Skip to content

[bot] Merge 26.7 to develop (Conflicts)#7850

Merged
github-actions[bot] merged 18 commits into
developfrom
fb_bot_merge_26.7
Jul 15, 2026
Merged

[bot] Merge 26.7 to develop (Conflicts)#7850
github-actions[bot] merged 18 commits into
developfrom
fb_bot_merge_26.7

Conversation

@github-actions

Copy link
Copy Markdown

Automatic merge failed! Please merge 26.7 into fb_bot_merge_26.7 and resolve conflicts manually.

git fetch
git checkout fb_bot_merge_26.7
git reset --hard origin/develop
git merge 39a457a4d855118b448cba928bd9d2bc864074ac -m "Merge 26.7 to develop"

Resolve all conflicts (using IntelliJ or git mergetool)

git commit
git push --force

Approve all matching PRs simultaneously.
Approval will trigger automatic merge.
Verify all PRs before approving: https://internal.labkey.com/Scrumtime/Backlog/harvest-gitOpenPullRequests.view?branch=fb_bot_merge_26.7

labkey-adam and others added 16 commits July 8, 2026 09:46
## Rationale
Client requested a few more options in the "Require terms-of-use
acceptance" drop-down list.
LabKey/internal-issues#1202

## Related Pull Requests
- #7776

## Changes
- Add 90, 180, and 365 days as options
## Rationale
Make the sql-execute code reusable, and expose new tool
QueryMCP.executeSQL

## Related Pull Requests
- <!-- list of links to related pull requests (replace this comment) -->

## Changes
- <!-- list of descriptions of changes that are worth noting (replace
this comment) -->

<!-- list of standard tasks (remove this comment to enable)
## Tasks 📍
- [ ] Claude Code Review
- [ ] Manual Testing
- [ ] Test Automation
- [ ] Verify Fix
-->

---------

Co-authored-by: Adam Rauch <adam@labkey.com>
## Rationale
LabKey Server's OWASP Dependency Check build is failing on develop;
ActiveMQ 5.19.7 accounts for nine of those findings. Bumping to 5.19.8
clears all nine.

this is a backport from develop

## Related Pull Requests
- #7824

## Changes
- Bump ActiveMQ 5.19.7 -> 5.19.8: CVE-2026-49877 (HIGH 8.1) plus
CVE-2026-49432, CVE-2026-49434, CVE-2026-50734, CVE-2026-50750,
CVE-2026-53916, CVE-2026-53917, CVE-2026-54475, CVE-2026-52760

<!-- list of standard tasks (remove this comment to enable)
## Tasks 📍
- [ ] Claude Code Review
- [ ] Manual Testing
- [ ] Test Automation
- [ ] Verify Fix
-->
## Rationale
The `frame-ancestors` directive of our standard CSP is the modern way to
control what other sites can "frame" a LabKey deployment (none, by
default). The `X-Frame-Options` header is effectively obsolete, ignored
by any browser that supports `frame-ancestors`. [All major browsers have
supported `frame-ancestors` for 10
years](https://caniuse.com/?search=frame-ancestors+) and hence ignore
`X-Frame-Options`.

## Related Pull Requests
- LabKey/testAutomation#3094
## Rationale
The `Excel multi-tab` metric uses a subquery without an alias which
isn't supported until Postgres 16+

## Changes
- Add an alias

## Tasks 📍
- [x] Claude Code Review
-  ~Manual Testing~
- ~Test Automation~
## Rationale
For troubleshooting asistance

## Related Pull Requests
- <!-- list of links to related pull requests (replace this comment) -->

## Changes
- <!-- list of descriptions of changes that are worth noting (replace
this comment) -->

<!-- list of standard tasks (remove this comment to enable)
## Tasks 📍
- [ ] Claude Code Review
- [ ] Manual Testing
- [ ] Test Automation
- [ ] Verify Fix
-->

Co-authored-by: Adam Rauch <adam@labkey.com>
## Rationale
This permission is added to SiteAdmin and PlatformDeveloper when
mode=dev

[<!-- Rationale describing why this pull request is needed, what
behavior it's adding/changing/removing, etc. (replace this comment)
-->](LabKey/internal-issues#1305)

## Related Pull Requests
- <!-- list of links to related pull requests (replace this comment) -->

## Changes
- <!-- list of descriptions of changes that are worth noting (replace
this comment) -->

<!-- list of standard tasks (remove this comment to enable)
## Tasks 📍
- [ ] Claude Code Review
- [ ] Manual Testing
- [ ] Test Automation
- [ ] Verify Fix
-->
## Rationale
BulkUpgradeGroupAction is inconsistent with other actions for its
permission checks

## Changes
- Check container and for a separate permission for adding a new user
…dsAction (#7841)

## Rationale
We no longer support cross-folder imports, so no need to look beyond the
current container

## Related Pull Requests
- <!-- list of links to related pull requests (replace this comment) -->

## Changes
- Always use the current container for filtering purposes

## Tasks 📍
- [x] Claude Code Review
- ~Manual Testing~
- ~Test Automation~
@cnathe cnathe force-pushed the fb_bot_merge_26.7 branch from d69d0ed to dd6832a Compare July 15, 2026 13:20
@github-actions github-actions Bot merged commit dd6832a into develop Jul 15, 2026
9 of 10 checks passed
@github-actions github-actions Bot deleted the fb_bot_merge_26.7 branch July 15, 2026 14:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

10 participants