v5.5.3 to production by ramyaragupathy · Pull Request #7241 · hotosm/tasking-manager

ramyaragupathy · 2026-05-08T05:05:34Z

Fixes for:

Imagery filter under explore projects
Modify project zoom level after task selection
OSMCha removal for sandbox projects
Validation wording change
Mapswipe stats mismatch
Campaign: bulk message contributors
Task extension record in history table: Aadesh's PR
GH actions update
Whitelist table: SQL injection
Jinja2 autoesacpe configuration
ohsomeNow broken stats fix

…ed tasks and optimize map re-zooming.

…hanges

…play in projectTypeAreaStats

…es refactor/fix

…g contributors

Enable autoescape=True in the Jinja2 Environment to prevent cross-site scripting via user-controlled template variables. Flagged by Bandit (B701) and Semgrep.

…etion The DELETE query loop in Project.delete() interpolated table names directly into an f-string. Added an explicit whitelist with a validation check before each query to prevent SQL injection if table names ever become user-controlled. Flagged by Bandit (B608) and Semgrep.

…ntributor component stability

fix: Lock duration in extension task history action text and test cas…

ci(actions): update actions for Node.js 24 compatibility

…contributors Feat/7216 campaign message contributors

…ject-delete fix: Add table name whitelist to prevent SQL injection in project del…

…-xss Fix Jinja2 autoescape disabled XSS vulnerability

Add imagery dropdown filter to explore projects

…etrics-not-showing Fix: aggregate project type statistics on partnership page

…le-invalidating-task Refactor: Improve task validation wording and layout structure

…-from-sandbox-project Hide OSMCha buttons and changeset resources for sandbox projects

Fix: Enhance TasksMap zoom behavior

…dd PropTypes to campaign components

…eliability

test: fix frontend regressions and stabilize mocks

Staging release for v5.5.3

fix(labeler): update config to v6 format

…I docs, config defaults, UI labels, mappings, and tests

Fix contribution page road stats and align the Ohsome topic across API docs, config defaults, UI labels, mappings, and tests

sonarqubecloud · 2026-05-08T05:07:08Z

Quality Gate failed

Failed conditions
4.1% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

sumitdahal7 and others added 30 commits March 17, 2026 09:45

fix: Add zoomedTaskId prop to TaskSelectionMap to focus on select…

e3e7e66

…ed tasks and optimize map re-zooming.

ci(actions): update actions for Node.js 24 compatibility

8a51723

fix(ci): align artifact actions to same version

3fe7f6f

fix: update validation status labels and reorganize UI according to c…

0777f9b

…hanges

fix: hide OSMCha buttons and changeset resources for sandbox projects

72fe3f8

fix: add sandbox prop to project detail component proptypes

57b8035

refactor: aggregate project type statistics before formatting for dis…

6ece961

…play in projectTypeAreaStats

fix: Lock duration in extension task history action text and test cas…

740bdfc

…es refactor/fix

feat: add imagery dropdown filter to explore projects more filters panel

a41ef1b

feat: add MessageContributors component to campaign view for messagin…

64d8f8c

…g contributors

Fix Jinja2 autoescape disabled XSS vulnerability

468b85b

Enable autoescape=True in the Jinja2 Environment to prevent cross-site scripting via user-controlled template variables. Flagged by Bandit (B701) and Semgrep.

feat: add accessibility labels to campaign form input and update tests

b35d974

fix: sonar cloud issues

b36f4d9

refactor: add PropTypes to campaign components and improve message co…

d56b029

…ntributor component stability

Merge pull request #7214 from hotosm/fix/extension-duration

5a2c363

fix: Lock duration in extension task history action text and test cas…

Merge branch 'hotosm:develop' into ci/update-actions

b5bb614

hotfix(pr-test): typo in checkout action

622d546

Merge pull request #7206 from anilrajrimal1/ci/update-actions

dc44854

ci(actions): update actions for Node.js 24 compatibility

Merge pull request #7221 from sumitdahal7/feat/7216-campaign-message-…

6ef657d

…contributors Feat/7216 campaign message contributors

Merge pull request #7218 from WiamSkakri/bugfix/fix-sql-injection-pro…

1e43c77

…ject-delete fix: Add table name whitelist to prevent SQL injection in project del…

Merge pull request #7217 from WiamSkakri/bugfix/fix-jinja2-autoescape…

5382865

…-xss Fix Jinja2 autoescape disabled XSS vulnerability

Merge pull request #7213 from sumitdahal7/feat/7212-imagery-filter

4c88a09

Add imagery dropdown filter to explore projects

Merge pull request #7211 from sumitdahal7/fix/7201-partnership-page-m…

6113e63

…etrics-not-showing Fix: aggregate project type statistics on partnership page

Merge pull request #7210 from sumitdahal7/fix/7182-Change-wording-whi…

3ca558c

…le-invalidating-task Refactor: Improve task validation wording and layout structure

Merge pull request #7209 from sumitdahal7/fix/7175-remove-osm-cha-ref…

05c29de

…-from-sandbox-project Hide OSMCha buttons and changeset resources for sandbox projects

Merge pull request #7199 from sumitdahal7/fix/7052-tasks-map-zoom-logic

54341ab

Fix: Enhance TasksMap zoom behavior

test: fix frontend regressions and stabilize mocks

739d4d5

fix(labeler): update config to v6 format

adfe69e

test: stabilize project navigation icon assertions

05a9dfe

sumitdahal7 and others added 9 commits May 5, 2026 22:40

fix: support explicit campaign id in edit view

c70713d

refactor: remove unnecessary state management from avatar hooks and a…

e18ed05

…dd PropTypes to campaign components

test: increase timeout for campaign name validation to improve test r…

c244bbd

…eliability

Merge pull request #7236 from sumitdahal7/fix/frontend-test-regressions

e304c7c

test: fix frontend regressions and stabilize mocks

Merge pull request #7235 from hotosm/develop

28a0307

Staging release for v5.5.3

Merge pull request #7237 from anilrajrimal1/fix/labeler-config

5a4da86

fix(labeler): update config to v6 format

Fix contribution page road stats and align the Ohsome topic across AP…

874e308

…I docs, config defaults, UI labels, mappings, and tests

Merge pull request #7239 from hotosm/fix/ohsome-contributions

9ed56dc

Fix contribution page road stats and align the Ohsome topic across API docs, config defaults, UI labels, mappings, and tests

Merge branch 'develop' into staging

182621d

ramyaragupathy requested review from prabinoid and sumitdahal7 May 8, 2026 05:05

ramyaragupathy temporarily deployed to 7241/merge May 8, 2026 05:05 — with GitHub Actions Inactive

ramyaragupathy temporarily deployed to develop May 8, 2026 05:05 — with GitHub Actions Inactive

github-actions Bot added scope: frontend scope: infrastructure scope: backend labels May 8, 2026

ramyaragupathy deployed to 7241/merge May 8, 2026 05:05 — with GitHub Actions Active

ramyaragupathy temporarily deployed to 7241/merge May 8, 2026 05:05 — with GitHub Actions Inactive

ramyaragupathy temporarily deployed to develop May 8, 2026 05:07 — with GitHub Actions Inactive

ramyaragupathy changed the title ~~Staging~~ v5.5.3 to production May 8, 2026

sumitdahal7 approved these changes May 8, 2026

View reviewed changes

prabinoid approved these changes May 8, 2026

View reviewed changes

ramyaragupathy merged commit c0c6b83 into main May 8, 2026
21 of 22 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

v5.5.3 to production#7241

v5.5.3 to production#7241
ramyaragupathy merged 39 commits into
mainfrom
staging

ramyaragupathy commented May 8, 2026

Uh oh!

sonarqubecloud Bot commented May 8, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

Uh oh!

Conversation

ramyaragupathy commented May 8, 2026

Uh oh!

sonarqubecloud Bot commented May 8, 2026

Quality Gate failed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants