Merge branch 'main' into 457-fix-report-date-field

Signed-off-by: tdruez <tdruez@aboutcode.org>

Author: tdruez

.github/workflows/run-unit-tests.yml

@@ -40,7 +40,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.13"
+          python-version: "3.14"
 
       - name: Install python-ldap OS dependencies
         run: |

Dockerfile

@@ -6,7 +6,7 @@
 # See https://aboutcode.org for more information about AboutCode FOSS projects.
 #
 
-FROM python:3.13-slim
+FROM python:3.14-slim
 
 LABEL org.opencontainers.image.source="https://github.com/aboutcode-org/dejacode"
 LABEL org.opencontainers.image.description="DejaCode"

Makefile

@@ -6,7 +6,7 @@
 # See https://aboutcode.org for more information about AboutCode FOSS projects.
 #
 
-PYTHON_EXE=python3.13
+PYTHON_EXE=python3.14
 VENV_LOCATION=.venv
 ACTIVATE?=. ${VENV_LOCATION}/bin/activate;
 MANAGE=${VENV_LOCATION}/bin/python manage.py

README.rst

@@ -1,42 +1,36 @@
+========
 DejaCode
 ========
 
-DejaCode is a complete enterprise-level application to automate open source license
-compliance and ensure software supply chain integrity, powered by
-`ScanCode <https://github.com/nexB/scancode-toolkit>`_,
+DejaCode provides an enterprise-level application to automate open source license 
+compliance and ensure software supply chain integrity, powered by `ScanCode <https://github.com/aboutcode-org/scancode-toolkit>`_,
 the industry-leading code scanner.
 
-- Run scans and track all the open source and third-party products and components used
-  in your software.
-- Apply usage policies at the license or component level, and integrate into
-  ScanCode to ensure compliance.
-- Capture software inventories (SBOMs), generate compliance artifacts, and keep
-  historical data.
-- Ensure FOSS compliance with enterprise-grade features and integrations for DevOps and
-  software systems.
-- Scan a software package, simply by providing its Download URL, to get comprehensive
-  details of its composition and create an SBOM.
-- Load software package data into DejaCode with the integration for the open source
-  ScanCode.io and ScanCode Toolkit projects to create a product’s SBOM.
-- Track and report vulnerability tracking and reporting by integrating with the open
-  source VulnerableCode project.
-- Create, publish and share SBOM documents in DejaCode, including detailed attribution
-  documentation and custom reports in multiple file formats and standards, such as
-  CycloneDX and SPDX.
-
-Getting started
----------------
-
-The DejaCode documentation is available here: https://dejacode.readthedocs.io/
-
-If you have questions please ask them in
-`Discussions <https://github.com/aboutcode-org/dejacode/discussions>`_.
-
-If you want to contribute to DejaCode, start with our
-`Contributing <https://dejacode.readthedocs.io/en/latest/contributing.html>`_ page.
+Why Use DejaCode?
+=================
+
+DejaCode is your system of record as a single source of truth with quality data for 
+licenses, vulnerabilities, and package provenance and metadata, enabling you to ensure 
+FOSS compliance with enterprise-grade features and integrations for DevOps and 
+software systems.
+
+Getting Started
+===============
+
+Instructions to get you up and running on your local machine are at `Getting Started <https://dejacode.readthedocs.io/en/stable/index.html>`_
+
+The DejaCode documentation also provides:
+
+- prerequisites for installing the software.
+- instructions for configuring DejaCode integration with `ScanCode.io <https://github.com/aboutcode-org/scancode.io>`_, `VulnerableCode <https://github.com/aboutcode-org/vulnerablecode>`_, and `PurlDB <https://github.com/aboutcode-org/purldb>`_.
+- tutorials that provide hands-on guidance to DejaCode features.
+- how to setup usage policies.
+- how to capture and share software inventories (SBOMs) in multiple file formats and standards, such as CycloneDX and SPDX.
+- how to customize your own workflows and reports.
+- guidelines for contributing to code development.
 
 Build and tests status
-----------------------
+======================
 
 +------------+-------------------+
 | **Tests**  | **Documentation** |
@@ -45,7 +39,7 @@ Build and tests status
 +------------+-------------------+
 
 DejaCode License Notice
------------------------
+=======================
 
 DejaCode is an enterprise-level application to automate open source license
 compliance and ensure software supply chain integrity, powered by ScanCode,
@@ -68,7 +62,7 @@ You should have received a copy of the GNU Affero General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 Commercial Services option
----------------------------
+==========================
 
 nexB offers a commercial services option for DejaCode.
 You can learn more about these options by contacting nexB at
@@ -84,7 +78,7 @@ https://www.nexb.com/contact-us/
     :alt: Documentation Build Status
 
 Acknowledgements, Funding, Support and Sponsoring
---------------------------------------------------------
+=================================================
 
 This project is funded, supported and sponsored by:
 
@@ -99,7 +93,6 @@ This project is funded, supported and sponsored by:
 - nexB Inc. 
 
 
-
 |europa|   |dgconnect| 
 
 |ngi|   |nlnet|   
@@ -179,10 +172,3 @@ Communications Networks, Content and Technology under grant agreement No 1010695
     :target: https://nlnet.nl/discovery/
     :height: 40
     :alt: NGI Discovery logo
-
-
-
-
-
-
-

dje/views.py

@@ -14,8 +14,6 @@
 from collections import defaultdict
 from collections import namedtuple
 from contextlib import suppress
-from functools import partial
-from functools import wraps
 from urllib.parse import parse_qsl
 from urllib.parse import unquote_plus
 from urllib.parse import urlparse
@@ -1361,14 +1359,15 @@ def object_copy_get(request, m2m_formset_class):
             ct = ContentType.objects.get_for_model(related_model)
             m2m_initial.append({"ct": ct.id})
 
+    m2m_formset = m2m_formset_class(initial=m2m_initial, form_kwargs={"user": request.user})
     return render(
         request,
         "admin/object_copy.html",
         {
             "copy_candidates": copy_candidates,
             "update_candidates": update_candidates,
             "form": form,
-            "m2m_formset": m2m_formset_class(initial=m2m_initial),
+            "m2m_formset": m2m_formset,
             "opts": source_object._meta,
             "preserved_filters": preserved_filters,
         },
@@ -1388,11 +1387,7 @@ def object_copy_view(request):
     This result as an extra step of presenting the target Dataspace list of
     choices.
     """
-    # Declared here as it required in GET and POST cases.
-    m2m_formset_class = formset_factory(
-        wraps(M2MCopyConfigurationForm)(partial(M2MCopyConfigurationForm, user=request.user)),
-        extra=0,
-    )
+    m2m_formset_class = formset_factory(M2MCopyConfigurationForm, extra=0)
 
     # Default entry point of the view, requested using a GET
     # At that stage, we are only looking at what the User requested,
@@ -1421,7 +1416,7 @@ def object_copy_view(request):
         exclude_update = {model_class: config_form.cleaned_data.get("exclude_update")}
 
         # Append the m2m copy configuration
-        for m2m_form in m2m_formset_class(request.POST):
+        for m2m_form in m2m_formset_class(request.POST, form_kwargs={"user": request.user}):
             if not m2m_form.is_valid():
                 continue
             m2m_model_class = m2m_form.model_class

docs/doc_maintenance.rst

@@ -28,7 +28,7 @@ That will create a /dejacode directory in your working directory.
 Now you can install the dependencies in a virtualenv::
 
     cd dejacode
-    python3.13 -m venv .
+    python3.14 -m venv .
     source bin/activate
 
 Now you can build the HTML documents locally::

docs/installation.rst

@@ -179,7 +179,7 @@ Pre-installation Checklist
 
 Before you install DejaCode, make sure you have the following prerequisites:
 
-#. **Python: versions 3.13** found at https://www.python.org/downloads/
+#. **Python: versions 3.14** found at https://www.python.org/downloads/
 #. **Git**: most recent release available at https://git-scm.com/
 #. **PostgreSQL**: release 16 or later found at https://www.postgresql.org/ or
    https://postgresapp.com/ on macOS

pyproject.toml

@@ -7,7 +7,7 @@ name = "dejacode"
 version = "5.6.0"
 description = "Automate open source license compliance and ensure supply chain integrity"
 readme = "README.rst"
-requires-python = ">=3.13,<3.14"
+requires-python = ">=3.14,<3.15"
 license = "AGPL-3.0-only"
 license-files = ["LICENSE", "NOTICE"]
 authors = [
@@ -26,19 +26,20 @@ classifiers = [
     "Intended Audience :: Legal Industry",
     "Programming Language :: Python",
     "Programming Language :: Python :: 3 :: Only",
-    "Programming Language :: Python :: 3.13",
+    "Programming Language :: Python :: 3.14",
     "Topic :: Utilities"
 ]
 dependencies = [
     # Base configuration tools
-    "setuptools==80.9.0",
-    "wheel==0.45.1",
-    "pip==25.3",
+    "setuptools==82.0.0",
+    "wheel==0.46.3",
+    "packaging==26.0",
+    "pip==26.0.1",
     # Django
-    "Django==5.2.9",
-    "asgiref==3.11.0",
+    "Django==5.2.11",
+    "asgiref==3.11.1",
     "typing_extensions==4.15.0",
-    "sqlparse==0.5.3",
+    "sqlparse==0.5.5",
     # Django apps
     "django-crispy-forms==2.5",
     "crispy_bootstrap5==2025.6",
@@ -48,59 +49,53 @@ dependencies = [
     "confusable_homoglyphs==3.3.1",
     "django-guardian==3.2.0",
     "django-environ==0.12.0",
-    "django-debug-toolbar==6.1.0",
+    "django-debug-toolbar==6.2.0",
     # CAPTCHA
     "altcha==1.0.0",
     "django_altcha==0.9.0",
     # REST API
     "djangorestframework==3.16.1",
     # API documentation
-    "drf-yasg==1.21.11",
+    "drf-yasg==1.21.14",
     "uritemplate==4.2.0",
     "inflection==0.5.1",
     "pytz==2025.2",
     # Track failed login attempts
     "django-axes==8.0.0",
     # Multi-factor authentication
-    "django-otp==1.6.3",
+    "django-otp==1.7.0",
     "qrcode==8.2",
     "pypng==0.20220715.0",
     # Database
-    "psycopg==3.2.12",
+    "psycopg==3.3.2",
     # Cache
-    "redis==7.1.0",
-    # redis dependencies:
-    "packaging==25.0",
-    "pyparsing==3.2.5",
-    "async-timeout==5.0.1",
-    "Deprecated==1.2.18",
-    "wrapt==1.17.3",
+    "redis==7.1.1",
     # Antivirus
     "clamd==1.0.2",
     # Testing
     "model_bakery==1.10.1",
     # Task queue
     "rq==2.6.1",
     "croniter==6.0.0",
-    "django-rq==3.2.1",
+    "django-rq==3.2.2",
     "fakeredis==2.33.0",
     # Libs
     "certifi==2026.1.4",
-    "urllib3==2.6.2",
+    "urllib3==2.6.3",
     "python-dateutil==2.9.0.post0",
     "python-mimeparse==2.0.0",
-    "PyJWT==2.10.1",
+    "PyJWT==2.11.0",
     "natsort==8.4.0",
     "six==1.17.0",
     "requests==2.32.5",
     "idna==3.11",
     "charset-normalizer==3.4.4",
-    "PyYAML==6.0.2",
-    "cython==3.1.1",
+    "PyYAML==6.0.3",
+    "cython==3.2.4",
     "zipp==3.23.0",
     "XlsxWriter==3.2.9",
     # Markdown
-    "markdown==3.10",
+    "markdown==3.10.2",
     "bleach==6.3.0",
     "bleach_allowlist==1.0.3",
     "webencodings==0.5.1",
@@ -111,10 +106,10 @@ dependencies = [
     "defusedxml==0.7.1",
     # LDAP Auth
     "python_ldap==3.4.5",
-    "setuptools-scm==9.2.1",
-    "pyasn1==0.6.1",
+    "setuptools-scm==9.2.2",
+    "pyasn1==0.6.2",
     "pyasn1-modules==0.4.2",
-    "django-auth-ldap==5.2.0",
+    "django-auth-ldap==5.3.0",
     # license expressions
     "boolean.py==5.0",
     "license-expression==30.4.4",
@@ -126,23 +121,22 @@ dependencies = [
     "swapper==1.4.0",
     # AboutCode Toolkit
     "aboutcode_toolkit==11.1.1",
-    "click==8.2.1",
+    "click==8.3.1",
     "Jinja2==3.1.6",
-    "MarkupSafe==3.0.2",
+    "MarkupSafe==3.0.3",
     "saneyaml==0.6.1",
     "openpyxl==3.1.5",
     "et-xmlfile==2.0.0",
     # PackageURL
     "packageurl-python==0.17.6",
     # Gunicorn
-    "gunicorn==23.0.0",
+    "gunicorn==25.0.3",
     # SPDX validation
-    "jsonschema==4.24.0",
-    "jsonschema-specifications==2025.4.1",
-    "referencing==0.36.2",
-    "rpds-py==0.25.1",
+    "jsonschema==4.26.0",
+    "jsonschema-specifications==2025.9.1",
+    "referencing==0.37.0",
+    "rpds-py==0.30.0",
     "attrs==25.4.0",
-    "pyrsistent==0.20.0",
     # CycloneDX
     "cyclonedx-python-lib==11.6.0",
     "sortedcontainers==2.4.0",
@@ -152,11 +146,11 @@ dependencies = [
     "gitdb==4.0.12",
     "smmap==5.0.2",
     # CSAF
-    "pydantic==2.11.5",
-    "pydantic-core==2.33.2",
-    "typing-inspection==0.4.1",
-    "maturin==1.8.6",
-    "setuptools-rust==1.11.1",
+    "pydantic==2.12.5",
+    "pydantic-core==2.41.5",
+    "typing-inspection==0.4.2",
+    "maturin==1.11.5",
+    "setuptools-rust==1.12.0",
     "annotated-types==0.7.0",
     "semantic-version==2.10.0",
     # OpenVEX
@@ -166,7 +160,7 @@ dependencies = [
 [project.optional-dependencies]
 dev = [
     # Linter and Validation
-    "ruff==0.14.0",
+    "ruff==0.15.0",
     # Parallel testing
     "tblib==3.2.2"
 ]
@@ -191,6 +185,7 @@ where = ["."]
 
 [tool.ruff]
 line-length = 100
+target-version = "py313"
 exclude = [
     "migrations",
     "bin",