Befator-Inc-Firmen-Netzwerk/msys2-web
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
728 Commits 1 Branch 0 Tags
Commit Graph

728 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christoph Reiter
2ec83d9239 Move to new uvicorn_worker package 
The gunicorn worker included in uvicorn is deprecated
 2024-07-17 09:20:37 +02:00
Christoph Reiter
9b7cc624fb add reuse to reuse 2024-07-12 11:45:41 +02:00
Christoph Reiter
ccc77e396a Update Python deps 
port to new reuse format
 2024-07-12 11:29:13 +02:00
Christoph Reiter
8b69672ee7 Fix error in case all vulns of a package have been ignored 
We guarded in various places by whether vulns exist and then used
worst_vulnerability to select a color, but in case all are ignored
worst_vulnerability is None and things fail.

Introduce all_vulnerabilities/active_vulnerabilities/worst_active_vulnerability
properties and make sure that worst_active_vulnerability is always guarded
properly.
 2024-06-30 16:01:53 +02:00
Christoph Reiter
99a86f1ca4 run: add CLI option to skip external sources 
makes testing faster in some cases
 2024-06-30 15:55:53 +02:00
Christoph Reiter
f0d1065951 base: group binary packages by repo 
since it's not obvious which package name prefix belongs
to which repo/env
 2024-06-30 15:31:15 +02:00
Christoph Reiter
4102481fc1 Update deps 2024-06-30 15:02:48 +02:00
Christoph Reiter
60d6cb0856 Update frontend deps 2024-06-07 17:54:16 +02:00
Christoph Reiter
c25ba67a76 Update deps 2024-06-07 17:48:17 +02:00
Christoph Reiter
44a4f46ec6 anitya: don't link if explicitely disabled 
If the PKGBUILD contains an empty anitya entry don't try to guess
the project based on the package name, just skip it.
 2024-05-25 18:22:19 +02:00
Christoph Reiter
c1a941bd9b Use the new Arch geo mirror by default 
Less likely to be offline
 2024-05-25 18:20:02 +02:00
Christoph Reiter
4f66d76bdc Update Python deps 2024-05-25 17:09:22 +02:00
Christoph Reiter
16c621476e security: use the vuln sort key for sorting the package, not just the severity 
At least for CVEs this gives us the critical CVEs for the newest year first,
since they are sorted by ID also.
 2024-03-29 14:34:35 +01:00
Christoph Reiter
02d3a1bd02 Respect the new ignore_vulnerabilities field 
It'a a list of CVE IDs or GHSA IDs which whould be ignored.
In lists we still show them, but at the end and with strike through.
For picking the worst for the tooltip button color we ignore them.
On the security page, of all are ignored, the package is skipped.
 2024-03-28 11:28:12 +01:00
Christoph Reiter
fa0ec2f99a security: link the docs 2024-03-27 17:54:06 +01:00
Christoph Reiter
7a4ce7cb15 Add anitya links to packages 
In case the package has a anitya ID we use that, otherwise we
use the realname, which might not work or might show a list
of all matches, but better then nothing.
 2024-03-27 17:51:04 +01:00
Christoph Reiter
4ef880434b Add a page listing all found vulnerabilities 
Also add some info to the package base if there is enough metadata
available for vulnerability matching.
 2024-03-27 10:30:12 +01:00
Christoph Reiter
2fe04ca8af Update deps 2024-03-26 13:43:31 +01:00
Christoph Reiter
3c569263fd Make ExtInfo.version optional instead of special casing an empty version 
In case the version is an empty string it is considered newer by pacman
than for example "r123".

Instead make it optional and handle the None version everywhere.

Fixes #68
 2024-03-26 13:41:57 +01:00
Christoph Reiter
b2462470bc outofdate: also show vulnerabilities for unlinked packages 
So we can priorize them for linking to other distros
 2024-03-25 11:25:34 +01:00
Christoph Reiter
bd0fe0bcfb Arch repos have started dropping MD5SUM from packages 2024-03-24 16:39:48 +01:00
Christoph Reiter
a752129010 pypi: normalize package names during lookup 
After c23f1b58e4
the names in the pypi cache are normalized, so we need to match that.
 2024-03-24 16:32:27 +01:00
Christoph Reiter
076ecee1f5 remove some debug prints 2024-03-24 11:35:18 +01:00
Christoph Reiter
9bdd3d22b1 Expose matched CVEs on the outofdate and the package pages 2024-03-24 11:34:00 +01:00
Christoph Reiter
b86d0a3b0b Remove unused aiofiles dependency 2024-03-16 11:37:48 +01:00
Christoph Reiter
5d942adfb7 Update deps 2024-03-13 19:11:23 +01:00
Christoph Reiter
2294bafcfb Update frontend deps 2024-03-02 20:57:05 +01:00
Christoph Reiter
5e9e171765 Update deps 2024-03-02 20:53:51 +01:00
Christoph Reiter
8cb906146b poetry: set new package-mode config 2024-03-02 20:50:30 +01:00
Christoph Reiter
05ae48819c Update deps 2024-02-11 23:48:44 +01:00
Christoph Reiter
693d9262a3 Update deps 2024-01-24 08:41:54 +01:00
Christoph Reiter
1c1d538324 pkgextra: get rid of internal flag 2024-01-24 08:36:46 +01:00
Christoph Reiter
eacb03962c fix the tests 2024-01-12 18:01:25 +01:00
Christoph Reiter
d401a04bb0 Add a repology link to each package 
There is no way to override the mapping and no version info,
we just re-use the mapping repology has for our packages.
But it's a start.
 2024-01-12 17:56:18 +01:00
Christoph Reiter
eab53769bd Split up the code for the different external sources 2024-01-12 17:40:21 +01:00
Christoph Reiter
4b58f3901a Update deps 2024-01-12 11:27:50 +01:00
Christoph Reiter
7d7653ad35 fetch: move some blocking parsing into threads 2024-01-12 11:25:22 +01:00
Christoph Reiter
915771dd65 Add a very basic gentoo package mapper 
I couldn't find a proper API, so while this matches lots of packages
it also includes testing/unstable versions which makes for a lot
of false positives would we use it to detect new versions, so it's
marked as a fallback provider for now.
 2024-01-12 11:21:22 +01:00
Christoph Reiter
4fc1672615 Update frontend deps 2024-01-10 08:28:55 +01:00
Christoph Reiter
e7d9be77e6 Update deps 2024-01-10 08:26:47 +01:00
Christoph Reiter
fba3fda42c Update deps 2023-12-07 11:46:55 +01:00
Christoph Reiter
c746ac14b9 Remove pgp support 
With the signatures being removed from the package DBs this is not needed
anymore
 2023-11-04 18:51:59 +01:00
Christoph Reiter
875b5d8a99 Update deps 2023-11-04 18:38:46 +01:00
Christoph Reiter
505dfeec0a queue: make the tooltip content a bit more compact 
it's quite hard to read on mobile otherwise
 2023-11-02 17:48:59 +01:00
Christoph Reiter
76d4b4d39b Run pyupgrade 
upgrade everything to 3.10+
 2023-11-01 19:28:08 +01:00
Christoph Reiter
4f5dad3f86 Handle missing package signatures correctly 
They are optional now, which means they are availabel as detached signatures
and no longer available in the package database.
 2023-11-01 19:14:42 +01:00
Christoph Reiter
41d05a5391 Update deps 2023-11-01 19:05:13 +01:00
Christoph Reiter
14a224cafa Link to new documentation for how to update a package 2023-10-15 19:36:19 +02:00
Christoph Reiter
855a5d9709 Update frontend deps 2023-10-15 12:19:00 +02:00
Christoph Reiter
81837d078d clean up poetry deps 
move to the new group syntax for everything
 2023-10-15 12:12:38 +02:00