Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: extend initdev command to also setup case import (#1942) #1948

Merged
merged 2 commits into from
Sep 3, 2024
Merged

feat: extend initdev command to also setup case import (#1942) #1948

merged 2 commits into from
Sep 3, 2024

Conversation

holtgrewe
Copy link
Collaborator

No description provided.

@holtgrewe holtgrewe linked an issue Sep 3, 2024 that may be closed by this pull request
Extend the initdev command to also setup case import #1942
Closed
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 3, 2024
edited
Loading

deps-report 🔍

Commit scanned: 59b0bca
ℹ️ Python version 3.10 is used by your project but the latest version is 3.12.

Vulnerable dependencies

5 dependencies have vulnerabilities 😱
Dependency Advisory Versions impacted
djangorestframework (transitive) Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with
tags.		 <3.15.2
jinja2 (transitive) In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. >=0
pyopenssl (transitive) CVE-2023-6129 affects PyOpenSSL versions starting from 22.0.0 due to a vulnerability in the POLY1305 MAC algorithm on PowerPC CPUs. This issue could lead to state corruption in applications, causing inaccurate outcomes or service disruptions. Attackers need specific conditions to exploit this flaw, including the ability to manipulate the algorithm's use and reliance on certain system registers by the application. >=22.0.0
setuptools (transitive) Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. <70.0.0
sqlalchemy Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. sqlalchemy/sqlalchemy#8563 <2.0.0b1

Outdated dependencies

38 outdated dependencies found (including 16 outdated major versions)😢
Dependency Installed version Latest version
alabaster (transitive) 0.7.16 1.0.0
argon2-cffi (transitive) 21.3.0 23.1.0
billiard (transitive) 3.6.4.0 4.2.0
crispy-bootstrap4 (transitive) 2022.1 2024.1
django 3.2.25 5.1
django-rest-knox (transitive) 4.2.0 5.0.1
django-sodar-core 0.13.4 1.0.1
mistune (transitive) 2.0.5 3.0.2
packaging (transitive) 23.2 24.1
protobuf 3.20.3 5.28.0
setuptools (transitive) 67.6.1 74.1.0
sphinx (transitive) 6.2.1 8.0.2
sphinx-rtd-theme (transitive) 1.2.2 2.0.0
sqlalchemy 1.4.53 2.0.32
unidecode (transitive) 0.4.21 1.3.8
xmlschema (transitive) 2.5.1 3.3.2
Dependency Installed version Latest version
botocore (transitive) 1.35.7 1.35.10
celery (transitive) 5.2.7 5.4.0
django-autocomplete-light (transitive) 3.9.4 3.11.0
django-crispy-forms (transitive) 2.0 2.3
django-db-file-storage (transitive) 0.5.5 0.5.6.1
django-debug-toolbar 4.3.0 4.4.6
django-environ (transitive) 0.10.0 0.11.2
django-iconify (transitive) 0.1.1 0.4
django-model-utils (transitive) 4.3.1 4.5.1
django-plugins-bihealth 0.4.0 0.5.2
django-postgres-copy 2.3.7 2.7.4
djangorestframework (transitive) 3.14.0 3.15.2
docutils (transitive) 0.18.1 0.21.2
drf-keyed-list-bihealth 0.1.1 0.2.1
markdown (transitive) 3.4.1 3.7
mypy-protobuf (dev) 3.3.0 3.6.0
pydantic-core (transitive) 2.20.1 2.23.1
requests-http-signature 0.2.0 0.7.1
rules (transitive) 3.3 3.5
versioneer (transitive) 0.28 0.29
watchdog (dev) 5.0.0 5.0.1
wheel (transitive) 0.40.0 0.44.0

Logs

@codecov Codecov
Copy link

codecov bot commented Sep 3, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91%. Comparing base (1a1a7ff) to head (59b0bca).
Report is 5 commits behind head on main.

Additional details and impacted files 
@@          Coverage Diff          @@
##            main   #1948   +/-   ##
=====================================
- Coverage     91%     91%   -1%     
=====================================
  Files        659     659           
  Lines      37645   37641    -4     
=====================================
- Hits       34499   34495    -4     
  Misses      3146    3146
Files with missing lines Coverage Δ
backend/cases_import/models/base.py 100% <100%> (ø)
backend/cases_import/models/executors.py 94% <ø> (-1%) ⬇️
backend/cases_import/tasks.py 100% <100%> (ø)
backend/cases_import/views_api.py 97% <100%> (ø)

@holtgrewe holtgrewe enabled auto-merge (squash) September 3, 2024 06:27
@holtgrewe holtgrewe merged commit d958421 into main Sep 3, 2024
20 checks passed
@holtgrewe holtgrewe deleted the 1942-extend-the-initdev-command-to-also-setup-case-import branch September 3, 2024 06:31
@varfish-bot varfish-bot mentioned this pull request Sep 3, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Extend the initdev command to also setup case import
1 participant
@holtgrewe