Bump lodash-es from 4.17.23 to 4.18.1

Bumps [lodash-es](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.23...4.18.1) --- updated-dependencies: - dependency-name: lodash-es dependency-version: 4.18.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Merge pull request #1332 from ae-utbm/taiste
2026-04-02 08:49:40 +00:00 · 2026-04-02 08:05:44 +00:00 · 2026-03-29 16:35:16 +02:00 · 2026-03-12 11:33:45 +01:00 · 2026-02-13 15:25:04 +01:00
4 changed files with 9 additions and 33 deletions
--- a/core/management/commands/install_xapian.py
+++ b/core/management/commands/install_xapian.py
@@ -39,16 +39,12 @@ class Command(BaseCommand):
            return None
        return xapian.version_string()

-    def _desired_version(self) -> tuple[str, str, str]:
+    def _desired_version(self) -> str:
        with open(
            Path(__file__).parent.parent.parent.parent / "pyproject.toml", "rb"
        ) as f:
            pyproject = tomli.load(f)
-            return (
-                pyproject["tool"]["xapian"]["version"],
-                pyproject["tool"]["xapian"]["core-sha256"],
-                pyproject["tool"]["xapian"]["bindings-sha256"],
-            )
+            return pyproject["tool"]["xapian"]["version"]

    def handle(self, *args, force: bool, **options):
        if not os.environ.get("VIRTUAL_ENV", None):
@@ -57,7 +53,7 @@ class Command(BaseCommand):
            )
            return

-        desired, core_checksum, bindings_checksum = self._desired_version()
+        desired = self._desired_version()
        if desired == self._current_version():
            if not force:
                self.stdout.write(
@@ -69,12 +65,7 @@ class Command(BaseCommand):
            f"Installing xapian version {desired} at {os.environ['VIRTUAL_ENV']}"
        )
        subprocess.run(
-            [
-                str(Path(__file__).parent / "install_xapian.sh"),
-                desired,
-                core_checksum,
-                bindings_checksum,
-            ],
+            [str(Path(__file__).parent / "install_xapian.sh"), desired],
            env=dict(os.environ),
            check=True,
        )
--- a/core/management/commands/install_xapian.sh
+++ b/core/management/commands/install_xapian.sh
@@ -1,11 +1,7 @@
 #!/usr/bin/env bash
 # Originates from https://gist.github.com/jorgecarleitao/ab6246c86c936b9c55fd
 # first argument of the script is Xapian version (e.g. 1.2.19)
-# second argument of the script is core sha256
-# second argument of the script is binding sha256
 VERSION="$1"
-CORE_SHA256="$2"
-BINDINGS_SHA256="$3"

 # Cleanup env vars for auto discovery mechanism
 unset CPATH
@@ -25,15 +21,9 @@ BINDINGS=xapian-bindings-$VERSION

 # download
 echo "Downloading source..."
-curl -O "https://oligarchy.co.uk/xapian/$VERSION/${CORE}.tar.xz" || exit 1
-
-echo "${CORE_SHA256}  ${CORE}.tar.xz" | sha256sum -c - || exit 1
-
+curl -O "https://oligarchy.co.uk/xapian/$VERSION/${CORE}.tar.xz"
 curl -O "https://oligarchy.co.uk/xapian/$VERSION/${BINDINGS}.tar.xz"

-echo "${BINDINGS_SHA256}  ${BINDINGS}.tar.xz" | sha256sum -c - || exit 1
-
-
 # extract
 echo "Extracting source..."
 tar xf "${CORE}.tar.xz"
--- a/package-lock.json
+++ b/package-lock.json
@@ -4006,9 +4006,9 @@
      }
    },
    "node_modules/lodash-es": {
-      "version": "4.17.23",
-      "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.17.23.tgz",
-      "integrity": "sha512-kVI48u3PZr38HdYz98UmfPnXl2DXrpdctLrFLCd3kOx1xUkOmpFPx7gCWWM5MPkL/fD8zb+Ph0QzjGFs4+hHWg==",
+      "version": "4.18.1",
+      "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.18.1.tgz",
+      "integrity": "sha512-J8xewKD/Gk22OZbhpOVSwcs60zhd95ESDwezOFuA3/099925PdHJ7OFHNTGtajL3AlZkykD32HykiMo+BIBI8A==",
      "license": "MIT"
    },
    "node_modules/lodash.debounce": {
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -92,12 +92,7 @@ docs = [
 default-groups = ["dev", "tests", "docs"]

 [tool.xapian]
-version = "1.4.31"
-# Those hashes are here to protect against supply chains attacks
-# They are obtained by downloawing xapian-core and xapian-bindings from xapian.org
-# and running `sha256sum` on the downloaded compressed files
-core-sha256 = "fecf609ea2efdc8a64be369715aac733336a11f7480a6545244964ae6bc80811"
-bindings-sha256 = "a38cc7ba4188cc0bd27dc7369f03906772047087a1c54f1b93355d5e9103c304"
+version = "1.4.29"

 [tool.ruff]
 output-format = "concise" # makes ruff error logs easier to read
Author	SHA1	Message	Date
dependabot[bot]	15425ce2d5	Bump lodash-es from 4.17.23 to 4.18.1 Bumps [lodash-es](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.23...4.18.1) --- updated-dependencies: - dependency-name: lodash-es dependency-version: 4.18.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-02 08:05:44 +00:00
Titouan	ca37996d6a	Merge pull request #1332 from ae-utbm/taiste Stats & Whitelist, Eurockéenne, fix pagination, Vite 8, delete unused settings	2026-03-29 16:35:16 +02:00
Titouan	173311c1d5	Merge pull request #1315 from ae-utbm/taiste Product history, formula management, test election	2026-03-12 11:33:45 +01:00
thomas girod	2995823d6e	Merge pull request #1293 from ae-utbm/taiste Refactors, updates and db optimisations	2026-02-13 15:25:04 +01:00