Skip to content

Dev/11.1.0#1730

Draft
FrenjaminBanklin wants to merge 89 commits into
masterfrom
dev/11.1.0
Draft

Dev/11.1.0#1730
FrenjaminBanklin wants to merge 89 commits into
masterfrom
dev/11.1.0

Conversation

@FrenjaminBanklin

@FrenjaminBanklin FrenjaminBanklin commented May 13, 2026

Copy link
Copy Markdown
Contributor

Changes:

Docker orchestration:

  • Changes the redis container's base image from 3.2 to 8.8.0.

JavaScript dependencies:

  • Bumps @babel/core from 7.23.9 to 7.29.6.
  • Bumps form-data from 4.0.5 to 4.0.6.
  • Bumps http-proxy-middleware from 2.0.9 to 2.0.10.
  • Bumps js-yaml from 3.14.2 to 3.15.0.
  • Bumps launch-editor from 2.13.2 to 2.14.1.
  • Bumps mdast-util-to-hast from 13.2.0 to 13.2.1.
  • Bumps qs from 6.15.1 to 6.15.2.
  • Bumps shell-quote from 1.8.3 to 1.8.4.
  • Bumps @tootallnate/once from 2.0.0 to 2.0.1.
  • Bumps webpack-dev-server from 5.2.1 to 5.2.5.
  • Bumps websocket-driver from 0.7.4 to 0.7.5.

Python dependencies:

  • Bumps the application's pillow dependency from 11.1.0 to 12.2.0.
  • Bumps the application's urllib3 dependency from 2.3.0 to 2.7.0.
  • Bumps the dev environment's black dependency from 24.4.2 to 26.3.1.
  • Bumps the dev environment's filelock dependency from 3.15.4 to 3.29.0
  • Bumps the dev environment's pathspec dependency from 0.12.1 to 1.1.1.
  • Adds the pytokens dependency to the dev environment requirements.
  • Bumps the dev environment's virtualenv dependency from 20.26.3 to 20.36.1.

Bug fixes:

  • Users missing a corresponding UserSettings object no longer crash after logging in.
  • The widget catalog no longer crashes after trying to add filters on categories that aren't defined for all installed widgets.

Big features:

  • Overhauls the Collaborate dialog in the My Widgets page.
  • Adds user-selectable profile images.
    • Adds an administrative interface for managing user-selectable profile images.
    • Adds an option to the user profile to set profile image to one of the uploaded options.

dependabot Bot and others added 30 commits April 13, 2026 22:30
Bumps [pillow](https://github.com/python-pillow/Pillow) from 11.1.0 to 12.2.0.
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@11.1.0...12.2.0)

---
updated-dependencies:
- dependency-name: pillow
  dependency-version: 12.2.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.3.0 to 2.7.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.3.0...2.7.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [black](https://github.com/psf/black) from 24.4.2 to 26.3.1.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@24.4.2...26.3.1)

---
updated-dependencies:
- dependency-name: black
  dependency-version: 26.3.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.26.3 to 20.36.1.
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@20.26.3...20.36.1)

---
updated-dependencies:
- dependency-name: virtualenv
  dependency-version: 20.36.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) from 13.2.0 to 13.2.1.
- [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases)
- [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1)

---
updated-dependencies:
- dependency-name: mdast-util-to-hast
  dependency-version: 13.2.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 5.2.1 to 5.2.4.
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v5.2.1...v5.2.4)

---
updated-dependencies:
- dependency-name: webpack-dev-server
  dependency-version: 5.2.4
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@tootallnate/once](https://github.com/TooTallNate/once) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/TooTallNate/once/releases)
- [Changelog](https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md)
- [Commits](TooTallNate/once@2.0.0...v2.0.1)

---
updated-dependencies:
- dependency-name: "@tootallnate/once"
  dependency-version: 2.0.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [qs](https://github.com/ljharb/qs) from 6.15.1 to 6.15.2.
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.1...v6.15.2)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bump urllib3 from 2.3.0 to 2.7.0 in /app

It looks like the primary usage of urllib3 in Materia is in the widget installer, which appears to still be working properly using this version. Seems fine to me.
…conflicts after bumping the version of 'black'.
Bump black from 24.4.2 to 26.3.1

Had to also bump pathspec to 1.1.1 and add pytokens at 0.4.1 to satisfy black version update.
Bump virtualenv from 20.26.3 to 20.36.1

Bump filelock from 3.15.4 to 3.29.0.
…0029, plus fallback to default profile image
FrenjaminBanklin and others added 30 commits June 15, 2026 16:01
…-dev-server-5.2.4

Bump webpack-dev-server from 5.2.1 to 5.2.4
… a try/catch to avoid failures for old qsets where those entities are lists instead of objects.
Bumps [launch-editor](https://github.com/vitejs/launch-editor) from 2.13.2 to 2.14.1.
- [Commits](vitejs/launch-editor@v2.13.2...v2.14.1)

---
updated-dependencies:
- dependency-name: launch-editor
  dependency-version: 2.14.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.23.9 to 7.29.6.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.6/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-version: 7.29.6
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [form-data](https://github.com/form-data/form-data) from 4.0.5 to 4.0.6.
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.5...v4.0.6)

---
updated-dependencies:
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
…ta-4.0.6

Bump form-data from 4.0.5 to 4.0.6
Bumps [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) from 2.0.9 to 2.0.10.
- [Release notes](https://github.com/chimurai/http-proxy-middleware/releases)
- [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.10/CHANGELOG.md)
- [Commits](chimurai/http-proxy-middleware@v2.0.9...v2.0.10)

---
updated-dependencies:
- dependency-name: http-proxy-middleware
  dependency-version: 2.0.10
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 5.2.1 to 5.2.5.
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v5.2.1...v5.2.5)

---
updated-dependencies:
- dependency-name: webpack-dev-server
  dependency-version: 5.2.5
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
…editor-2.14.1

Bump launch-editor from 2.13.2 to 2.14.1
…ore-7.29.6

Bump @babel/core from 7.23.9 to 7.29.6
…-dev-server-5.2.5

Bump webpack-dev-server from 5.2.1 to 5.2.5
…oxy-middleware-2.0.10

Bump http-proxy-middleware from 2.0.9 to 2.0.10
…ilure-error-handling

Error handling for `Notification` model's `send_email` method
…d-play-ids-failure

Adds graceful fallback for invalid play IDs passed as token params
…tions-lists

Gracefully ignore non-dict question options in full event log exporter.
…uides

Adds 'darkMode' class to widget player and creator guides if it's enabled.
…g-via-lti-postmessage

Player setHeight sends frameResize postMessage in LTI contexts
…re-for-disabled-registrations

Error page for disabled LTI registrations
…tifications

Users are notified when a widget instance shared with them is undeleted.
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.2 to 3.15.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.2...3.15.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 3.15.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
…-3.15.0

Bump js-yaml from 3.14.2 to 3.15.0
Bumps [websocket-driver](https://github.com/faye/websocket-driver-node) from 0.7.4 to 0.7.5.
- [Changelog](https://github.com/faye/websocket-driver-node/blob/main/CHANGELOG.md)
- [Commits](faye/websocket-driver-node@0.7.4...0.7.5)

---
updated-dependencies:
- dependency-name: websocket-driver
  dependency-version: 0.7.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
…et-driver-0.7.5

Bump websocket-driver from 0.7.4 to 0.7.5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants