[skeleton] Install cubes README in Debian packages (Closes #3171971)

[debian] Build-Depends on python-unittest2 | python (>= 2.7) Closes #3175895.

[doc] typos and reformulation

[doc] additional documentation about pip install under both Windows and Debian

spelling: rollbacked -> rolled back

Added tag cubicweb-version-3.17.9, cubicweb-debian-version-3.17.9-1 for changeset 5668d210e49c

merge two default heads

[pkg] prepare 3.17.9

Use the list of sources instead of an iterator in update-feeds looping task This prevents RuntimeError due to dictionary size change that may occur (as a result of a new source being added) during iteration. Closes #3155843.

[security] fix dumb attribute error when inserting read security. Closes #3196891 This has gone undetected because of erroneous tests...

[entity] give a default reasonnable __eq__ and __hash__ to Entity Using the eid. Closes #3179560.

[debian] add some Breaks for backwards compatibility removal The person and comment cubes used to import the cubicweb.mixins module. The inlinedit cube relied on String.startsWith in javascript.

[js] remove 3.9 bw compat (where apparently unused) - cubicweb.ajax.js - loadxhtml: form.callback support removal - removal of top-level functions: preprocessAjaxLoad, reloadBox, replacePageChunk, loadxhtml - cubicweb.compat.js: - map is undeprecated (jquery.map being not an acceptable replacement) - removal of noop, contains, findValue, filter, addElementClass, removeElementClass, hasElementClass, KEYS mapping - htmlhelpers.js: use non-deprecated functions cw.urlEncode - cubicweb.js: - removal of startsWith and endsWith monkeypatches - note deprecated but still used stuff (for action) - test_utils.js: use cw.utils.sliceList instead of global function Closes #2782004.

Rename cleanup_interface_sobjects into cleanup_unused_appobjects Interfaces are gone in 3.18 Related to #2782004.

remove cw 3.9 bw compat (bw compat other than the interface -> adapter changes) - cwconfig, doc/admin/setup: docstring adjustment wrt 3.9 & virtualenv - testing/rst: windmill (which is gone from the testing infrastructure) - other docs: "stuff introduced in 3.9" cleanup, as we don't care about the version old features were introduced - server/hooky.py: bw compat for propagation hooks - server/schemaserial.py: pre CWUniqueTogetherConstraint migration support - web.__init__.py: dumps bw import - autoform.py: .action ppty is gone, also deprecate set_action and get_action - baseviews: CSVView.subvid gone long ago, secondary view removal - primary.py: _render_attribute & _render_relation signature change - reledit.py: rvid/default_value bw compat, should_edit_* dropped - webconfig.py: resourcefile is gone - formfields.py: old vocabulary handling - request.py: build_ajax_replace_url, external_resource Related to #2782004.

remove 3.9 bw compat In cw 3.9, interfaces are deprecated and replaced with adapters, yielding a lot of bw compat in many places -- most if this patch is concerned with the interface bw compat - cwvreg: interface cleanup - doc/adapters.rst: interface cleanup - entities/adapters.py, wfobjs.py: interfaces bw compat - entity.py: interfaces bw compat, also get_value, delete, attr_metadata, has_perm, set_related_cache, clear_related_cache, clear_related_cache, related_rql - predicates.py: score_interfaces & implements - interfaces.py & mixins.py: 100% gone - view.py: implement_adapter_compat, unwrap_adapter_compat - calendar.py, editcontroller.py, ibreadcrumbs.py, navigation.py, xmlrss.py: interface bw compat - treeview.py: salvage one function from mixins.py Related to #2782004.

remove 3.8 bw compat - cwconfig: old keys such as depends_cubes and non-dict dependencies - cwctl: fall back to docstring if no short descr, forget 'short_descr' - dbapi: session_data, get_session_data, set_session_data, del_session_data - dbapi & testlib, session: eid_key is gone - migractions: cachekey is gone - doc/datamodel/definition, schemaserial: BoundConstraint -> BoundaryConstraint - formwidgets: separator - primary view: render_entity_metadata Related to #2782004.

[hooks/security] Defer entity permission checks to an Operation. Some of these checks may currently happen twice within the same transaction and be costly. This should be semantically safe. If people rely on some internal transaction ordering to be allowed early (thus pass) while the condition wouldn't be met at precommit time, their application is broken. It however seems unlikely to happen in the real life (tm). Closes #2932033

[schema] drop very old bw compat (pre 3.5.10) Closes #2925085.

[devtools,etwist] rename TwistedConfiguration to WebConfigurationBase (follows #2919310)

remove "twisted" configuration (closes #2919310) This was also known as "web only" instances. Not used in production anywhere today.

merge 3.17.8 into default

Added tag cubicweb-centos-version-3.17.8-1, cubicweb-version-3.17.8, cubicweb-debian-version-3.17.8-1 for changeset 909eb8b584c4

[pkg] prepare 3.17.8

[date picker] revert #ec65ca70aac9 which breaks the date picker (closes #3182844)

[merge] backport 3.17 fixes into the future 3.18

Added tag cubicweb-centos-version-3.17.7-1, cubicweb-version-3.17.7, cubicweb-debian-version-3.17.7-1 for changeset 483181543899

[pkg] prepare 3.17.7

i18n update

fix typos in workflow constraint error messages

[migractions] rschema.final.inlined -> rschema.inlined Closes #3153086.

[server] Make internal sessions not reset 'safe'-ness on first commit Increment the ctx_count when disabling integrity hooks so the next commit/rollback doesn't reset our transaction and magically turn us into a safe session. Closes #3168027

[facets] Correctly replace old 'edit box' HTML on facet-induced page refresh (closes #3161100)

[debian] replace find | xargs rm with find -delete in cube skeleton. Closes #3161797

[debian] don't require (fake)root to run the clean target. Closes #3161797 It works just fine as a normal user.

[debian] Add ${misc:Depends} to cube packaging skeleton. Closes #3161797 Best current practice is to have that in Depends in all packages using debhelper.

[devtools] fix race when creating backupdir If somebody else creates backupdir between our stat() and mkdir() (like, say, another test running in parallel), we shouldn't crash.

[staticcontrollers] Raise Forbidden, not Unauthorized Unauthorized means "log in to get access", as it results in a HTTP 401. Here, the error is pretty much permanent, and returning 401 instead of 403 confuses things terribly. (This seems to be a pretty widespread confusion :/)

[web] allow /data/ url again (closes #2464798) This feature was broken by 65fecbeb9c3a (which fixed another one itself).

[utils] fix typos in make_uid docstring

[c-c i18ncubicweb] fix crash, closes #3096647

[rql2sql] fix bad sql generated when outer joining 'identity' relation and lhs var comes from a subquery. Closes #3099418 The generated SQL was attempting to access table.cw_eid which doesn't exist.

[web] stop using deprecated StatusResponse. Closes #3098215

[deprecation] add (approximate) version number to deprecation message and set proper stacklevel

[schema] fix spurious warning when rqlexpr/constraint mainvars specify a non predefined variable. Closes #3098165

[repository] properly use IUserFriendlyError when UniqueTogetherError is raised during entity update. Closes #3096638

[deprecation] add cw version number to the deprecation message and help user to understand the change

[datafeed] fix crash due to bad http_timeout handling. Closes #3096585