See also commit 8c222bd5
("Switch to class-based completely instead of id-based styling").

See merge request nexedi/erp5!1611

using json in 37b795fb was wrong,
because not all arguments can be converted to json (for example
DateTime instances)

This also enable the format using pprint.pformat for args, instead
of a simple str that was done in ActivityTool_getMessageList.

See merge request nexedi/erp5!1600

   The portal_skins was choosen to store the images to use proper http
cache.

   It is really not required, so we follow up the same as google oauth.

See merge request nexedi/erp5!1607

See merge request nexedi/erp5!1608

When spawning an activity, store the current security context's user in
the Message object itself, so the activity security context can be
re-created with the same security during activity execution.
This allows a user to be modified (different groups, global roles, maybe
removed altogether) after they spawned activities and before these activities
could run.
It also means that any temporary custom group or global role granted to
that user (by a privilege elevation mechanism out of the scope of this
change) will still be effective during the activity execution.
This follows the principle that
  foo.activate(...).bar(...)
should be equivalent to its "immediate execution" version
  foo.bar(...)
by ensuring that the security context of the activity is the same as the
one which was applied to the code which spawned that activity,
independently of any intermediate configuration change - hence improving
(deferred and fragmentary) transaction isolation.

This also removes the need to look the user up, then looking up their
assignments (and other documents involved in group computation), etc,
saving the cost of these calls.

Also, remove redundant user_name argument of Message.changeUser method.

The action was removed in 6dce55b0 (dms: drop PDF thumbnail view, 2021-06-01)
but some CSS declarations were not removed.

Also remove some old commented out javascript that was referencing the
old PDF preview

When a validated component is edited, `mixin.component.RecordablePropertyMetaClass`
records the `text_content` property. This recorded property will be cleared afterwards
if no errors are found, but this causes differences in business template XML for each
component the first time they are edited.

This change is about removing the `_recorded_property_dict` when there are no property
recorded, which leads to slightly smaller pickles (and business template XML, because
they are also pickles).

See merge request !1605

This makes smaller pickles

    Since it isn't managed by ERP5 this login document should never be blocked or Expired from Authentication Policy perspective.

More investigations are needed on jio side

jio 3.45.0 fixed the issue

Proxy field rendering was improved by nexedi/erp5@25ad9ece

erp5_core_test already depends on erp5_base, no need to have another
organisation_module module.

This was problematic because uninstalling erp5_core_test removes
the organisation_module with everything inside.

since config['software_list'] is used several times, it must be a real
list object and not a filter object

See merge request !1602

This will allow to propagate the CSP configuration on officejs.com

Only ZEXP Export/Import is possible. These modules (namely OFS.XMLExportImport
and Shared.DC.xml.*) were heavily monkey-patched anyway and are only used for
BusinessTemplates.

* ERP5Type/XMLExportImport.py  => ERP5Type/XMLExportImport/__init__.py
* OFS/XMLExportImport.py       => ERP5Type/XMLExportImport/__init__.py
* Shared/DC/xml/{xyap,ppml}.py => ERP5Type/XMLExportImport/{xyap,ppml}.py