Prepare 3.16.6

[devctl] properly generate i18n messsages for cubes that uses uicfg instances (closes #2811282)

[test/devctl] add a test case for i18ncube command

Protect against crash in the `relation_possible` predicate with ambiguous relations. It was still possible to get a KeyError when using relations that are ambiguous at both ends, like (Executable, version_of, Program) & (Version, version_of, Project). Closes #3010148.

[test] give a non-ambiguous order to sync_schema assertion (closes #3001959) Sorting by ordernum alone is unstable since several values have the same ordernum. ordernum + name should be stable.

Added tag cubicweb-version-3.17.3, cubicweb-debian-version-3.17.3-1, cubicweb-centos-version-3.17.3-1 for changeset 32b4d5314fd9

[test] typo

[schema,server] add a security debugging aid (closes #2920304) - Add a DGB_SEC debugging flag (to be used with set_debug/debugged). - Add a context manager (tunesecurity) to filter security assertions. Note: this does not address all read-security mecanisms.

[etwist] fix handling of multiple files per field html5 permits multiple files uploads, which can be expressed as:: <input type='file' multiple='multiple' /> This changeset avoids previous crash. Nothing is changed when a single file is uploaded (backward compat is thus preserved). When multiple files are uploaded for a single html input tag, the corresponding web request form key receives a list of tuples like [('filename-1', IStream1), ('filename-2', IStream2), ...]. closes #2847207.

[merge] start 3.18 development

[pkg] prepare 3.17.3

[pkg] Remove obsolete ubuntu hardy packaging It's been EOL for a while.

[book] fix sphinx documentation generation (closes #2991997) changeset 17994bf95d6a ([doc] update Session documentation) added cubicweb.server.session.Session autodoc to the book. This caused errors from sphinx due to a section title not being allowed in the class's docstring.

[test/ldap] fix ldap tests - make sure the url is properly updated on database setup (when the test database already exists and the ldap URI has changed) - fix the ldapuser test setup process.

[test] fix unittest_schemaserial.py A spurious add permission has been added in expected result by d988eec2d5d3

[test] make unittest_schemaserial.py runnable with python used to run fine only when launched using pytest

[facet] use facet name as input name for text widget (eg has_text) we need to ba able to distinguish between text-inputs so we can write a widget for a single facet that uses more than one text input. This fix consists in the diff in cubicweb.facts.js; modifications in facet.py result from this former.

[web doctype] don't give through reset_xmldecl to avoid double deprecation warning

[web doctype test] don't give reset_xmldecl to avoid deprecation warning

[devtool] randomise available ports search in http test This lowers the chance of parallel tests to race for the same port.

[facet] don't crash if no title specified on a facet and filtered rset is empty. Closes #2587883

[css, html] add a css_class attribute on Button, allowing to change easily default CSS class for buttons (think orbui integration)

[view] add 2 missing spaces before the previous link

[server/repository] Go through the repo to close pyro sessions Turns out session.close() doesn't DTRT.

fix migration from pre-3.13.1 versions (closes #2846978) Need to check the existence of the asource column before the first call to eid_type_source.

[constraint] more robust unicity constraint failures reporting for end-users Postgres or Sqlserver have limits on the index names (around resp. 64 and 128 characters). Because `logilab.database` encodes the `unique together` constraint rtypes in the index names, we sometimes get truncated index names, from which it is impossible to retrieve all rtypes. In the long run, the way such index are named should be changed. In the short term, we try to reduce the end-user confusion resulting from this design flaw: * in source/native, the regex filtering ``IntegrityError`` message does not impose an `_idx` suffix, which indeed may be absent (the result being an UI message that resembles a catastrophic failure), * also we avoid including a trailing " (double quote) from the error message * in entities/adapters, the well-named ``IUserFriendly`` adapter is made a bit smarter about how to handle missing rtypes. * the adapter also always produces a global message explaining the issue (and the fact that sometimes, the user is not shown all the relevant info) * i18n is updated Closes #2793789

[hooks/security] Streamline attributes default permission check. The current default permission on attributes delegates the check to the entity permission update policy. Since this is already checked it can be skipped. The equality comparison will work, even with a deserialized schema, because the default update perm is:: ('managers', ERQLExpression(Any X WHERE U has_update_permission X, X eid %(x)s, U eid %(u)s)) which will always be deserialized in this order (groups first). However this is a slight semantic change: entity type level 'update' permissions can now be effectively used to encode update-time rules if the default attribute permissions are used (before this change, the 'update' rules at entity type level were fired at creation time). Closes #2930861.

[test/schemaserial] swap got/expected to get nicer unittest2 diagnostics Prepares #2965518.

[repository] drop safe attribute on ``internal_cnx`` People that need to disable hook can do it explicitly anyway.

[dbapi] deprecated the dbapi