build(deps): bump octoprint from 1.9.2 to 1.10.1 in /spk/octoprint/src

[dependabot]

Bumps octoprint from 1.9.2 to 1.10.1.

Release notes

Sourced from octoprint's releases.

1.10.1

✋ Heads-ups

The heads-ups from 1.10.0 still apply, please read this release's release notes as well for a full picture of what you should be aware of and what changed!

These heads-ups were added:

🔒 If you use autologin and have additional reverse proxies in front of OctoPrint, make sure they are configured correctly

If you have autologin enabled (which means OctoPrint will log you in automatically if you are accessing it from a local address), it is of utmost importance to properly configure any reverse proxies in front of OctoPrint so that the client IP can be determined correctly.

If you are accessing OctoPrint through haproxy as shipped on OctoPi, or behind a reverse proxy configured following one of the reverse proxy example configurations, there should be no issue. However, if you yourself have added any additional reverse proxies in front of OctoPrint, make sure those are configured correctly.

Please read more about this in the FAQ.

⛈ Issues while updating?

On every new OctoPrint release we see some people run into the same issues with outdated or broken environments all over again. If you encounter a problem during update, please check this collection of the most common issues encountered over the past couple of release cycles first, and test if the included fixes solve your problem.

♻ Changes

🔒 Security fixes

• Severity High (7.1): It was possible for an unauthenticated attacker to completely bypass the authentication if the autologinLocal option was enabled within the Access Control configuration, even if they came from networks that were not configured as localNetworks, by spoofing their IP via the X-Forwarded-For header.

  Please note that this does not affect you unless you've enabled the autologinLocal feature (it ships as disabled by default and requires adjusting the config.yaml file to enable, or the installation of a third party plugin that does this for you). It likely also doesn't affect you if you have enabled said feature but have OctoPrint only accessible on a trusted network.

  If you have autologinLocal enabled and your OctoPrint instance is reachable from a hostile network like the internet, e.g. through a port forward, this does affect you and you need to update ASAP. Until you are able to update, it is strongly recommended to disable the autologin feature and/or make your instance inaccessible from potentially hostile networks.

  See also the GitHub Security Advisory and CVE-2024-32977.

✨ Features & improvements

Core

• #4975: Reserved temperature identifiers not confirmed as supported but still sent by the printer's firmware will now only cause a warning log entry in octoprint.log on their first occurrence during a connection, not every time a temperature report is received. This is to combat log spam in case of firmware bugs and misconfiguration.
• #5003: Make the ticks on the temperature graph's timeline automatically scale with the cutoff to keep the graph readable even with several hours of history.
• Revert back to the netifaces dependency. While netifaces2 as used in 1.10.0 works well, it is sadly causing some build issues in the field. In the interest of giving as many people as possible access to any bug and especially security fixes, we are thus reverting to the (unmaintained) netifaces for now and keeping an eye on the wheel availability and compatibility of netifaces2 for a future rollout.

Achievements Plugin

• #5007: Clarify the requirement to properly configure the timezone and allow to reset all or only the time based achievements.
• Clarify that the Achievements Plugin is a plugin that can be disabled, if one doesn't want to have achievements.

🐛 Bug fixes

Core

... (truncated)

Commits

• e185475 🐛 achievements: fix initialization of timezone setting
• ea15c30 🔖 Preparing release of 1.10.1
• 5afbec8 Merge branch 'regressionfix/xff-issue' into staging/bugfix
• 8783267 📝 Update third party license file
• 7941367 ⏪ Revert to netifaces
• 7851ef5 Revert ":bug: GCODE analysis: fix running against files with whitespace (#5009)"
• af863e6 🚸 achievements: Clarify timezone config requirement
• b193255 📝 achievements: Help the grumpy people out a bit
• cec60ce 🐛 achievements: Use local time for stats as well
• 7d80170 🐛 Fix netmask & external address detection
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.