final(?) release notes

czue · Jun 5, 2024 · db773b5 · db773b5
1 parent 1ddb12f
commit db773b5
Showing 1 changed file with 65 additions and 37 deletions.
diff --git a/release-notes.md b/release-notes.md
@@ -9,99 +9,127 @@ This is a feature release with a few bigger updates.
 
 ### AI model changes
 
-The library used for non-OpenAI LLMs was changed from [`llm`](https://github.com/simonw/llm) to [`litellm`](https://docs.litellm.ai/docs/).
-Reasons for this change include:
+The library used for non-OpenAI LLMs has been changed from [`llm`](https://github.com/simonw/llm)
+to [`litellm`](https://docs.litellm.ai/docs/). Reasons for this change include:
 
 - It has far fewer additional dependencies.
-- It supports async APIs out of the box.
-- The `llm` library is optimized for the command line use-case, whereas `litellm` offers similar functionality as a native
-  Python library.
-  
+- It supports async APIs out of the box (for most models).
+- The `llm` library is more targeted for the command line use-case, whereas `litellm` offers similar functionality
+  as a native Python library with a cleaner API.
+
 Litellm can still be used with all common AI models, including OpenAI, Anthropic/Claude, and Meta/Llama models
-(with ollama). For details on getting started with `litellm` see the updated [AI documentation](./ai.md).
+(via ollama). For details on getting started with `litellm` see the updated [AI documentation](./ai.md).
+
+### Formatting and linting now use Ruff
+
+Black and isort have been replaced with [ruff](https://github.com/astral-sh/ruff)---a Python linter/formatter
+that offers the same functionality as those tools but is much faster.
+
+Additionally, Pegasus will now remove unused imports from your files automatically, both
+when building your project and if you have set up `pre-commit`.
+
+This change should be a relatively seamless drop-in replacement, though you may see some new lint errors
+in your projects which you can choose to address.
 
 ### Spam prevention updates
 
-Turnstile TODO docs
+There has been a dramatic increase in spam-bots over the last month.
+Many of these bots target seemingly-innocuous functionality like sign up and password reset forms.
 
-### Ruff support + import removal
+This version includes a few updates to help combat these bots.
+First, you can now easily add [Cloudflare turnstile](https://www.cloudflare.com/products/turnstile/) to your sign up forms,
+which will present the user with a captcha and should help reduce bot sign-ups.
+See [the turnstile documentation](./configuration.md#turnstile) for information on setting this up.
 
-TODO docs
+Additionally, the `ACCOUNT_EMAIL_UNKNOWN_ACCOUNTS` setting has been set to `False` by default.
+This prevents "forgot password" and "magic link" emails from being sent out to unknown accounts.
+It should also help reduce unnecessary email sending.
 
-### Added
+Finally, the [admin dashboard](#admin-dashboard) no longer shows users with unconfirmed email addresses if you have set
+`ACCOUNT_EMAIL_VERIFICATION = 'mandatory'`.
+This helps filter out likely bots from the report to provide clearer visibilty of people actually signing up for your app.
+
+### Complete changelog
+
+Below is the complete set of changes in this release.
+
+#### Added
 
-- Added configurable captcha support on sign up pages, using [Cloudflare turnstile](https://www.cloudflare.com/products/turnstile/).
+- **Added configurable captcha support on sign up pages, using [Cloudflare turnstile](https://www.cloudflare.com/products/turnstile/).**
   See [the turnstile documentation](./configuration.md#turnstile) for more information on setting this up.
 - Added API views for two-factor authentication, and to change the logged-in user's password. (Thanks Finbar for suggesting!)
 - Add UI to tell users they need a verified email address prior to setting up two-factor auth.
   - Also added a `has_verified_email` helper class to the `CustomUser` model.
 - Added tests for the delete team view for both team admins and members. (HTMX builds only)
 - Added test for team member removal permissions.
+- Add display and sort on the number of active members in the teams admin.
 
-### Fixed
+#### Fixed
 
 - Fixed a bug where team names longer than 50 characters could cause a crash during sign up.
 - Fixed a bug where multi-factor authentication QR codes had a dark background when dark mode was enabled (Tailwind builds only).
   (Thanks Artem for reporting!)
 - Fixed a bug where it was possible to bypass two-factor-authentication when using the API authentication views. 
   (Thanks Finbar for reporting and helping with the fix!)
-- Add display and sort on the number of active members in the teams admin.
 - Fixed a bug where deleting the user's only team while impersonating them resulted in a temporary crash.
   (Thanks EJ for reporting!)
 - Fixed a bug where creating an API key crashed if your user's first + last name combined to more than 40 characters.
   (Thanks Luc for reporting!)
-
-
-### Changed
-
-- Non-OpenAI builds now use `litellm` instead of `llm`. TODO more.
-- **Changed the formatter/linter from `black` and `isort` to [ruff](https://github.com/astral-sh/ruff).**
-  - Also addressed a handful of minor linting errors that came up as a result of this change.
-  Codebase linting is now substantially faster.
-- Removed the `static/css` and `static/js` directories from the `dockerignore` file so that other project files
-  can be included. Also updated the production Docker build process so that any existing files are overwritten
+- Improved the UI feedback when LLMs fail (e.g. if your API key is wrong or ollama is not running).
+- Removed the `static/css` and `static/js` directories from the `.dockerignore` file so that other project files
+  can be included in these directories.
+  Also updated the production Docker build process so that any existing files are overwritten
   by the built versions. (Thanks Raul for reporting!)
 - Made some performance improvements to the production Dockerfile build (don't rebuild the front end if there are
   no changes in the dependent files).
-- The login API response has changed, to allow for two-factor auth prompts, and more machine-readable status fields.
+- Better support trialing subscriptions with no payment methods.
+  The subscription UI will now show the date the trial ends and won't log errors about missing invoices. (Thanks Jarrett for reporting!)
+
+#### Changed
+
 - **Upgraded all Python packages to the latest versions.**
 - **Upgraded all JavaScript packages to the latest versions.**
+- **Non-OpenAI builds now use `litellm` instead of `llm`.** See above.
+- **Changed the formatter/linter from `black` and `isort` to [ruff](https://github.com/astral-sh/ruff).** See above.
+  - Also addressed a handful of minor linting errors that came up as a result of this change.
+  - Codebase linting is now substantially faster.
+  - Unused imports are now automatically removed when building your projects. 
+- **Celerybeat now uses the `django-celery-beat` library to store tasks in the database instead of on the filesystem.**
+  This improves support for celerybeat on Docker-based platforms. (Thanks Peter and Artem for the suggestion!)
+  - Also added a migration to save the default scheduled tasks in the database.
+- The login API response has changed, to allow for two-factor auth prompts, and more machine-readable status fields.
 - Removed the no-longer-used `use_json_field=True` argument from wagtail `StreamField`s.
-- The user dashboard no longer shows users with unconfirmed email addresses if you have set
-  `ACCOUNT_EMAIL_VERIFICATION = 'mandatory'`. This helps filter out likely bots from the report.
-- The user dashboard now includes sign ups from the current date, by default.
-- Better support trialing subscriptions with no payment methods.
-  The subscription UI will now show the date the trial ends and won't log errors about missing invoices. (Thanks Jarrett for reporting!)
+- The admin dashboard no longer shows users with unconfirmed email addresses if you have set `ACCOUNT_EMAIL_VERIFICATION = 'mandatory'`.
+- The admin dashboard now includes sign ups from the current date, by default.
 - Changed behavior when team role checks fail from raising a `TeamPermissionError` to returning a 403 response,
   and updated affected tests. One side effect of this is that the stack traces are removed from successful test runs.
 - Secret keys should no longer change every time you build your Pegasus project.
   They are also now clearly prefixed with `django-insecure-` to indicate that they should be changed in production. 
 - Updated the default OpenAI chat model to gpt-4o.
 - Upgraded the openapi client generator to version 7.5.0 and also pinned the version used by `make build-api-client`
   to the same one.
-- **Celerybeat now uses the `django-celery-beat` library to store tasks in the database instead of on the filesystem.**
-  This improves support for celerybeat on Docker-based platforms. (Thanks Peter and Artem for the suggestion!)
-  - Also added a migration to save the default scheduled tasks in the database.
-- Make Team IDs optional on the create team page (HTMX builds only).
+- Team IDs are now optional on the create team page (HTMX builds only).
 - Add clearer error message when charts are broken due to api config issue. (Thanks Yngve for reporting!)
 - Added `assume_scheme="https"` to form `URLField`s to be compatible with Django 6 behavior.
 - Added `FORMS_URLFIELD_ASSUME_HTTPS = True` to be compatible with Django 6 behavior.
 - Set `ACCOUNT_EMAIL_UNKNOWN_ACCOUNTS = False` by default, so that "forgot password" emails do not get sent to unknown accounts.
   This can help prevent spam bots.
 
-### Removed
+#### Removed
 
 - Removed `black` and `isort` from dev-requirements, since they have been replaced by `ruff`.
 - Removed `llm` library and associated code, since it has been replaced by `litellm`.
 - Removed no longer used `TeamPermissionError` class.
 
-### Standalone front end
+#### Standalone front end
 
 The following changes affect the experimental [standalone front end](./experimental/react-front-end.md):
 
-- The standalone React front end now supports two-factor-authentication.
+- **The standalone React front end now supports two-factor-authentication.**
 - Improve the UI when you have login issues in the standalone React front end.
 
+*June 5, 2024*
+
 
 ## Version 2024.5.3