- Changed the 'contact us' link to point to our support form, not the
Notify homepage
- Updated the link to the details about CHECK based testing, since the
site we were linking to no longer exists.
We can’t upgrade Jinja or Werkzeug until we’re on Flask 2.x.x. We can’t
upgrade Flask to 1.1.3 because it pins older versions of Jinja and
Werkzeug than the ones we’re using. We can’t upgrade Flask to 2.x.x
until we upgrade itsdangerous to 2.x.x, which is blocked by
https://github.com/alphagov/notifications-admin/pull/4044/files
Similar to the bug shown here
https://www.pivotaltracker.com/story/show/181513431, but to fix the case
when previewing a letter send using a CSV upload it wasn't using
template values to calculate the page length.
`.xlsm` files are like `.xlxs` files but with macros enabled. They store
data in the same XML-based format as `.xlsx` files.
Pyexcel will try to use the xlrd package to parse `.xlsm` files. This
used to work because xlrd used to support reading `.xlsx` files. xlrd
has dropped support for `.xlsx` files in version 2 because of security
concerns. This means that when pyexcel asks xlrd to parse a `.xlsm` file
it causes an error.
This commit adds some branching to force `.xlsm` files to be opened
with pyexcel-xlsx instead, which does support `.xlsx` files.
xlrd is a library for reading data and formatting information from
Excel files in the historical .xls format.
Version 2 of xlrd no longer supports anything other than .xls files.
We were using it to also support reading .xlsm files (old Excel files
with macro support).
We could keep using the old version of this dependency, but hopefully
this niche version of an ancient file format is obscure enough that
no-one is using it, and we can drop support, keeping our dependencies
up to date.
We removed whitespace in the HTML of the copy to clipboard component
in https://github.com/alphagov/notifications-admin/pull/4236/files
When the Javascript on the page loads it re-renders the component,
using HTML which is embedded in the .js file.
This means we also need to apply the same change to the .js file
to remove any extraneous whitespace.
This means we can use tools like "npm audit" to look for security
vulnerabilities we definitely need to fix as they could pose a
direct risk to users. I've checked each of them with @tombye and
also against an external set of principles [^1].
Note: I've skimmed through the package-lock.json to check the only
changes are to add "dev: true", as well as a few integrity hashes.
[^1]: https://betterprogramming.pub/is-this-a-dependency-or-a-devdependency-678e04a55a5c
If there is whitespace in the element containing the value to be copied
then Firefox[1] includes that space in the value it puts in the clipboard.
This is obviously annoying since `foo-bar` might be a valid API key where
`foo-bar ` is not.
This commit fixes that by using the `-` in Jinja to gobble whitespace.
I also looked at doing this in the Javascript, but the browser API for
selecting some text and copying it doesn’t give an obvious place for
using `String.prototype.trim()`.
1. Tested with Firefox 100.0 on Mac OS 12.2.1
When we changed the layout for each alert on the
current/past/rejected alerts pages to use flexbox,
we added a fallback for older browsers that set
text-align: justify on the container:
https://github.com/alphagov/notifications-admin/pull/4171
This has led to items in the list of areas an
alert will be sent to being laid out as justified
content when they were left-aligned.
These changes set the correct alignment.
We can’t upgrade to Werkzeug 2.1.0 because the `BaseResponse` class
has been renamed. The old version of Flask we are using tries to import
`BaseResponse` causing an error.
See https://github.com/pallets/werkzeug/issues/1963
We can’t upgrade to Jinja 3.1.0 because the `escape` module has been
moved to the `markupsafe` library. The old version of Flask we are
using tries to import `escape` from `jinja2`, causing an error.
See https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-0
At the moment if a user is pending we don’t show the ‘change’ link.
This is unhelpful because:
- there’s no way to remove this user
- there’s no way to change their phone number, if the reason that
they are still pending is because they’ve been unable to receive
the two factor code at the number they first provided
