Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Comments

[pull] master from liangliangyy:master#37

Open
pull[bot] wants to merge 488 commits intodevilkun:master from
liangliangyy:master
Open

[pull] master from liangliangyy:master #37
pull[bot] wants to merge 488 commits intodevilkun:master from
liangliangyy:master

Conversation

@pull
Copy link

@pull pull bot commented Jan 13, 2022
edited
Loading

See Commits and Changes for more details.

Created by pull[bot]

Can you help keep this open source service alive? 💖 Please sponsor : )

Copy link

You have successfully added a new CodeQL configuration .github/workflows/codeql-analysis.yml:CodeQL-Build. As part of the setup process, we have scanned this repository and found 3 existing alerts. Please check the repository Security tab to see all alerts.

liangliangyy and others added 27 commits June 12, 2025 17:09 
---
updated-dependencies:
- dependency-name: pillow
 dependency-version: 11.3.0
 dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
liangliangyy and others added 30 commits January 21, 2026 14:02 
Refactor dark mode styles for article recommendations section
...reset, and comment notifications
- Implemented end-to-end tests for user registration, including email verification and login.
- Added tests for password reset functionality, ensuring proper email notifications and password updates.
- Created tests for comment notifications, verifying that authors receive alerts for new comments and can respond.
- Included tests for OAuth configuration and user management, ensuring proper handling of OAuth accounts and bindings.
- Change concurrency cancel-in-progress to false for django.yml and frontend.yml
- Update duplicate-check settings: skip_after_successful_duplicate to false
- Change concurrent_skipping from same_content_newer to outdated_runs
- Add branch flags to codecov uploads to distinguish dev and master coverage
- Update codecov.yml to track master and dev branches separately
Co-authored-by: liangliangyy <3077549+liangliangyy@users.noreply.github.com>
...workflows
Fix CI skipping on merge and cross-branch interference
Fix GitHub Actions workflow configuration issues
Bumps [pycparser](https://github.com/eliben/pycparser) from 2.23 to 3.0.
- [Release notes](https://github.com/eliben/pycparser/releases)
- [Commits](eliben/pycparser@release_v2.23...release_v3.00)
---
updated-dependencies:
- dependency-name: pycparser
 dependency-version: '3.0'
 dependency-type: direct:production
 update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
...y with 8 updates
Bumps the production-dependencies group with 8 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [coverage](https://github.com/coveragepy/coveragepy) | `7.8.0` | `7.13.1` |
| [django-compressor](https://github.com/django-compressor/django-compressor) | `4.5.1` | `4.6.0` |
| [greenlet](https://github.com/python-greenlet/greenlet) | `3.2.2` | `3.3.0` |
| [markdown](https://github.com/Python-Markdown/markdown) | `3.10` | `3.10.1` |
| [prettytable](https://github.com/prettytable/prettytable) | `3.16.0` | `3.17.0` |
| [rcssmin](https://github.com/ndparker/rcssmin) | `1.1.2` | `1.2.2` |
| [rjsmin](https://github.com/ndparker/rjsmin) | `1.2.2` | `1.2.5` |
| [simplejson](https://github.com/simplejson/simplejson) | `3.20.1` | `3.20.2` |
Updates `coverage` from 7.8.0 to 7.13.1
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.8.0...7.13.1)
Updates `django-compressor` from 4.5.1 to 4.6.0
- [Changelog](https://github.com/django-compressor/django-compressor/blob/develop/docs/changelog.txt)
- [Commits](django-compressor/django-compressor@4.5.1...4.6)
Updates `greenlet` from 3.2.2 to 3.3.0
- [Changelog](https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst)
- [Commits](python-greenlet/greenlet@3.2.2...3.3.0)
Updates `markdown` from 3.10 to 3.10.1
- [Release notes](https://github.com/Python-Markdown/markdown/releases)
- [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md)
- [Commits](Python-Markdown/markdown@3.10.0...3.10.1)
Updates `prettytable` from 3.16.0 to 3.17.0
- [Release notes](https://github.com/prettytable/prettytable/releases)
- [Changelog](https://github.com/prettytable/prettytable/blob/main/CHANGELOG.md)
- [Commits](prettytable/prettytable@3.16.0...3.17.0)
Updates `rcssmin` from 1.1.2 to 1.2.2
- [Changelog](https://github.com/ndparker/rcssmin/blob/master/CHANGES)
- [Commits](ndparker/rcssmin@1.1.2...1.2.2)
Updates `rjsmin` from 1.2.2 to 1.2.5
- [Changelog](https://github.com/ndparker/rjsmin/blob/master/CHANGES)
- [Commits](ndparker/rjsmin@1.2.2...1.2.5)
Updates `simplejson` from 3.20.1 to 3.20.2
- [Release notes](https://github.com/simplejson/simplejson/releases)
- [Changelog](https://github.com/simplejson/simplejson/blob/master/CHANGES.txt)
- [Commits](simplejson/simplejson@v3.20.1...v3.20.2)
---
updated-dependencies:
- dependency-name: coverage
 dependency-version: 7.13.1
 dependency-type: direct:production
 update-type: version-update:semver-minor
 dependency-group: production-dependencies
- dependency-name: django-compressor
 dependency-version: 4.6.0
 dependency-type: direct:production
 update-type: version-update:semver-minor
 dependency-group: production-dependencies
- dependency-name: greenlet
 dependency-version: 3.3.0
 dependency-type: direct:production
 update-type: version-update:semver-minor
 dependency-group: production-dependencies
- dependency-name: markdown
 dependency-version: 3.10.1
 dependency-type: direct:production
 update-type: version-update:semver-patch
 dependency-group: production-dependencies
- dependency-name: prettytable
 dependency-version: 3.17.0
 dependency-type: direct:production
 update-type: version-update:semver-minor
 dependency-group: production-dependencies
- dependency-name: rcssmin
 dependency-version: 1.2.2
 dependency-type: direct:production
 update-type: version-update:semver-minor
 dependency-group: production-dependencies
- dependency-name: rjsmin
 dependency-version: 1.2.5
 dependency-type: direct:production
 update-type: version-update:semver-patch
 dependency-group: production-dependencies
- dependency-name: simplejson
 dependency-version: 3.20.2
 dependency-type: direct:production
 update-type: version-update:semver-patch
 dependency-group: production-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
...on-dependencies-951b3f51bb
chore(deps): bump the production-dependencies group across 1 directory with 8 updates
...r-3.0
chore(deps): bump pycparser from 2.23 to 3.0
Bumps [setuptools](https://github.com/pypa/setuptools) from 78.1.1 to 80.10.1.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v78.1.1...v80.10.1)
---
updated-dependencies:
- dependency-name: setuptools
 dependency-version: 80.10.1
 dependency-type: direct:production
 update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
...ls-80.10.1
chore(deps): bump setuptools from 78.1.1 to 80.10.1
实现了类似 GitHub 的评论 emoji 反应功能:
Backend:
- 新增 CommentReaction 模型,支持 8 种 emoji(👍👎❤️😄🎉😕🚀👀)
- 添加 unique_together 约束,确保每个用户对每条评论的每种 emoji 只能点一次
- 实现 get_reactions_summary() 方法,返回反应统计和用户列表
- 新增 CommentReactionView API 端点:
 - GET /comment/<id>/react(公开访问,获取统计)
 - POST /comment/<id>/react(需登录,切换反应)
- 添加数据库迁移文件 0005_commentreaction.py
- 在 admin.py 中注册 CommentReactionAdmin
Frontend:
- 新增 reactionPicker.js Alpine.js 组件,处理反应交互逻辑
- 采用 SSR + API 混合架构:
 - 初始数据通过 data-reactions 属性从服务器端渲染
 - 更新操作通过 API 完成,避免页面重载
- 实现美观的登录提示模态框,替代浏览器 alert()
- 实现 toast 通知系统,显示操作成功/失败消息
- 添加 hover tooltip,显示点赞用户列表
- 支持深色模式
- 添加平滑的 CSS 动画(fadeIn, scaleIn, slideInRight)
Template:
- 更新 comment_item_modern.html,集成反应 UI
- 为未登录用户显示 🔒 提示
- 添加 emoji 选择器,支持 8 种表情
- 在 base.html 中添加 data-authenticated 标识
Template Tags:
- 新增 to_json 过滤器,安全地将 Python 对象转为 JSON
- 新增 get_reactions_for_user 过滤器,获取带用户状态的反应数据
Features:
- 登录用户可以点击 emoji 添加反应,再次点击取消
- 显示每种 emoji 的计数和点赞状态
- 鼠标悬停显示点赞用户名单(前5个+剩余数量)
- 未登录用户点击会显示美观的登录引导弹窗
- 401 错误自动处理并重定向到登录页
- CSRF 保护和安全验证
- 响应式设计,支持移动端
Performance:
- 使用 SSR 初始数据,避免首屏额外 API 请求
- 使用数据库索引优化查询性能
- select_related 优化关联查询
🤖 Generated with Claude Code
feat: 实现 GitHub 风格的评论 emoji 反应功能
Bumps the production-dependencies group with 3 updates: [coverage](https://github.com/coveragepy/coveragepy), [greenlet](https://github.com/python-greenlet/greenlet) and [setuptools](https://github.com/pypa/setuptools).
Updates `coverage` from 7.13.1 to 7.13.2
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.13.1...7.13.2)
Updates `greenlet` from 3.3.0 to 3.3.1
- [Changelog](https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst)
- [Commits](python-greenlet/greenlet@3.3.0...3.3.1)
Updates `setuptools` from 80.10.1 to 80.10.2
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v80.10.1...v80.10.2)
---
updated-dependencies:
- dependency-name: coverage
 dependency-version: 7.13.2
 dependency-type: direct:production
 update-type: version-update:semver-patch
 dependency-group: production-dependencies
- dependency-name: greenlet
 dependency-version: 3.3.1
 dependency-type: direct:production
 update-type: version-update:semver-patch
 dependency-group: production-dependencies
- dependency-name: setuptools
 dependency-version: 80.10.2
 dependency-type: direct:production
 update-type: version-update:semver-patch
 dependency-group: production-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Bumps [openai](https://github.com/openai/openai-python) from 0.28.1 to 2.16.0.
- [Release notes](https://github.com/openai/openai-python/releases)
- [Changelog](https://github.com/openai/openai-python/blob/main/CHANGELOG.md)
- [Commits](openai/openai-python@v0.28.1...v2.16.0)
---
updated-dependencies:
- dependency-name: openai
 dependency-version: 2.16.0
 dependency-type: direct:production
 update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Bumps the frontend-production group in /frontend with 4 updates: [@alpinejs/collapse](https://github.com/alpinejs/alpine/tree/HEAD/packages/collapse), [@alpinejs/focus](https://github.com/alpinejs/alpine/tree/HEAD/packages/focus), [@alpinejs/intersect](https://github.com/alpinejs/alpine/tree/HEAD/packages/intersect) and [alpinejs](https://github.com/alpinejs/alpine/tree/HEAD/packages/alpinejs).
Updates `@alpinejs/collapse` from 3.15.4 to 3.15.5
- [Release notes](https://github.com/alpinejs/alpine/releases)
- [Commits](https://github.com/alpinejs/alpine/commits/v3.15.5/packages/collapse)
Updates `@alpinejs/focus` from 3.15.4 to 3.15.5
- [Release notes](https://github.com/alpinejs/alpine/releases)
- [Commits](https://github.com/alpinejs/alpine/commits/v3.15.5/packages/focus)
Updates `@alpinejs/intersect` from 3.15.4 to 3.15.5
- [Release notes](https://github.com/alpinejs/alpine/releases)
- [Commits](https://github.com/alpinejs/alpine/commits/v3.15.5/packages/intersect)
Updates `alpinejs` from 3.15.4 to 3.15.5
- [Release notes](https://github.com/alpinejs/alpine/releases)
- [Commits](https://github.com/alpinejs/alpine/commits/v3.15.5/packages/alpinejs)
---
updated-dependencies:
- dependency-name: "@alpinejs/collapse"
 dependency-version: 3.15.5
 dependency-type: direct:production
 update-type: version-update:semver-patch
 dependency-group: frontend-production
- dependency-name: "@alpinejs/focus"
 dependency-version: 3.15.5
 dependency-type: direct:production
 update-type: version-update:semver-patch
 dependency-group: frontend-production
- dependency-name: "@alpinejs/intersect"
 dependency-version: 3.15.5
 dependency-type: direct:production
 update-type: version-update:semver-patch
 dependency-group: frontend-production
- dependency-name: alpinejs
 dependency-version: 3.15.5
 dependency-type: direct:production
 update-type: version-update:semver-patch
 dependency-group: frontend-production
...
Signed-off-by: dependabot[bot] <support@github.com>
Bumps the github-actions group with 1 update: [appleboy/ssh-action](https://github.com/appleboy/ssh-action).
Updates `appleboy/ssh-action` from 1.2.4 to 1.2.5
- [Release notes](https://github.com/appleboy/ssh-action/releases)
- [Commits](appleboy/ssh-action@v1.2.4...v1.2.5)
---
updated-dependencies:
- dependency-name: appleboy/ssh-action
 dependency-version: 1.2.5
 dependency-type: direct:production
 update-type: version-update:semver-patch
 dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
...on-dependencies-0fbce6c43a
chore(deps): bump the production-dependencies group with 3 updates
...ntend/dev/frontend-production-ddbe1ee78d
chore(deps): bump the frontend-production group in /frontend with 4 updates
...ev/github-actions-a8937717ac
ci(deps): bump appleboy/ssh-action from 1.2.4 to 1.2.5 in the github-actions group
....16.0
chore(deps): bump openai from 0.28.1 to 2.16.0
- Updated certifi from 2023年11月17日 to 2026年1月4日
- Updated configobj from 5.0.8 to 5.0.9
- Updated cryptography from 41.0.7 to 46.0.4
- Updated idna from 3.6 to 3.11
- Updated Jinja2 from 3.1.2 to 3.1.6 (already in requirements.txt)
- Updated requests from 2.31.0 to 2.32.5 (already in requirements.txt)
- Updated setuptools from 68.1.2 to 80.10.2 (already in requirements.txt)
- Updated twisted from 24.3.0 to 25.5.0
- Updated urllib3 from 2.0.7 to 2.6.3
- Updated wheel from 0.42.0 to 0.46.3
- Updated pip from 24.0 to 26.0
All 26 known security vulnerabilities have been fixed.
Co-authored-by: liangliangyy <3077549+liangliangyy@users.noreply.github.com>
- Fixed CVE-2025-13473
- Fixed CVE-2026-1207
- Fixed CVE-2026-1312
- Fixed CVE-2026-1287
All security vulnerabilities are now resolved.
Co-authored-by: liangliangyy <3077549+liangliangyy@users.noreply.github.com>
Fix 30 security vulnerabilities in Python dependencies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

AltStyle によって変換されたページ (->オリジナル) /