy config
- Merged static analysis tools into a single workflow

:wastebasket: Dropped functionalities

- Dropped build-templates submodule
- Drop legacy38 backend build
- Drop support for google-analytics
- Drop BACKEND_BUILD_MODE and PYTHON_PATH in favor of BACKEND_PYTHON_VERSION
- Remove pre-commit bumps automerge
- Drop test command and controller build
- Drop ggshield hook
- Remove import of workspace-tools and typescript plugins, now included by default with yarn 4
- Drop unrecognized document-domain Permissions-Policy header

:bug: Bug fixes and improvements

- Flask 2.2 compatibility fixes, remove FLASK_ENV, add FLASK_DEBUG
- Compose v2.14 compatibility fix: removed entrypoint and command when null
- Compatibility fix for adminer (now based on ubuntu)
- Temporary added env var SQLALCHEMY_SILENCE_UBER_WARNING to silence SQLAlchemy 2.0 uber warnings
- Added SQLALCHEMY_WARN_20 env var to to raise sqlalchemy RemovedIn20Warning deprecation warnings

:rocket: Dependencies Upgrades

- Bump docker buildx to v0.13.1
- Bump docker compose to v2.24.6
- Bump docker registry to v2.8.3
- Bump neo4j to v4.4.32
- Bump nginx to v1.25.5
- Bump postgres to v15.6
- Bump Node.js to v20.9.0
- Bump rabbitmq to v3.13.1
- Bump redis to v7.2.4
- Bump python backend to 3.11.3
- Bump swagger-ui to v5.16.2
- Bump fail2ban to v1.0.2
- Bump ftp image to buster
- Bump certbot to 2.10.0
- Bump gunicorn to 22.0.0
- Bump angular/cli to 15.2.10
- Bump ajv to 8.12.0
- Bump ts-json-schema-generator to 1.5.1
- Bump click to 8.1.7
- Bump cypress to 13.8.0
- Bump deepmerge to 4.3.1
- Bump dotenv to 16.4.5
- Bump python-on-whales to 0.70.1
- Bump typer to 0.9.0
- Bump GitPython to 3.1.43
- Bump pydantic to 2.7.0
- Bump requests to 2.31.0
- Bump gevent to 24.2.1
- Bump lxml to 5.2.1
- Bump PyYAML to 6.0.1
- Bump pip to 24.0
- Bump setuptools to 69.2.0
- Bump wheel to 0.41.3
- Bump pytest to 8.1.1
- Bump pytest-cov to 5.0.0
- Bump pytest-rerunfailures to 14.0
- Bump pytest-sugar to 1.0.0
- Bump pytest-timeout to 2.2.0
- Bump pytest-timeout to 2.3.1
- Bump freezegun to 1.4.0
- Bump types-python-dateutil to 2.9.0.20240316
- Bump types-pytz to 2024.1.0.20240203
- Bump types-PyYAML to 6.0.12.8
- Bump types-requests to 2.31.0.20240406
- Bump actions/setup-python to v5
- Bump checkout action to v4
- Bump codeql-action action to v3
- Bump docker/login-action to v3
- Bump upload-artifact action to v4
- Bump pre-commit hooks

:rocket: Dependencies Upgrades

* Bump buildx to v0.9.1

* Bump compose to v2.9.0

* Bump python-on-whales to 0.54.0

* Bump click to 8.1.3

* Bump typer to 0.7.0

* Bump GitPython to 3.1.29

* Bump pip to 22.3.1

* Bump setuptools to 65.6.3

* Bump wheel to 0.38.4

* Bump pytest to 7.2.0

* Bump pytest-cov to 4.0.0

* Bump pytest-sugar to 0.9.6

* Bump mypy to 0.991

* Bump types-python-dateutil to 2.8.19.4

* Bump types-pytz to 2022.6.0.1

* Bump types-PyYAML to 6.0.12.2

* Bump types-requests to 2.28.11.5

* Bump pre-commit hooks

:star2: New functionalities

* Bump RAPyDo version to 2.4

* Added ngx-spinner type configuration (SPINNER_TYPE env variable)

* Added types-setuptools and do to mypy deps

* Enabled Renovate

* Logging driver is now configurable and defaulted to json-file in dev mode and syslog in prod mode

* Replaced tabulate with rich

* Enable Mend Bolt

* Added mypy service

* Added support to install compose and buildx on MacOS

* Authorized the installation of docker script with checksum f0914813fcbbe35f1358a994cff812d3

* Switched from setup to pyproject (added req to setuptools 64 to support editable installation)

* Added pre-commit exec to CI

* Added support for python 3.11

:wastebasket: Dropped functionalities

* Dropped telegram poc

* Dropped TESTING_TOTP_HASH in favour of a mocked TOTP code in testing mode

* Dropped schemathesis

* Disabled Neo4j GDS configuration

* Dropped unused DEBUG_ENDPOINTS env variable

* Dropped support for backup, restore and password commands on mariadb

* Dropped support for mariadb auth service

:bug: Bug fixes and improvements

* Cypress integration folder renamed into e2e

* Added mount of /http-api into http-api-package to let PR to force packages installation

* Redis backup compatibility fix: with redis 7 AOF changed from a single file to a folder

* Merged projects pre-commit configurations

* Enabled precommit upgrade via Renovate

* MacOS compatiblity fix, dropped editable prefix

* Bug fix to allow docker registry port relocation

* Increased bash columns used on github actions

* Added compose and buildx under renovate control

* Enabled Renovate automerge for patch deps

* Fixed pyproject.toml to include package data

* Added types optional-dependencies

* Pinned dev and stubs dependencies

* Moving depdendencies to requirements files via dynamic metadata

* Added requirements.dev.txt and requirements.types.txt to Renovate conf

* Typing fixes after the new no_implicit_optional=True default

* Enabled Renovate automerge for precommit deps

* Test fix, added exec-opts to docker json

* Fix flake8 url from gitlab to github

:shield: Fail2ban rules

* Added Generic ADSL Router DNS Change fail2ban rule

* Updated list of permanent IP bans

:rocket: Dependencies Upgrades

* Bump RAPyDo version to 2.3

* Bump python-on-whales to 0.40.0

* Bump GitPython to 3.1.27

* Bump mariadb to 10.8.2

* Bump typer to 0.4.1

* Bump click to 8.1.2

* Bump buildx to v0.8.2

* Bump compose to v2.5.0

* Bump python-version to 3.10 in CI workflows

* Precommit update

* Upgraded GA build image from ubuntu-20.04 to ubuntu-latest

:star2: New functionalities

* Enabled neo4j apoc core functions

* Enabled neo4j gds functions

* Set Redis as default broker when rabbit is not enabled

* Added backend-legacy to valid BACKEND_BUILD_MODE values

* Moved metadata from setup.py to setup.cfg

* Added project metadata to pyproject.toml

* Converted rapydo install to always work at user level

* Added ENABLE_YARN_PNP flag (disabled by default)

* Configured fail2ban persistent bans based on a custom IP blacklist

* Added a parsing of iptables --version to switch between legacy and nft

* Added a script based on AbuseIPDB APIs to verify blacklisted IPs

:wastebasket: Dropped functionalities

* Disabled Deadpendency workflow

* Dropped MongoDB

:bug: Bug fixes and improvements

* Bug fix to correctly run the maintenance service, due to the run behaviour port 443 was not properly mapped

* Bug fix to correctly assign service port to SwaggerUI and Adminer notification messages

* Added variables for the FTP connector

* Set redis-cli as default command on redis shell

* Added passwords expiration warnings on check

* Moved isort configuration from .isort.cfg to pyproject.toml

* Replaced Sultan with Plumbum in packages commands

* Updated PYTHON_PATH

* Authorized the installation of docker script with checksum c3a774bf0e34387a0414f225d4dd84d9

* Removed replicas if both replicas and global mode are set

* Reimplemented frontend reload to always start the frontend build in compose mode

* Bug fix to allow ACTIVATE_FAIL2BAN flag via cli

* Fail2ban configuration is now dynamically loaded based on activated services

:shield: Fail2ban rules

* Added ColdFusion administrator access fail2ban rule

* Added Symantec Secure Web Gateway RCE rule to fail2ban configuration

* Added CVE-2022-22963 to fail2ban configuration

* Added CVE-2020-10987 to fail2ban ruleset

* Added fail2ban rule to detect Shenzhen TVT DVR/NVR/IPC attempts

* Added CVE 2022-1388 to fail2ban rules

* Added url encoded cgi-bin URLs to fail2ban rules

* Added CVE-2014-2321 to to fail2ban rules

None

None

None