Commit Graph

310 Commits

Author SHA1 Message Date
Christoph Reiter
e6e5bc74ad security: list all the packages missing vuln metadata
It's a bit of a wall of text right now, but we need to show them
somewhere so we can fix them.
2024-12-14 10:53:14 +01:00
Christoph Reiter
73aa5d60bf outofdate: fix total package number in case a repo filter is active
only count packages for the active filter
2024-12-14 10:48:46 +01:00
Christoph Reiter
d42899e01f security: show git version as well, like everywhere else 2024-12-06 18:09:44 +01:00
Christoph Reiter
1db24694a1 Update deps
one small typing fix uncovered by newer mypy
2024-12-06 18:00:01 +01:00
Christoph Reiter
b6190a960b package -> packages
for consistency
2024-09-15 17:07:03 +02:00
Christoph Reiter
3c7444c0a3 Get rid of the repo query param for single packages
We keep package names unique, and if for some reason they wouldn't be
we show both packages on that page then.

Let's not add a query param to every URL for such an edge case.
2024-09-15 17:06:51 +02:00
Christoph Reiter
106f1e42ec More 404 reponses when things couldn't be found 2024-09-15 16:35:03 +02:00
Christoph Reiter
b6ecb4abae Use the correct template for when no package with the name is found
The virtual package template doesn't cover that case
2024-09-15 16:16:38 +02:00
Christoph Reiter
aee5de581e Fix TemplateResponse deprecation warning
the request should be passed as the first arg now
2024-09-15 16:13:40 +02:00
Christoph Reiter
1958c2cf98 port to new fastapi lifespan api 2024-09-15 16:10:09 +02:00
Christoph Reiter
8c0c9b65e7 Fix pydantic deprecation warning 2024-09-15 16:01:17 +02:00
Christoph Reiter
1178edde11 Sort repos by priority and not by name
Use the order of the repos in the config as the order for everything else.
selection inputs, package groupes etc
2024-09-15 15:42:14 +02:00
Christoph Reiter
a2d66ef817 package: fix missing version info for all provides/conflicts/replaces 2024-08-28 08:24:33 +02:00
Christoph Reiter
0ec93350fe preload the fonts 2024-08-09 23:41:41 +02:00
Christoph Reiter
1ff07f8252 Update frontend deps; drop woff support
nearly everything supports woff2 now
2024-08-09 12:02:19 +02:00
Christoph Reiter
4fd8eb8cc3 Change the styling a bot for the sub-list headings
So it looks different to the main list headings in mobile view.
Not ideal.. but maybe better?
2024-07-23 17:41:28 +02:00
Christoph Reiter
461f08c905 package removals: show more context
add links, and show the dependency type
2024-07-23 09:33:11 +02:00
Christoph Reiter
fd3925efa0 Only show an outdated banner if the git version is too old
And not the version in the repo.
If the new version is in git, there is usually nothing to do, except
waiting for it to reach the repo.
2024-07-23 00:14:27 +02:00
Christoph Reiter
da40892968 Only show the git version in case it is different
In the common case it is the same, so avoid showing it twice
2024-07-22 23:50:28 +02:00
Christoph Reiter
1436216386 base: remove repo list
Now that the repos are listed via the sections of the binary packages,
there is no point it listing them again at the top.
2024-07-22 23:14:42 +02:00
Christoph Reiter
cd4a9ac00c more compact 2024-07-20 17:13:38 +02:00
Christoph Reiter
97e57e0098 Move the source-only tarball to the binary package file section
While it's in theory a base package property, it's rarely used/usefull,
so put it to the other file stuff for now.
2024-07-20 17:07:15 +02:00
Christoph Reiter
433371ad98 Move external links into a sub list
To separate it visually from the rest
2024-07-20 17:05:37 +02:00
Christoph Reiter
0daf0070de Add a link to the "source-only tarball" 2024-07-20 16:46:25 +02:00
Christoph Reiter
8b69672ee7 Fix error in case all vulns of a package have been ignored
We guarded in various places by whether vulns exist and then used
worst_vulnerability to select a color, but in case all are ignored
worst_vulnerability is None and things fail.

Introduce all_vulnerabilities/active_vulnerabilities/worst_active_vulnerability
properties and make sure that worst_active_vulnerability is always guarded
properly.
2024-06-30 16:01:53 +02:00
Christoph Reiter
99a86f1ca4 run: add CLI option to skip external sources
makes testing faster in some cases
2024-06-30 15:55:53 +02:00
Christoph Reiter
f0d1065951 base: group binary packages by repo
since it's not obvious which package name prefix belongs
to which repo/env
2024-06-30 15:31:15 +02:00
Christoph Reiter
60d6cb0856 Update frontend deps 2024-06-07 17:54:16 +02:00
Christoph Reiter
44a4f46ec6 anitya: don't link if explicitely disabled
If the PKGBUILD contains an empty anitya entry don't try to guess
the project based on the package name, just skip it.
2024-05-25 18:22:19 +02:00
Christoph Reiter
c1a941bd9b Use the new Arch geo mirror by default
Less likely to be offline
2024-05-25 18:20:02 +02:00
Christoph Reiter
16c621476e security: use the vuln sort key for sorting the package, not just the severity
At least for CVEs this gives us the critical CVEs for the newest year first,
since they are sorted by ID also.
2024-03-29 14:34:35 +01:00
Christoph Reiter
02d3a1bd02 Respect the new ignore_vulnerabilities field
It'a a list of CVE IDs or GHSA IDs which whould be ignored.
In lists we still show them, but at the end and with strike through.
For picking the worst for the tooltip button color we ignore them.
On the security page, of all are ignored, the package is skipped.
2024-03-28 11:28:12 +01:00
Christoph Reiter
fa0ec2f99a security: link the docs 2024-03-27 17:54:06 +01:00
Christoph Reiter
7a4ce7cb15 Add anitya links to packages
In case the package has a anitya ID we use that, otherwise we
use the realname, which might not work or might show a list
of all matches, but better then nothing.
2024-03-27 17:51:04 +01:00
Christoph Reiter
4ef880434b Add a page listing all found vulnerabilities
Also add some info to the package base if there is enough metadata
available for vulnerability matching.
2024-03-27 10:30:12 +01:00
Christoph Reiter
3c569263fd Make ExtInfo.version optional instead of special casing an empty version
In case the version is an empty string it is considered newer by pacman
than for example "r123".

Instead make it optional and handle the None version everywhere.

Fixes #68
2024-03-26 13:41:57 +01:00
Christoph Reiter
b2462470bc outofdate: also show vulnerabilities for unlinked packages
So we can priorize them for linking to other distros
2024-03-25 11:25:34 +01:00
Christoph Reiter
bd0fe0bcfb Arch repos have started dropping MD5SUM from packages 2024-03-24 16:39:48 +01:00
Christoph Reiter
a752129010 pypi: normalize package names during lookup
After c23f1b58e4
the names in the pypi cache are normalized, so we need to match that.
2024-03-24 16:32:27 +01:00
Christoph Reiter
076ecee1f5 remove some debug prints 2024-03-24 11:35:18 +01:00
Christoph Reiter
9bdd3d22b1 Expose matched CVEs on the outofdate and the package pages 2024-03-24 11:34:00 +01:00
Christoph Reiter
2294bafcfb Update frontend deps 2024-03-02 20:57:05 +01:00
Christoph Reiter
1c1d538324 pkgextra: get rid of internal flag 2024-01-24 08:36:46 +01:00
Christoph Reiter
d401a04bb0 Add a repology link to each package
There is no way to override the mapping and no version info,
we just re-use the mapping repology has for our packages.
But it's a start.
2024-01-12 17:56:18 +01:00
Christoph Reiter
eab53769bd Split up the code for the different external sources 2024-01-12 17:40:21 +01:00
Christoph Reiter
7d7653ad35 fetch: move some blocking parsing into threads 2024-01-12 11:25:22 +01:00
Christoph Reiter
915771dd65 Add a very basic gentoo package mapper
I couldn't find a proper API, so while this matches lots of packages
it also includes testing/unstable versions which makes for a lot
of false positives would we use it to detect new versions, so it's
marked as a fallback provider for now.
2024-01-12 11:21:22 +01:00
Christoph Reiter
c746ac14b9 Remove pgp support
With the signatures being removed from the package DBs this is not needed
anymore
2023-11-04 18:51:59 +01:00
Christoph Reiter
505dfeec0a queue: make the tooltip content a bit more compact
it's quite hard to read on mobile otherwise
2023-11-02 17:48:59 +01:00
Christoph Reiter
76d4b4d39b Run pyupgrade
upgrade everything to 3.10+
2023-11-01 19:28:08 +01:00