HelloAsso: retry without payer info for BadRequestException (400)#857
Merged
Marc-Andrieu merged 1 commit intomainfrom Oct 9, 2025
Merged
HelloAsso: retry without payer info for BadRequestException (400)#857Marc-Andrieu merged 1 commit intomainfrom
Marc-Andrieu merged 1 commit intomainfrom
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #857 +/- ##
=======================================
Coverage 85.46% 85.46%
=======================================
Files 187 187
Lines 14320 14320
=======================================
Hits 12238 12238
Misses 2082 2082 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
warix8
approved these changes
Sep 26, 2025
21 tasks
Rotheem
approved these changes
Oct 8, 2025
Marc-Andrieu
approved these changes
Oct 9, 2025
Member
Marc-Andrieu
left a comment
Marc-Andrieu
left a comment
There was a problem hiding this comment.
To be merged whie #861 is being reviewed
in addition to UnauthorizedException (403)
Marc-Andrieu
force-pushed
the
ha-retry-without-payer-info
branch
from
bd4635c to
d8edecc
Compare
Marc-Andrieu
pushed a commit
that referenced
this pull request
Oct 19, 2025
in addition to UnauthorizedException (403) I think HelloAsso probably changed its error code when the PayerInfo contains invalid data
Rotheem
added a commit
to ProximApp/Hyperion
that referenced
this pull request
Mar 19, 2026
* Disable Copilot on dotenv and config.yaml file (#784) * CDR : Add needs_validation in CDRProduct (#791) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Versionning of previous years of CDR (#779) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary --------- Co-authored-by: Maxime Lemonnier <98470688+Malem38@users.noreply.github.com> Co-authored-by: Thonyk <timr.web@free.fr> * Give membership manager read/write access for user membership (#783) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Restrict advert picture addition to managers of the advertiser (#789) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * CDR: Add self-answerable questions (#793) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Hyperion 4.7.0 (#794) * Remove useles attribute (#796) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Fix cdr (#797) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Fix cdr 2 (#798) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Fix CdR 3 (#799) About editing the year of the current session * Hotfix cdr (#801) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary --------- Co-authored-by: Thonyk <timr.web@free.fr> * Bump version to 4.7.1 (#802) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Extend membership acces to cdr admins (#803) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * CDR : open result endpoint to sellers (#806) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Bump hyperion to 4.7.3 (#807) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Make CdR coredata public (#804) * No reason to hide it * Purpose: display the cdr year in Siarnaq : * in order not to hard-code it (changing it every year is bad) * in order to know easily the year Siarnaq thinks it is and catch it early if wrong * Possibly do the same with the status (for the same reasons: pretty annoying to have to use admin rights to be sure of the actual status) Co-authored-by: Maxime Lemonnier <98470688+Malem38@users.noreply.github.com> * CDR : allow edition and deletion during cdr (#808) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Fix email migration (#809) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary Co-authored-by: Maxime Lemonnier <98470688+Malem38@users.noreply.github.com> * Bump version (#810) Co-authored-by: Maxime Lemonnier <98470688+Malem38@users.noreply.github.com> * fix: deleting all participant along all teams (#815) ### Description When deleting all teams, participants must be deleted as well ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Fix sending websocket message when editing cdr user membership (#812) * Raid : handling both prices (#816) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary --------- Co-authored-by: Armand Didierjean <95971503+armanddidierjean@users.noreply.github.com> * Fix(state management): store state in global variable to allow the sc… (#811) …heduler to access db (backport of https://github.com/ProximApp/Hyperion/pull/8) * Fix user batch invitation response model * Fix: add missing param in send_emails_from_queue_task * Get db directly using SessionLocal * Store state in global Python variable * Use arq 0.26.3 * Don't keep arq job results after completion to be able to queue new jobs with the same id * Cancel planned notification with the same job_id before queuing a new one * fixup state * Access GLOBAL_STATE in tests init * Remove unexpected state param while disconnecting * Lint * Parametrize test_factory fixture * Lint * Refactor test settings * Fix migrate mail from non school mails (#817) * fix curriculum membership (#813) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Bump actions/checkout from 4 to 5 in the actions group (#814) Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 4 to 5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li> </ul> <h2>⚠️ Minimum Compatible Runner Version</h2> <p><strong>v2.327.1</strong><br /> <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></p> <p>Make sure your runner is updated to this version or newer to use this release.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> <li>Prepare release v4.3.0 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2237">actions/checkout#2237</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/motss"><code>@motss</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li><a href="https://github.com/mouismail"><code>@mouismail</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li><a href="https://github.com/benwells"><code>@benwells</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li><a href="https://github.com/nebuk89"><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v4.3.0">https://github.com/actions/checkout/compare/v4...v4.3.0</a></p> <h2>v4.2.2</h2> <h2>What's Changed</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.1...v4.2.2">https://github.com/actions/checkout/compare/v4.2.1...v4.2.2</a></p> <h2>v4.2.1</h2> <h2>What's Changed</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1919">actions/checkout#1919</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.0...v4.2.1">https://github.com/actions/checkout/compare/v4.2.0...v4.2.1</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>V5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>V4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li> <li>README: Suggest <code>user.email</code> to be <code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1707">actions/checkout#1707</a></li> </ul> <h2>v4.1.4</h2> <ul> <li>Disable <code>extensions.worktreeConfig</code> when disabling <code>sparse-checkout</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1692">actions/checkout#1692</a></li> <li>Add dependabot config by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1688">actions/checkout#1688</a></li> <li>Bump the minor-actions-dependencies group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1693">actions/checkout#1693</a></li> <li>Bump word-wrap from 1.2.3 to 1.2.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1643">actions/checkout#1643</a></li> </ul> <h2>v4.1.3</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8"><code>08c6903</code></a> Prepare v5.0.0 release (<a href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li> <li><a href="https://github.com/actions/checkout/commit/9f265659d3bb64ab1440b03b12f4d47a24320917"><code>9f26565</code></a> Update actions checkout to use node 24 (<a href="https://redirect.github.com/actions/checkout/issues/2226">#2226</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/v4...v5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * CdR: move Status to CoreData file (#800) * Hyperion 4.7.6 (#818) * Cdr export results rework (#820) ### Description Close https://github.com/aeecleclair/Hyperion/issues/577 * Hyperion 4.7.7 (#822) * Minor config fixes and enhancements (#805) While reconfiguring my local Hyperion, a couple difficulties arose... * Add trailing slash on `/users/account-types` (#825) ### Description When visiting the visibility page on Titan, it loads indefinitely because the HTTPS request `/users/account-types/` (notice the trailing slash) hits a 307 to a HTTP request, given that Hyperion doesn't expect it. FastAPI redirects to HTTP when you issue a request with a trailing slash that is unexpected or when you lack an expected trailing slash. Although there are FastAPI-wide solutions (like an option in the APIRouter or a flag in the CLI), this error doesn't seem to occur anywhere else: Hyperion endpoints generally do NOT end with a trailing slash, and Titan repositories generally use a suffix without trailing slash, and when no suffix is used in a given Titan repo, the Hyperion endpoint has this trailing slash. Our front-end Titan has the trailing slash bescause the route has no suffix (it's directly `final ext = "users/account-types/";`) For evidence, see screenshot below of 2x2 requests (with and without trailing slash, and with Hyperion instances that expect or not the trailing slash): - in prod: ` "/users/account-types"` - in alpha: `"/users/account-types/"` <img width="3119" height="730" alt="Capture d'écran 2025-09-06 113731" src="https://github.com/user-attachments/assets/bdb98f57-a1d1-4fc1-9395-15aa9d69435b" /> * Fix CdR ticket deletion (#826) * Raid fixups (#828) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Sport competition module (#621) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * fix: student price only based on the presence of student card (#833) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Bump requests from 2.32.3 to 2.32.4 (#749) Bumps [requests](https://github.com/psf/requests) from 2.32.3 to 2.32.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.32.4</h2> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (<a href="https://redirect.github.com/psf/requests/issues/6965">#6965</a>)</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> <li>Dropped support for pypy 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS.</li> <li>Dropped support for pypy 3.9 following its end of support.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/021dc729f0b71a3030cefdbec7fb57a0e80a6cfd"><code>021dc72</code></a> Polish up release tooling for last manual release</li> <li><a href="https://github.com/psf/requests/commit/821770e822a20a21b207b3907ea83878bda1d396"><code>821770e</code></a> Bump version and add release notes for v2.32.4</li> <li><a href="https://github.com/psf/requests/commit/59f8aa2adf1d3d06bcbf7ce6b13743a1639a5401"><code>59f8aa2</code></a> Add netrc file search information to authentication documentation (<a href="https://redirect.github.com/psf/requests/issues/6876">#6876</a>)</li> <li><a href="https://github.com/psf/requests/commit/5b4b64c3467fd7a3c03f91ee641aaa348b6bed3b"><code>5b4b64c</code></a> Add more tests to prevent regression of CVE 2024 47081</li> <li><a href="https://github.com/psf/requests/commit/7bc45877a86192af77645e156eb3744f95b47dae"><code>7bc4587</code></a> Add new test to check netrc auth leak (<a href="https://redirect.github.com/psf/requests/issues/6962">#6962</a>)</li> <li><a href="https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef"><code>96ba401</code></a> Only use hostname to do netrc lookup instead of netloc</li> <li><a href="https://github.com/psf/requests/commit/7341690e842a23cf18ded0abd9229765fa88c4e2"><code>7341690</code></a> Merge pull request <a href="https://redirect.github.com/psf/requests/issues/6951">#6951</a> from tswast/patch-1</li> <li><a href="https://github.com/psf/requests/commit/6716d7c9f29df636643fa2489f98890216525cb0"><code>6716d7c</code></a> remove links</li> <li><a href="https://github.com/psf/requests/commit/a7e1c745dc23c18e836febd672416ed0c5d8d8ae"><code>a7e1c74</code></a> Update docs/conf.py</li> <li><a href="https://github.com/psf/requests/commit/c799b8167a13416833ad3b4f3298261a477e826f"><code>c799b81</code></a> docs: fix dead links to kenreitz.org</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.32.3...v2.32.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aeecleclair/Hyperion/network/alerts). </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add batch purchase and validation (#834) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Bump version 4.9.0 (#838) Co-authored-by: Maxime Lemonnier <98470688+Malem38@users.noreply.github.com> * fix int type in sheet export (#827) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * IC Challenger: school product's quota (#837) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Fix websockets: do not send data if closed (#840) self-explanatory raise for other exceptions * Notifications: Allows to get devices and send test notifications for other users (#842) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Fix various challenger issues (#841) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Log at once user_ids of users suffering from senderId mismatch (#839) ### Context * Many logs all the time * They are useless (only tell a senderId which is deleted immediately after * Many users don't receive important notifs ### What this PR does * Distinguish the `UnregisteredError`, the `SenderIdMismatchError` and the rest * Log once for everyone who got a senderId mismatch * and log the useful pieces of info, i.e. `user_id` * Add missing types * `TODO:` retry immediately after for whom the notif failed (with a new token), or remember the list * Bump version to 4.9.2 (#843) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Fix raid logic (#847) ### Description Fixes team merge crashes because invite tokens still exists Fixes raid price calculation ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Fix(MyECLPay): catch on retry checkout init (#821) ### Description * Retry only if relevant (user info was provided) * Catch a specific 401 exception * More expressive logs * Various notifications fixes (#844) - Fix: log distinct usernames - Ditchline break and separate usernames with commas - Better type hints - Reuse an unused CRUD to get usernames by topic - Use `send_each` to get a `BatchResponse` when sending to a topic (not so useful unfortunately) * Add promo to CdrUserPreview for new column on Siarnaq's table (#823) In the data table in Siarnaq (on the left panel of the admin page), we should add a 5th column to indicate the promo, which is crucial yet missing information, according to some feedback. * Add volunteer shifts for challenger (#848) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary * Raid: removing google drive support (#850) ### Description Remove completely the Google Drive support Add an endpoint to serve a zip with the security files of all the participants ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary --------- Co-authored-by: armanddidierjean <95971503+armanddidierjean@users.noreply.github.com> Co-authored-by: NakoGH <rbelahcene10@gmail.com> * Hyperion 4.9.4 (#854) ### Description Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the documentation, if necessary Co-authored-by: NakoGH <rbelahcene10@gmail.com> * Bump authlib from 1.5.2 to 1.6.4 (#846) Bumps [authlib](https://github.com/authlib/authlib) from 1.5.2 to 1.6.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/releases">authlib's releases</a>.</em></p> <blockquote> <h2>v1.6.4</h2> <h2>What's Changed</h2> <ul> <li>fix(jose): prevent public/unprotected header overwriting protected header by <a href="https://github.com/lepture"><code>@lepture</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/809">authlib/authlib#809</a></li> <li>Fix <code>InsecureTransportError</code> raising by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/810">authlib/authlib#810</a></li> <li>Add conventional-commits pre-commit hook by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/811">authlib/authlib#811</a></li> <li>Fix response_mode=form_post with Starlette client by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/812">authlib/authlib#812</a></li> <li>Specify README.md as project long description by <a href="https://github.com/EpicWink"><code>@EpicWink</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/817">authlib/authlib#817</a></li> <li>Migrate tests to pytest paradigm by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/813">authlib/authlib#813</a></li> <li>jose/jws: Reject unprotected ‘crit’ and enforce type; add tests by <a href="https://github.com/AL-Cybision"><code>@AL-Cybision</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/823">authlib/authlib#823</a></li> <li>Use explicit *.test urls in unit tests by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/824">authlib/authlib#824</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/EpicWink"><code>@EpicWink</code></a> made their first contribution in <a href="https://redirect.github.com/authlib/authlib/pull/817">authlib/authlib#817</a></li> <li><a href="https://github.com/AL-Cybision"><code>@AL-Cybision</code></a> made their first contribution in <a href="https://redirect.github.com/authlib/authlib/pull/823">authlib/authlib#823</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/authlib/authlib/compare/v1.6.3...v1.6.4">https://github.com/authlib/authlib/compare/v1.6.3...v1.6.4</a></p> <h2>Version 1.6.3</h2> <h2>What's Changed</h2> <ul> <li>Add diff-cover check in GHA by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/803">authlib/authlib#803</a></li> <li>Run GHA unit tests with uv by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/805">authlib/authlib#805</a></li> <li>Move from pre-commit to prek by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/804">authlib/authlib#804</a></li> <li>Sign OIDC id_token according to <code>id_token_signed_response_alg</code> client metadata by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/802">authlib/authlib#802</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/authlib/authlib/compare/v1.6.2...v1.6.3">https://github.com/authlib/authlib/compare/v1.6.2...v1.6.3</a></p> <h2>Version 1.6.2</h2> <h2>What's Changed</h2> <ul> <li>Allow insecure transport for 127.0.0.1 for debugging by <a href="https://github.com/geigerzaehler"><code>@geigerzaehler</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/788">authlib/authlib#788</a></li> <li>Raise a MissingCodeError when code parameter is missing by <a href="https://github.com/lepture"><code>@lepture</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/786">authlib/authlib#786</a></li> <li>Temporarily restore OAuth2Request body parameter by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/791">authlib/authlib#791</a></li> <li>Raise MissingCodeException when code parameter is missing by <a href="https://github.com/lepture"><code>@lepture</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/794">authlib/authlib#794</a></li> <li>Fix id_token generation with EdDSA alg by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/800">authlib/authlib#800</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/authlib/authlib/compare/v1.6.1...v1.6.2">https://github.com/authlib/authlib/compare/v1.6.1...v1.6.2</a></p> <h2>Version 1.6.1</h2> <ul> <li>Filter key set with additional "alg" and "use" parameters.</li> </ul> <h2>Version 1.6.0</h2> <ul> <li>Fix issue when <a href="https://datatracker.ietf.org/doc/html/rfc9207.html">RFC9207</a> is enabled and the authorization endpoint response is not a redirection. [pull request <a href="https://redirect.github.com/authlib/authlib/issues/733">#733</a>](<a href="https://redirect.github.com/authlib/authlib/pull/733">authlib/authlib#733</a>)</li> <li>Fix missing state parameter in authorization error responses. [issue <a href="https://redirect.github.com/authlib/authlib/issues/525">#525</a>](<a href="https://redirect.github.com/authlib/authlib/issues/525">authlib/authlib#525</a>)</li> <li>Support for acr and amr claims in id_token. [issue <a href="https://redirect.github.com/authlib/authlib/issues/734">#734</a>](<a href="https://redirect.github.com/authlib/authlib/issues/734">authlib/authlib#734</a>)</li> <li>Support for the none JWS algorithm.</li> <li>Fix response_types strict order during dynamic client registration. [issue <a href="https://redirect.github.com/authlib/authlib/issues/760">#760</a>](<a href="https://redirect.github.com/authlib/authlib/issues/760">authlib/authlib#760</a>)</li> <li>Implement <a href="https://datatracker.ietf.org/doc/html/rfc9101.html">RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)</a>. [issue <a href="https://redirect.github.com/authlib/authlib/issues/723">#723</a>](<a href="https://redirect.github.com/authlib/authlib/issues/723">authlib/authlib#723</a>)</li> <li>OIDC <a href="https://docs.authlib.org/en/latest/specs/oidc.html#authlib.oidc.core.UserInfoEndpoint">UserInfo endpoint</a> support. [issue <a href="https://redirect.github.com/authlib/authlib/issues/459">#459</a>](<a href="https://redirect.github.com/authlib/authlib/issues/459">authlib/authlib#459</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/blob/main/docs/changelog.rst">authlib's changelog</a>.</em></p> <blockquote> <h2>Version 1.6.4</h2> <p><strong>Released on Sep 17, 2025</strong></p> <ul> <li>Fix <code>InsecureTransportError</code> error raising. :issue:<code>795</code></li> <li>Fix <code>response_mode=form_post</code> with Starlette client. :issue:<code>793</code></li> <li>Validate <code>crit</code> header value, reject unprotected header in <code>crit</code> header.</li> </ul> <h2>Version 1.6.3</h2> <p><strong>Released on Aug 26, 2025</strong></p> <ul> <li>OIDC <code>id_token</code> are signed according to <code>id_token_signed_response_alg</code> client metadata. :issue:<code>755</code></li> </ul> <h2>Version 1.6.2</h2> <p><strong>Released on Aug 23, 2025</strong></p> <ul> <li>Temporarily restore <code>OAuth2Request</code> <code>body</code> parameter. :issue:<code>781</code> :pr:<code>791</code></li> <li>Allow <code>127.0.0.1</code> in insecure transport mode. :pr:<code>788</code></li> <li>Raise <code>MissingCodeException</code> when the <code>code</code> parameter is missing. :issue:<code>793</code> :pr:<code>794</code></li> <li>Fix <code>id_token</code> generation with <code>EdDSA</code> algs. :issue:<code>799</code> :pr:<code>800</code></li> </ul> <h2>Version 1.6.1</h2> <p><strong>Released on Jul 20, 2025</strong></p> <ul> <li>Filter key set with additional "alg" and "use" parameters.</li> <li>Restore and deprecate <code>OAuth2Request</code> <code>body</code> parameter. :issue:<code>781</code></li> </ul> <h2>Version 1.6.0</h2> <p><strong>Released on May 22, 2025</strong></p> <ul> <li>Fix issue when :rfc:<code>RFC9207 <9207></code> is enabled and the authorization endpoint response is not a redirection. :pr:<code>733</code></li> <li>Fix missing <code>state</code> parameter in authorization error responses. :issue:<code>525</code></li> <li>Support for <code>acr</code> and <code>amr</code> claims in <code>id_token</code>. :issue:<code>734</code></li> <li>Support for the <code>none</code> JWS algorithm.</li> <li>Fix <code>response_types</code> strict order during dynamic client registration. :issue:<code>760</code></li> <li>Implement :rfc:<code>RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR) <9101></code>. :issue:<code>723</code></li> <li>OIDC :class:<code>UserInfo endpoint <authlib.oidc.core.userinfo.UserInfoEndpoint></code> support. :issue:<code>459</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/authlib/authlib/commit/09a51855747c13771a74958e233a6bf1fd143741"><code>09a5185</code></a> chore: release 1.6.4</li> <li><a href="https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df"><code>6b1813e</code></a> chore: merge branch 'fix-jose-crit'</li> <li><a href="https://github.com/authlib/authlib/commit/99e330f2845286f100644b606890709a3432630f"><code>99e330f</code></a> Merge pull request <a href="https://redirect.github.com/authlib/authlib/issues/824">#824</a> from azmeuk/test-urls</li> <li><a href="https://github.com/authlib/authlib/commit/bd14be15b148ff6d1f4288101d8feb0a4557db7b"><code>bd14be1</code></a> test: use explicit *.test url in unit tests</li> <li><a href="https://github.com/authlib/authlib/commit/55e8517c637fb4540d44e3c46edc23542083e7ae"><code>55e8517</code></a> fix(jose): Reject unprotected ‘crit’ and enforce type; add tests (<a href="https://redirect.github.com/authlib/authlib/issues/823">#823</a>)</li> <li><a href="https://github.com/authlib/authlib/commit/06f0813901a5238dd0b94521d26a7af9064497a0"><code>06f0813</code></a> fix(jose): validate crit header when deserialize</li> <li><a href="https://github.com/authlib/authlib/commit/eb07119430e7afe52d60f885f9dda3287f80ca6b"><code>eb07119</code></a> fix(jose): validate crit header parameters</li> <li><a href="https://github.com/authlib/authlib/commit/72a00e74b684180d6c85594c6c19c1b13186a210"><code>72a00e7</code></a> fix: typo in diff-cover GHA step</li> <li><a href="https://github.com/authlib/authlib/commit/49d0f47a7faae708de02bf45b3b728fcde0218f1"><code>49d0f47</code></a> Merge pull request <a href="https://redirect.github.com/authlib/authlib/issues/813">#813</a> from azmeuk/pytest-paradigm</li> <li><a href="https://github.com/authlib/authlib/commit/bafecc468162babde7428d9829fc5b019c835a33"><code>bafecc4</code></a> Merge pull request <a href="https://redirect.github.com/authlib/authlib/issues/817">#817</a> from EpicWink/pyproject-readme</li> <li>Additional commits viewable in <a href="https://github.com/authlib/authlib/compare/v1.5.2...v1.6.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aeecleclair/Hyperion/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Better PR template (#856) ### Description Change to the pull request template to improve reviews and enable quick understanding of the nature of the changes to be reviewed. --------- Co-authored-by: Marc-Andrieu <146140470+Marc-Andrieu@users.noreply.github.com> * Remove ffsu scrapper (#859) ## Description ### Summary <!--Brief description of what this PR does.--> ### Related Issues <!-- If applicable --> Closes #<!--0--> ## Changes Made <!--Please describe the changes made in this pull request--> - ... ## Type of Change - [ ] 🐛 Bug fix (non-breaking change which fixes an issue) - [ ] ✨ New feature (non-breaking change which adds functionality) - [x] 🔨 Refactor (non-breaking change that neither fixes a bug nor adds a feature) - [ ] 🔧 Infra CI/CD (changes to configs of workflows) - [ ] 💥 BREAKING CHANGE (fix or feature that require a new minimal version of the front-end) ## Impact & Scope - [ ] Core functionality changes - [x] Single module changes - [ ] Multiple modules changes - [ ] Database migrations required - [ ] Other ## Testing - [x] Added/modified tests that pass the CI - [ ] Tested in a pre-prod - [ ] Tested this locally ## Documentation - [ ] Updated docs accordingly (docs.myecl.fr) : <!--[Docs#0 - Title](https://github.com/aeecleclair/myecl-documentation/pull/0)--> - [ ] Code includes docstrings - [x] No documentation needed ## Checklist - [x] My code follows the style guidelines of this project - [x] I have commented my code, particularly in hard-to-understand areas - [x] Any dependent changes have been merged and published (_Indicate the linked PR for the dependent changes_) ## Additional Notes Add any other context, screenshots, or information about the pull request here. * Fix challenger volunteer (#863) ## Description ### Summary <!--Brief description of what this PR does.--> ### Related Issues <!-- If applicable --> Closes #<!--0--> ## Changes Made <!--Please describe the changes made in this pull request--> - fix volunteer shift return schema - fix competition user payments endpoint access for school BDS ## Type of Change - [x] 🐛 Bug fix (non-breaking change which fixes an issue) - [ ] ✨ New feature (non-breaking change which adds functionality) - [ ] 🔨 Refactor (non-breaking change that neither fixes a bug nor adds a feature) - [ ] 🔧 Infra CI/CD (changes to configs of workflows) - [ ] 💥 BREAKING CHANGE (fix or feature that require a new minimal version of the front-end) ## Impact & Scope - [ ] Core functionality changes - [x] Single module changes - [ ] Multiple modules changes - [ ] Database migrations required - [ ] Other ## Testing - [x] Added/modified tests that pass the CI - [ ] Tested in a pre-prod - [ ] Tested this locally ## Documentation - [ ] Updated docs accordingly (docs.myecl.fr) : <!--[Docs#0 - Title](https://github.com/aeecleclair/myecl-documentation/pull/0)--> - [ ] Code includes docstrings - [x] No documentation needed ## Checklist - [x] My code follows the style guidelines of this project - [x] I have commented my code, particularly in hard-to-understand areas - [x] Any dependent changes have been merged and published (_Indicate the linked PR for the dependent changes_) ## Additional Notes Add any other context, screenshots, or information about the pull request here. * Change team edition permissions (#865) ## Description ### Summary <!--Brief description of what this PR does.--> Allow school BDS to modify school's teams ### Related Issues <!-- If applicable --> Closes #<!--0--> ## Changes Made <!--Please describe the changes made in this pull request--> - ... ## Type of Change - [x] 🐛 Bug fix (non-breaking change which fixes an issue) - [x] ✨ New feature (non-breaking change which adds functionality) - [ ] 🔨 Refactor (non-breaking change that neither fixes a bug nor adds a feature) - [ ] 🔧 Infra CI/CD (changes to configs of workflows) - [ ] 💥 BREAKING CHANGE (fix or feature that require a new minimal version of the front-end) ## Impact & Scope - [ ] Core functionality changes - [x] Single module changes - [ ] Multiple modules changes - [ ] Database migrations required - [ ] Other ## Testing - [x] Added/modified tests that pass the CI - [ ] Tested in a pre-prod - [ ] Tested this locally ## Documentation - [ ] Updated docs accordingly (docs.myecl.fr) : <!--[Docs#0 - Title](https://github.com/aeecleclair/myecl-documentation/pull/0)--> - [ ] Code includes docstrings - [x] No documentation needed ## Checklist - [x] My code follows the style guidelines of this project - [x] I have commented my code, particularly in hard-to-understand areas - [x] Any dependent changes have been merged and published (_Indicate the linked PR for the dependent changes_) ## Additional Notes Add any other context, screenshots, or information about the pull request here. * HelloAsso: retry without payer info for BadRequestException (400) (#857) in addition to UnauthorizedException (403) I think HelloAsso probably changed its error code when the PayerInfo contains invalid data * Deploy/single stage docker (#852) This pull request is part of a clarification process aimed at simplifying handovers and maintainability. Here, it is a clean-up of the Docker image build. The multi-stage build of the Docker image is not at all suitable in our case, and was used to create a kind of ‘cache’, which can in fact be easily resolved as mentioned in the FastAPI documentation as a Docker ‘trick’. The idea is to use --upgrade on pip install to take advantage of layer caching. [Reference FastAPI](https://fastapi.tiangolo.com/deployment/docker/?h=docke#docker-cache) In addition, using a slim image means that only the strictly necessary tools are included. A multi-stage build image is relevant in the case of a compilation where the code is subsequently executed in a lighter environment, which then contains fewer vulnerabilities and is lighter. The publish.yml has therefore been restored to its original version. --------- Co-authored-by: Rayan <rbelahcene10@gmail.com> * Bump authlib from 1.6.4 to 1.6.5 (#869) Bumps [authlib](https://github.com/authlib/authlib) from 1.6.4 to 1.6.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/blob/main/docs/changelog.rst">authlib's changelog</a>.</em></p> <blockquote> <h2>Version 1.6.5</h2> <p><strong>Released on Oct 2, 2025</strong></p> <ul> <li>RFC7591 <code>generate_client_info</code> and <code>generate_client_secret</code> take a <code>request</code> parameter.</li> <li>Add size limitation when decode JWS/JWE to prevent DoS.</li> <li>Add size limitation for <code>DEF</code> JWE zip algorithm.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/authlib/authlib/commit/9ec42561cd1a81b518598d252f8adbcf446f7419"><code>9ec4256</code></a> chore: release 1.6.5</li> <li><a href="https://github.com/authlib/authlib/commit/b62b5b27577db038133f7453dacc534d6a3b06a5"><code>b62b5b2</code></a> Merge branch 'fix-GHSA-pq5p-34cr-23v9'</li> <li><a href="https://github.com/authlib/authlib/commit/e0863d5129316b1790eee5f14cece32a03b8184d"><code>e0863d5</code></a> Merge pull request <a href="https://redirect.github.com/authlib/authlib/issues/830">#830</a> from authlib/fix-GHSA-g7f3-828f-7h7m</li> <li><a href="https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e"><code>867e3f8</code></a> fix(jose): add size limitation to prevent DoS</li> <li><a href="https://github.com/authlib/authlib/commit/75ad6d4d625613d9d6cbbb91f5b559e071d8493b"><code>75ad6d4</code></a> Merge pull request <a href="https://redirect.github.com/authlib/authlib/issues/828">#828</a> from authlib/dependabot/github_actions/dot-github/wor...</li> <li><a href="https://github.com/authlib/authlib/commit/68b982352d9b20c3e859fc3af30308ca9855ef57"><code>68b9823</code></a> chore(deps): bump SonarSource/sonarqube-scan-action</li> <li><a href="https://github.com/authlib/authlib/commit/5bdfc4bfff8380620ed5ec55ba7a06d96cac3365"><code>5bdfc4b</code></a> Merge pull request <a href="https://redirect.github.com/authlib/authlib/issues/827">#827</a> from lisongmin/support-list-params-in-prepare-grant-uri</li> <li><a href="https://github.com/authlib/authlib/commit/30ea3c5f85a9640cd08562db2c6fd9d3e4a9bfef"><code>30ea3c5</code></a> feat: support list params in prepare_grant_uri</li> <li><a href="https://github.com/authlib/authlib/commit/4b5b5703394608124cd39e547cc7829feda05a13"><code>4b5b570</code></a> fix(jose): add max size for JWE zip=DEF decompression</li> <li><a href="https://github.com/authlib/authlib/commit/6e35a02ecf3c22d27249e6ed9fa07e544314ebe9"><code>6e35a02</code></a> Merge pull request <a href="https://redirect.github.com/authlib/authlib/issues/825">#825</a> from azmeuk/request-params</li> <li>Additional commits viewable in <a href="https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aeecleclair/Hyperion/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Use lowercase for workflow cache (#870) ## Description ### Summary <!--Brief description of what this PR does.--> ### Related Issues <!-- If applicable --> Closes #<!--0--> ## Changes Made <!--Please describe the changes made in this pull request--> - ... ## Type of Change - [x] 🐛 Bug fix (non-breaking change which fixes an issue) - [ ] ✨ New feature (non-breaking change which adds functionality) - [ ] 🔨 Refactor (non-breaking change that neither fixes a bug nor adds a feature) - [x] 🔧 Infra CI/CD (changes to configs of workflows) - [ ] 💥 BREAKING CHANGE (fix or feature that require a new minimal version of the front-end) ## Impact & Scope - [ ] Core functionality changes - [ ] Single module changes - [ ] Multiple modules changes - [ ] Database migrations required - [x] Other ## Testing - [ ] Added/modified tests that pass the CI - [ ] Tested in a pre-prod - [ ] Tested this locally ## Documentation - [ ] Updated docs accordingly (docs.myecl.fr) : <!--[Docs#0 - Title](https://github.com/aeecleclair/myecl-documentation/pull/0)--> - [ ] Code includes docstrings - [ ] No documentation needed ## Checklist - [x] My code follows the style guidelines of this project - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] Any dependent changes have been merged and published (_Indicate the linked PR for the dependent changes_) ## Additional Notes Add any other context, screenshots, or information about the pull request here. Co-authored-by: NakoGH <rbelahcene10@gmail.com> * Use inline cache for workflows (#872) ## Description ### Summary <!--Brief description of what this PR does.--> ### Related Issues <!-- If applicable --> Closes #<!--0--> ## Changes Made <!--Please describe the changes made in this pull request--> - ... ## Type of Change - [x] 🐛 Bug fix (non-breaking change which fixes an issue) - [ ] ✨ New feature (non-breaking change which adds functionality) - [ ] 🔨 Refactor (non-breaking change that neither fixes a bug nor adds a feature) - [ ] 🔧 Infra CI/CD (changes to configs of workflows) - [ ] 💥 BREAKING CHANGE (fix or feature that require a new minimal version of the front-end) ## Impact & Scope - [ ] Core functionality changes - [ ] Single module changes - [ ] Multiple modules changes - [ ] Database migrations required - [x] Other ## Testing - [ ] Added/modified tests that pass the CI - [ ] Tested in a pre-prod - [ ] Tested this locally ## Documentation - [ ] Updated docs accordingly (docs.myecl.fr) : <!--[Docs#0 - Title](https://github.com/aeecleclair/myecl-documentation/pull/0)--> - [ ] Code includes docstrings - [ ] No documentation needed ## Checklist - [ ] My code follows the style guidelines of this project - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] Any dependent changes have been merged and published (_Indicate the linked PR for the dependent changes_) ## Additional Notes Add any other context, screenshots, or information about the pull request here. * fix : Dockerfile entrypoint (#873) ## Description ### Summary <!--Brief description of what this PR does.--> ### Related Issues <!-- If applicable --> Closes #<!--0--> ## Changes Made <!--Please describe the changes made in this pull request--> - ... ## Type of Change - [x] 🐛 Bug fix (non-breaking change which fixes an issue) - [ ] ✨ New feature (non-breaking change which adds functionality) - [ ] 🔨 Refactor (non-breaking change that neither fixes a bug nor adds a feature) - [x] 🔧 Infra CI/CD (changes to configs of workflows) - [ ] 💥 BREAKING CHANGE (fix or feature that require a new minimal version of the front-end) ## Impact & Scope - [ ] Core functionality changes - [ ] Single module changes - [ ] Multiple modules changes - [ ] Database migrations required - [ ] Other ## Testing - [ ] Added/modified tests that pass the CI - [ ] Tested in a pre-prod - [x] Tested this locally ## Documentation - [ ] Updated docs accordingly (docs.myecl.fr) : <!--[Docs#0 - Title](https://github.com/aeecleclair/myecl-documentation/pull/0)--> - [ ] Code includes docstrings - [ ] No documentation needed ## Checklist - [ ] My code follows the style guidelines of this project - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] Any dependent changes have been merged and published (_Indicate the linked PR for the dependent changes_) ## Additional Notes Add any other context, screenshots, or information about the pull request here. * Challenger data exporter (#878) ## Description ### Summary Allow admin to export data as xlsx ## Changes Made <!--Please describe the changes made in this pull request--> - ... ## Type of Change - [ ] 🐛 Bug fix (non-breaking change which fixes an issue) - [x] ✨ New feature (non-breaking change which adds functionality) - [ ] 🔨 Refactor (non-breaking change that neither fixes a bug nor adds a feature) - [ ] 🔧 Infra CI/CD (changes to configs of workflows) - [ ] 💥 BREAKING CHANGE (fix or feature that require a new minimal version of the front-end) ## Impact & Scope - [ ] Core functionality changes - [x] Single module changes - [ ] Multiple modules changes - [ ] Database migrations required - [ ] Other ## Testing - [x] Added/modified tests that pass the CI - [x] Tested …
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
in addition to UnauthorizedException (403)
I think HelloAsso probably changed its error code when the PayerInfo contains invalid data