Releases: alephdata/aleph
4.0.2
We're announcing the release of Aleph 4.0.2 (and ingest-file 4.0.2) and highly recommend users of the 4.x branches to update to this release.
What's changed
- Update to servicelayer 1.23.2 which fixes a significant performance regression noticeable especially when there are > 10000 tasks per dataset being processed
Full Changelog: 4.0.1...4.0.2
4.0.1
We're announcing the release of Aleph 4.0.1
(and ingest-file
4.0.1
) and highly recommend users of the 4.x
branches to update to this release.
What's changed
Bugfix
- Update to using servicelayer 1.23.1 which fixes an issue with improper clean-up when a task exhausts it's maximum number of retries
Full Changelog: 4.0.0...4.0.1
4.0.0
Hello Aleph community! We’re excited to announce Aleph 4.0.0, a release focused on powerful new features, performance improvements, and expanded options for investigation sharing and user metrics. In addition, this release includes a few other small enhancements, bug fixes and dependency upgrades.
🚀 Bigger Changes 🚀
- RabbitMQ based task queueing backend
- Configurable AlephWorker Stages
- Priority Buckets for Processing
- System Status Page Enhancements
- Updated Prometheus Metrics
- Documentation Restructure and Enhancements
- Improved Error Handling in Elasticsearch Upgrades
As always, we’d love to hear your feedback to keep improving. Feel free to reach out and share your thoughts!
What's Changed
Features
RabbitMQ
4.0.0 introduces a change to the way background tasks are scheduled. Previously Aleph used a Redis-based task queue, which was well designed but showed its limitations with large payloads and a risk of data loss. RabbitMQ queues are persisted to disk, but the flexibility in the way messages are queued, routed and fetched allows for certain optimizations which Aleph benefits from because of the widely varying degree of task loads.
Migration notes from Redis to RabbitMQ
Due to the significant changes in terms of task status persistence, switching between Aleph versions with RabbitMQ and Redis-based task queues requires some manual steps in order to ensure data consistency.
Perform the following steps every time you are either upgrading to a version with the RabbitMQ task queue or rolling back to the Redis-based task queue:
- Let all pending jobs run to completion (check the status page).
- Put Aleph into maintenance mode.
- Stop all workers (
worker
,ingest-file
processes). - (optional) Save the current state of redis in case you want to roll back using the BGSAVE command.
- Clear Redis (by issuing FLUSHDB from
redis-cli
from theredis
container). If you get the error message "Unknown command FLUSHDB" then this command is disabled and you can resort to this shell invocation:echo 'KEYS *' | redis-cli | grep -v '^aleph:' | sed 's/^/DEL /' | redis-cli
. - (optional, if previous versions had conflicting RabbitMQ queue settings) Delete existing queues using
rabbitmqctl delete queue {ingest,pruneentity,updateentity,exportxref,analyze,flushmapping,reingest,exportsearch,index,xref,reindex,loadmapping}
. NOTE: queues are named after the stages found in ALEPH_WORKER_STAGES. - Perform the upgrade or rollback to the desired version of Aleph.
- Ensure that all expected processes have started correctly.
Related changes:
- Dynamically set AlephWorker stages through env vars by @catileptic in #3748
- Completely remove network diagram embeds feature by @tillprochaska in #3751
- Feature: Priority buckets by @stchris in #3784
- Separate index worker from other stages in aleph-worker by @stchris in #3817
Prometheus metrics
We have extended the Prometheus metrics exposed by Aleph to provide more information about active users and the data in your Aleph instance. For example, you can now query for the number of active users within the past 30 days or the number of investigations related to a particular language. For details about the available metrics please refer to the metrics reference in the technical documentation.
- New and updated Prometheus metrics by @tillprochaska in #3844
- Update Prometheus metrics reference by @tillprochaska in #3845
- Fix active users metric by @tillprochaska in #3852
- Fix edge cases in custom metrics by @tillprochaska in #3861
Sharing investigations
Due to the sensitive nature of dataset access we have made some changes to the way datasets are shared, no longer allowing email addresses to autocomplete. This means one needs to know the exact email address of another user if they want to share an investigation.
- Feature: Allow sharing of investigations by @tillprochaska in #3865
- Remove sharing options from create investigation screen by @stchris in #3862
- Multiple small UX enhancements related to investigation sharing/user suggestion component by @tillprochaska in #3868
Other new features
- Display start and last updated timestamp on system status page by @tillprochaska in #3788
- Display an error message for blocked users by @tillprochaska in #3560
- aleph CLI command to downgrade the postgres DB by @stchris in #3858
Bug fixes and other changes
- Use default language when Accept-Language header is '*' by @stchris in #3724
- Exit op_index early in Aleph Worker by @catileptic in #3781
- Automatically post releases to Discourse by @stchris in #3728
- Fix phone numbers used in tests by @tillprochaska in #3847
- Remove bookmarks migration by @tillprochaska in #3752
- Fix docker compose command by @tillprochaska in #3843
- Improve date formats on status page by @tillprochaska in #3841
- Aleph upgrade will throw an exception if any ES call returns a status code < 399 by @catilepticin #3859
- Fix ES index upgrades when using index aliases by @tillprochaska in #3863
Documentation updates
- Docs: Restructure tech docs by @tillprochaskain #3569
- Misc documentation enhancements by @tillprochaska in #3819
- Docs: added a small amount of text for people looking to get started but are not aware of gitflow by @Rosencrantz in #3707
- Docs: link to download raw docker compose files instead of HTML by @vsessink in #3778
- Docs: Improved order of commands for first time setup by @vsessink in #3779
- Docs: Document how to set up MinIO in a development environment by @tillprochaska in #3857
- Docs: Document how to download files using alephclient by @tillprochaska in #3848
- Update form links in docs by @tillprochaska in #3850
- Update form links on about page etc. by @tillprochaska in #3851
Dependency updates
- Bugfix/downgrade authlib in 3.16.0 by @stchris in #3574
- Bump gunicorn[eventlet] from 21.2.0 to 22.0.0 by @dependabot in #3689
- Bump flask and authlib (as required to run flask 3+) by @stchris in #3732
- Bump react-pdf from 5.7.2 to 7.7.3 in /ui by @dependabot in #3726
Full Changelog: 3.17.0...4.0.0
3.17.0
Note
Please note that we skipped version 3.16.0. That means the previous version before this version is 3.15.6.
Important
This version upgrades a dependency, react-pdf, in order to mitigate a security vulnerability in a transitive dependency. The Aleph UI uses react-pdf to render PDF previews. We recommend that you update Aleph instances that you operate to the latest patched releases.
What's Changed
- Remove ignored versions from Dependabot config by @tillprochaska in #3400
- Do not trigger UI workflow when Python dependencies are updated by @tillprochaska in #3396
- Set up grouped Dependabot updates by @tillprochaska in #3401
- Fix Dependabot group pattern by @tillprochaska in #3488
- Bump @babel/traverse from 7.22.8 to 7.23.2 in /docs by @dependabot in #3411
- Bump yaml from 2.3.2 to 2.3.4 in /ui by @dependabot in #3480
- Bump react-router-dom from 6.16.0 to 6.18.0 in /ui by @dependabot in #3436
- Bump react-countup from 6.4.2 to 6.5.0 in /ui by @dependabot in #3445
- Bump undici from 5.22.1 to 5.26.3 in /docs by @dependabot in #3408
- Bump @alephdata/followthemoney from 3.5.4 to 3.5.5 in /ui by @dependabot in #3467
- Fix data access form link in terms by @tillprochaska in #3416
- Suggest alephclient for uploading lots of files instead of UI by @stchris in #3483
- Add worker scaling docs by @stchris in #3492
- Explicitly disable servicelayer worker threads in Helm chart & env by @stchris in #3491
- Update K8s example by @tillprochaska in #3493
- Update translations by @stchris in #3497
- Update playwright to 1.40 by @stchris in #3498
- Add cleaned option by @ksotik in #3234
- Fix formatting by @stchris in #3526
- added ignored settings test by @brassy-endomorph in #3379
- Don't tag images starting with test- as latest by @stchris in #3525
- Don't push helm charts prefixed test- by @stchris in #3528
- chore: dependabot: group dev dependency bumps by @stchris in #3531
- Bump ruff from 0.0.292 to 0.1.6 by @dependabot in #3499
- Bump the dev-dependencies group with 2 updates by @dependabot in #3534
- Add linter run to PR checks by @stchris in #3548
- Update faker requirement from <8.0.0,>=5.6.0 to >=5.6.0,<23.0.0 by @dependabot in #3559
- Bump apispec from 6.3.0 to 6.3.1 by @dependabot in #3557
- Bump the dev-dependencies group with 1 update by @dependabot in #3556
- Bump authlib from 0.15.5 to 1.3.0 by @dependabot in #3541
- Bump alembic from 1.12.0 to 1.13.1 by @dependabot in #3536
- Bump python-frontmatter from 1.0.0 to 1.0.1 by @dependabot in #3509
- Bump marshmallow from 2.19.2 to 3.20.1 by @dependabot in #3468
- Bump jsonschema from 4.19.1 to 4.20.0 by @dependabot in #3505
- Bump blinker from 1.6.2 to 1.7.0 by @dependabot in #3464
- Bump normality from 2.4.0 to 2.5.0 by @dependabot in #3456
- Bump flask-babel from 3.1.0 to 4.0.0 by @dependabot in #3460
- Replace MinIO Helm chart with chart maintained by Bitnami by @tillprochaska in #3567
- Metrics by @tillprochaska in #3216
- Stringify sanitized HTML as HTML (not XML) by @tillprochaska in #3575
- Don't rename existing collections when running crawldir by @adryd325 in #3573
- Don't override collection label when running crawldir several times by @stchris in #3579
- Fix instructions on how to enable Prometheus in local Kubernetes cluster by @tillprochaska in #3580
- Fix link target in user guide by @tillprochaska in #3607
- Fix default Dockerfile command by @tillprochaska in #3608
- Document how to enable postgres query logging by @stchris in #3616
- docs: update memorious link by @DavidLemayian in #3639
- Update documentation on user registrations on aleph.occrp.org by @tillprochaska in #3643
- Fix documentation links by @tillprochaska in #3667
- Change label for email address facets and statistics to remove ambiguity by @tillprochaska in #3671
- Use pytest instead of 👃 by @stchris in #3673
- Bump playwright/python from v1.41.0-focal to v1.42.0-focal in /e2e by @dependabot in #3660
- Bump the dev-dependencies group with 4 updates by @dependabot in #3678
- Remove references to convert-document by @friendly-wolfbat in #3681
- Temporarily roll back changes to Docker Compose config by @tillprochaska in #3683
- Keep Playwright versions in sync by @stchris in #3687
- Add playwright version build arg to run step by @stchris in #3699
- Playwright fixes (cherry-picked from develop) by @stchris in #3700
- Fix broken link in docs by @stchris in #3701
- Bump sentry-sdk[flask] from 1.31.0 to 2.0.1 by @dependabot in #3714
- Bump the dev-dependencies group across 1 directory with 3 updates by @dependabot in #3713
- Bump jsonschema from 4.20.0 to 4.22.0 by @dependabot in #3712
- Update index.mdx by @vsessink in #3706
- Bump marshmallow from 3.20.1 to 3.21.1 by @dependabot in #3651
- Bump followthemoney-store[postgresql] from 3.0.6 to 3.1.0 by @dependabot in #3652
- Bump flask-migrate from 4.0.5 to 4.0.7 by @dependabot in #3645
- Bump python-frontmatter from 1.0.1 to 1.1.0 by @dependabot in #3598
- Bump blinker from 1.7.0 to 1.8.1 by @dependabot in #3711
- Bump followthemoney from 3.5.8 to 3.5.9 by @dependabot in #3604
- Update faker requirement from <23.0.0,>=5.6.0 to >=5.6.0,<26.0.0 by @dependabot in #3709
- Bump react-pdf from 5.7.2 to 7.7.3
New Contributors
- @ksotik made their first contribution in #3234
- @adryd325 made their first contribution in #3573
- @friendly-wolfbat made their first contribution in #3681
- @vsessink made their first contribution in #3706
Full Changelog: 3.15.6...3.17.0
3.15.6
During a routine security audit of Aleph we’ve become aware of
Please find detailed information about the patched vulnerabilities below:
Downloaded source files are opened automatically
Summary
As part of the investigations feature, users can upload files to Aleph. The detail view in Aleph offers a sanitized preview of a file, but Aleph also allows users to download (unsanitized) source files. When downloading a source file, Aleph displays a confirmation prompt warning that source files may contain malware or notify the originator of the file.
After downloading a source file, files are opened automatically in the same browser window if the file’s MIME type is supported by the browser. This contradicts the warning that is displayed before downloading the file and potentially enables phishing attacks. For instance, an HTML file resembling the Aleph login interface could be uploaded for this purpose.
Affected versions
Aleph versions up to and including 3.15.5.
The vulnerability is exploitable if you have configured your Aleph instance to use Google Cloud Storage or AWS S3 (or a service compatible with S3) as a storage backend for files uploaded to Aleph via the “ARCHIVE_TYPE” configuration option. The default storage backend that stores files on the local file system is not affected.
Solution
Aleph versions 3.15.6 and newer contain a patch for this vulnerability. Patched versions set the “Content-Disposition” header to instruct browsers to download files as an attachment instead of opening them after the download has completed.
HTML injection in notification emails
Summary
Aleph sends a daily notification digest via email to users. Notification digests are enabled by default and can be disabled by users.
When a user creates an investigation and then shares it with another user who has daily notification digests enabled, the name of the user who created the investigation and the name of the investigation aren’t properly sanitized or encoded.
This means that links and other HTML markup included in the user’s name or in the investigation name will be rendered as is in the notification email which can enable (targeted) phishing campaigns.
Affected versions
Aleph versions up to and including 3.15.5.
The vulnerability is exploitable if you have set up email sending for your Aleph instance via the “ALEPH_MAIL_*” configuration options.
Solution
Aleph versions 3.15.6 and newer contain a patch for this vulnerability. Patched versions properly encode user-controlled data in notification emails.
Unauthorized access to mapping metadata
Summary
Aleph allows users to create entity mappings for uploaded spreadsheets. Using this feature, rows in a spreadsheet can be converted to FollowTheMoney entities in an investigation.
The access controls in the API endpoints for the mappings feature contain a bug that allows users without read or write access to the collection to view, update, trigger, and delete mappings as well as to delete or modify entities generated using a mapping.
The bug allows unauthorized access to the following mapping metadata:
- Mapping definition (this includes column names in the source spreadsheet)
- ID of the investigation a mapping belongs to
- User ID of the user who created the mapping
- Creation and update timestamps
- Mapping status (“pending”/”successful”/”error” and the error message in case the status is “error”)
- Entity ID of the source table
The bug does not allow users to view the entities generated from the mappings or the contents of the source spreadsheet.
Affected versions
Aleph versions up to and including 3.15.5.
Solution
Aleph versions 3.15.6 and newer contain a patch for this vulnerability. Patched versions properly verify user permissions when sending requests to the API endpoints for the mappings feature.
Unauthorized overrides of investigation and dataset metadata
Summary
Aleph allows users to manage metadata for investigations and datasets, including a label and a description as well as URLs to the publisher and source of the data. The metadata is displayed in the Aleph UI when viewing investigations and datasets.
Aleph allows users to specify a “foreign_id” when creating new investigations or datasets. The “foreign_id” can be used to reference the investigation or dataset when using the Aleph API or the alephclient CLI.
Due to a bug, when creating a new investigation or dataset with a “foreign_id” that is already used by another investigation or dataset, Aleph updates the metadata of the existing investigation/dataset instead of failing.
This bug allows users without the necessary permissions to update investigation and dataset metadata.
However, the bug does not allow unauthorized users to view investigation and dataset metadata or data added or uploaded to the investigation or dataset.
Affected versions
Aleph versions up to and including 3.15.5.
Solution
Aleph versions 3.15.6 and newer contain a patch for this vulnerability. Patched versions properly verify user permissions when creating or updating investigations or datasets.
Unauthorized access to uploaded files
Summary
Aleph allows uploading files to investigations and datasets. When a file is uploaded Aleph computes a checksum of the file contents and stores the checksum in the database. The uploaded file can later be retrieved using checksum as a reference. File checksums are represented as strings of hexadecimal characters, for example “ae9ce53fa78166704f5990601ec412d73fb1698a”.
Due to a bug in ingest-file users are able to upload specifically crafted files in order to create file records in the database with arbitrary checksums. This allows users to download files they do not have access to if they know the checksum of the file contents.
Affected versions
ingest-file versions up to and including 3.20.2. ingest-file is the component responsible for handling files you upload to Aleph.
Solution
ingest-file versions 3.20.3 and newer contain a patch for this vulnerability. The patch removes the ability to upload JSONL files that contain entities in the FollowTheMoney format to Aleph. If you have previously used this feature to create FollowTheMoney entities in Aleph in bulk, we recommend that you use the bulk endpoint of the Aleph API instead.
3.15.5
What's Changed
- Bump
followthemoney
to3.5.8
- Bump
ingest-file
to3.20.0
(also usingfollowthemoney 3.5.8
)
Full Changelog: 3.15.4...3.15.5
3.15.4
What's Changed
- Helm chart: use
autoscaling/v2
API instead ofautoscaling/v2beta1
by @richardjennings-occrp in #3327 (fixes #2998)
- Github Actions: use auth action before setup-gcloud in #3415
Full Changelog: 3.15.3...3.15.4
3.15.3
What's Changed
- Improved Dockerfile to reduce image size by @tdurieux in #2801
- Updated SECURITY.md by @tillprochaska in #3218
- New user guide by @tillprochaska in #3223
- Make it possible to manually trigger a docs deployment by @tillprochaska in #3226
- Add redirects for old user guide links by @tillprochaska in #3229
- Updated dev environment by @monneyboi in #3205
⚠️ NOTE⚠️ : this will upgrade the postgres container in the development environment from version 10 to 15 and since the data files are binary incompatible you need to either manually update them (for instance using this) or by cleaning out your local postgres volumes (docker volume rm aleph_postgres-data aleph_postgres-data-e2e
followed bymake upgrade
) - Remove query_string_query function, remove fields from highlight query by @monneyboi in #3280
- Add
make format-check
as pull request "check" by @monneyboi in #3282
Dependency upgrades
- Bump semver from 6.3.0 to 6.3.1 in /docs by @dependabot in #3212
- Bump followthemoney from 3.4.4 to 3.5.2 by @dependabot in #3305
- Bump sentry-sdk[flask] from 1.21.0 to 1.30.0 by @dependabot in #3306
- Bump pytest-playwright from 0.3.3 to 0.4.2 by @dependabot in #3308
- Bump flask-talisman from 1.0.0 to 1.1.0 by @dependabot in #3303
- Bump fingerprints from 1.0.3 to 1.1.1 by @dependabot in #3298
- Bump ruff from 0.0.270 to 0.0.287 by @dependabot in #3319
- Bump playwright from 1.32.1 to 1.37.0 by @dependabot in #3304
- Bump jsonschema from 4.17.3 to 4.19.0 by @dependabot in #3310
- Bump flask from 2.3.2 to 2.3.3 by @dependabot in #3297
- Bump babel from 2.11.0 to 2.12.1 by @dependabot in #2900
- Bump pyyaml from 6.0 to 6.0.1 by @dependabot in #3270
- Bump pantomime from 0.5.3 to 0.6.1 by @dependabot in #3261
- Bump black from 23.3.0 to 23.7.0 by @dependabot in #3259
- Bump flask-cors from 3.0.10 to 4.0.0 by @dependabot in #3202
- Bump sqlalchemy from 2.0.17 to 2.0.20 by @dependabot in #3296
- Bump followthemoney-store[postgresql] from 3.0.5 to 3.0.6 by @dependabot in #3307
- Bump servicelayer[amazon,google] from 1.21.0 to 1.21.2 by @dependabot in #3300
- Bump gunicorn[eventlet] from 20.1.0 to 21.2.0 by @dependabot in #3268
- Bump authlib from 0.15.5 to 1.2.1 by @dependabot in #3201
- Bump alembic from 1.8.1 to 1.12.0 by @dependabot in #3311
- Bump flask-migrate from 3.1.0 to 4.0.4 by @dependabot in #2868
- Update cryptography requirement from <38.0.0,>=36.0.0 to >=36.0.0,<42.0.0 by @dependabot in #3110
- Update pyjwt requirement from <2.6.0,>=2.0.1 to >=2.0.1,<2.9.0 by @dependabot in #3269
New Contributors
Full Changelog: 3.15.1...3.15.3
3.15.1
What's Changed
- Document how to enable IAM role-based auth between EC2 and S3 by @zekehuntergreen in #3206
- Add simple script to generate test emails by @tillprochaska in #3207
- Derive "safeHtml" from all "bodyHtml" values by @tillprochaska in #3168
- Fix user guide link by @tillprochaska in #3228
- Recommend ingest-file 3.19.2
Dependency upgrades
- Bump @types/node from 18.16.16 to 18.16.19 in /ui by @dependabot in #3198
- Bump @alephdata/followthemoney from 3.4.0 to 3.4.3 in /ui by @dependabot in #3193
- Bump sass from 1.62.1 to 1.63.6 in /ui by @dependabot in #3192
- Bump react-router-dom from 6.11.2 to 6.14.1 in /ui by @dependabot in #3191
- Bump recharts from 2.6.2 to 2.7.2 in /ui by @dependabot in #3189
- Bump react-intl from 6.4.2 to 6.4.4 in /ui by @dependabot in #3147
- Bump @formatjs/intl-locale from 3.3.0 to 3.3.2 in /ui by @dependabot in #3146
- Bump @formatjs/intl-relativetimeformat from 11.2.2 to 11.2.4 in /ui by @dependabot in #3143
- Bump @formatjs/cli from 6.1.1 to 6.1.3 in /ui by @dependabot in #3140
- Bump @formatjs/intl-pluralrules from 5.2.2 to 5.2.4 in /ui by @dependabot in #3137
- Bump semver from 6.3.0 to 6.3.1 in /ui by @dependabot in #3210
- Bump tough-cookie from 4.1.2 to 4.1.3 in /ui by @dependabot in #3208
New Contributors
- @zekehuntergreen made their first contribution in #3206
Full Changelog: 3.15.0...3.15.1
3.15.0
What's Changed
- User group management in the aleph command-line tool by @micahflee in #3127
- Implement server-side bookmarks by @tillprochaska in #2843
- Add Sentry support for ingest-file and worker by adding the SENTRY_DSN secret to the helm chart by @stchris in #3181
- Use fuzzy search for collections search by @tillprochaska in #3092
- Show timeline items with invalid dates by @tillprochaska in #2963
- Add existing entities to timelines by @tillprochaska in #3005
- Allow users to add timeline items with times by @tillprochaska in #3014
- Fix whitespace in timelines chart view by @tillprochaska in #3102
- Add additional confirmation UI before destructive actions by @tillprochaska in #3006
- Send null value if collection metadata fields are empty by @tillprochaska in #3061
- Updated followthemoney documentation links by @stchris in #2951
- Fix flaky test by @tillprochaska in #3011
- Fix incorrect concurrency settings for docs workflow by @tillprochaska in #3054
- Fix search highlights disappearing when opening entity previews by @tillprochaska in #3093
- Delete workflow that adds new issues and PRs to a project by @tillprochaska in #3101
- In-app feedback for document previews and OCR by @tillprochaska in #3096
- Fixes for the UI docker image (remove the python package) by @stchris in #3129
- Remove convert document by @stchris in #2755
- Use Ruff for linting by @stchris in #3089
- Hotfix/UI docker remove python by @stchris in #3158
- Disable ES security in the development docker setup by @catileptic in #3134
- Make code reloading work by @stchris in #3169
- Remove deprecated --eager-loading parameter by @stchris in #3175
- Update migrations to SQLAlchemy 2.x by @stchris in #3177
- Push Docker images for tags only by @tillprochaska in #3008
Dependency upgrades
- Bump react-intl from 6.2.10 to 6.3.2 in /ui by @dependabot in #2981
- Bump @blueprintjs/icons from 4.14.3 to 4.14.5 in /ui by @dependabot in #2980
- Bump sass from 1.58.3 to 1.60.0 in /ui by @dependabot in #2978
- Bump @types/lodash from 4.14.191 to 4.14.192 in /ui by @dependabot in #2974
- Bump prettier from 2.8.4 to 2.8.7 in /ui by @dependabot in #2972
- Bump react-countup from 6.4.1 to 6.4.2 in /ui by @dependabot in #2970
- Bump react-markdown from 8.0.5 to 8.0.6 in /ui by @dependabot in #2971
- Bump @craco/craco from 7.0.0 to 7.1.0 in /ui by @dependabot in #2968
- Bump yaml from 2.2.1 to 2.2.2 in /ui by @dependabot in #3012
- Bump react-markdown from 8.0.6 to 8.0.7 in /ui by @dependabot in #3018
- Bump yaml from 2.2.1 to 2.2.2 in /ui by @dependabot in #3019
- Bump prettier from 2.8.7 to 2.8.8 in /ui by @dependabot in #3020
- Bump json5 from 2.2.1 to 2.2.3 in /docs by @dependabot in #2991
- Bump @formatjs/intl-pluralrules from 5.1.10 to 5.2.2 in /ui by @dependabot in #3021
- Bump sass from 1.60.0 to 1.62.1 in /ui by @dependabot in #3023
- Bump @formatjs/intl-locale from 3.1.1 to 3.3.0 in /ui by @dependabot in #3022
- Bump react-router-dom from 6.8.2 to 6.11.0 in /ui by @dependabot in #3038
- Bump react-intl from 6.3.2 to 6.4.2 in /ui by @dependabot in #3034
- Bump date-fns from 2.29.3 to 2.30.0 in /ui by @dependabot in #3035
- Bump @formatjs/cli from 6.0.4 to 6.1.1 in /ui by @dependabot in #3043
- Bump @types/lodash from 4.14.192 to 4.14.194 in /ui by @dependabot in #3042
- Bump @blueprintjs/icons from 4.14.5 to 4.15.0 in /ui by @dependabot in #3037
- Bump @blueprintjs/core from 4.17.5 to 4.18.0 in /ui by @dependabot in #3017
- Bump @blueprintjs/table from 4.9.0 to 4.10.1 in /ui by @dependabot in #3036
- Bump @formatjs/intl-relativetimeformat from 11.1.10 to 11.2.2 in /ui by @dependabot in #3039
- Bump blinker from 1.5 to 1.6.2 by @dependabot in #3033
- Bump react-router-dom from 6.11.0 to 6.11.1 in /ui by @dependabot in #3046
- Bump playwright from 1.31.1 to 1.32.1 by @dependabot in #3030
- Bump pytest-playwright from 0.3.1 to 0.3.3 by @dependabot in #3031
- Bump apispec from 5.2.2 to 6.3.0 by @dependabot in #2941
- Bump flake8-bugbear from 23.1.20 to 23.3.23 by @dependabot in #2955
- Bump papaparse from 5.3.2 to 5.4.1 in /ui by @dependabot in #2969
- Bump recharts from 2.4.3 to 2.5.0 in /ui by @dependabot in #2966
- Bump @blueprintjs/select from 4.8.12 to 4.9.14 in /ui by @dependabot in #3048
- Bump @types/node from 18.11.18 to 18.16.14 in /ui by @dependabot in #3088
- Bump @blueprintjs/table from 4.10.1 to 4.10.4 in /ui by @dependabot in #3073
- Bump @blueprintjs/icons from 4.15.1 to 4.16.0 in /ui by @dependabot in #3098
- Bump @blueprintjs/select from 4.9.14 to 4.9.20 in /ui by @dependabot in #3099
- Bump @alephdata/followthemoney from 3.3.0 to 3.4.0 in /ui by @dependabot in #3084
- Bump react-router-dom from 6.11.1 to 6.11.2 in /ui by @dependabot in #3083
- Bump recharts from 2.5.0 to 2.6.2 in /ui by @dependabot in #3076
- Bump react-redux from 8.0.5 to 8.0.7 in /ui by @dependabot in #3119
- Bump yaml from 2.2.2 to 2.3.1 in /ui by @dependabot in #3109
- Bump @blueprintjs/select from 4.9.20 to 4.9.21 in /ui by @dependabot in #3111
- Bump @types/lodash from 4.14.194 to 4.14.195 in /ui by @dependabot in #3112
- Bump @types/node from 18.16.14 to 18.16.16 in /ui by @dependabot in #3113
- Bump @blueprintjs/table from 4.10.4 to 4.10.8 in /ui by @dependabot in #3114
- Bump vite from 3.2.4 to 3.2.7 in /docs by @dependabot in #3122
- Bumps version of FTM libs, SQLAlchemy, Flask and related to latest by @catileptic in #3160
- Bump ingest-file and FTM versions by @catileptic in #3182
New Contributors
- @micahflee made their first contribution in #3127
Full Changelog: 3.14.1-rc15...3.15.0-rc2