Safety vulnerability ID: 58995
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Fractal-server 1.3.0a3 updates its dependency 'pymdown-extensions' to version '10.0.1' to include a security fix.
https://github.com/fractal-analytics-platform/fractal-server/pull/723
Latest version: 2.10.1
Server component of the Fractal analytics platform
* Refactor user model:
* Switch from UUID4 to int for IDs (\660, \684).
* Fix many-to-many relationship between users and project (\660).
* Rename `Project.user_member_list` into `Project.user_list` (\660).
* Add `username` column (\704).
* Update endpoints (see also [1.2->1.3 upgrade info](../internals/version_upgrades/upgrade_1_2_5_to_1_3_0/) in the documentation):
* Review endpoint URLs (\669).
* Remove foreign keys from payloads (\669).
* Update `Task` models, task collection and task-related endpoints:
* Add `args_schema` and `args_schema_version` to `Task` model (\707).
* Remove `default_args` from `Tasks` model and from manifest tasks (\707).
* Add `version` and `owner` columns to `Task` model (\704).
* Set `Task.version` during task collection (\719).
* Set `Task.owner` as part of create-task endpoint (\704).
* For custom tasks, prepend `owner` to user-provided `source` (\725).
* Make `Task.source` task-specific rather than package-specific (\719).
* Make `Task.source` unique (\725).
* When importing a workflow, only use tasks' `source` values, instead of `(source,name)` pairs (\719).
* Update `_TaskCollectPip` methods, attributes and properties (\719).
* Remove private/public options for task collection (\704).
* Improve error message for missing package manifest (\704).
* Improve behavior when task-collection folder already exists (\704).
* Add warning when exporting workflows which include custom tasks (\728).
* Restrict Task editing to superusers and task owners (\733).
* Job execution:
* Add `FractalSlurmExecutor.shutdown` and corresponding endpoint (\631, \691, \696).
* In `FractalSlurmExecutor`, make `working_dir*` attributes required (\679).
* Remove `ApplyWorkflow.overwrite_input` column (\684, \694).
* Make `output_dataset_id` a required argument of apply-workflow endpoint (\681).
* Improve error message related to out-of-space disk (\699).
* Other updates to endpoints and database:
* Add `ApplyWorkflow.end_timestamp` column (\687, \684).
* Prevent deletion of a `Workflow`/`Dataset` in relationship with existing `ApplyWorkflow` (\703).
* Add project-name uniqueness constraint in project-edit endpoint (\689).
* Other updates to internal logic:
* Drop `WorkflowTask.arguments` property and `WorkflowTask.assemble_args` method (\742).
* Add test for collection of tasks packages with tasks in a subpackage (\743).
* Expose `FRACTAL_CORS_ALLOW_ORIGIN` environment variable (\688).
* Package and repository:
* Remove `fastapi-users-db-sqlmodel` dependency (\660).
* Make coverage measure more accurate (\676) and improve coverage (\678).
* Require pydantic version to be `>=1.10.8` (\711, \713).
* Include multiple `fractal-common` updates (\705, \719).
* Add test equivalent to `alembic check` (\722).
* Update `poetry.lock` to address security alerts (\723).
* Remove `sqlmodel` from `fractal-common`, and declare database models with multiple inheritance (\710).
* Make email generation more robust in `MockCurrentUser` (\730).
* Update `poetry.lock` to `cryptography=41`, to address security alert (\739).
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application