Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Update NPM packagesHEADmasterArthur de Jong2024-02-242-608/+859
| | | | | | | | This includes a fix for CVE-2023-42282 in the IP package (because one of the transitive dependencies of node-sass switched to the ip-address module). The node-sass module is only used at build time and nothing in munin-plot does IP address validation so should not have been vulnerable.
* Update NPM packagesArthur de Jong2023-10-082-517/+603
| | | | | | Includes a fix for CVE-2023-44270 in postcss. The postcss package is only used to build the resulting CSS and as such is not run on untrusted data.
* Make selection toggle buttons lighterArthur de Jong2023-09-091-3/+3
| | | | For consistency with the other buttons.
* Get files ready for 1.7 release1.7Arthur de Jong2023-07-302-1/+13
|
* Rename license_file option in setup.cfgArthur de Jong2023-07-301-1/+1
| | | | | | | It seems the old option wasn't working with all versions of setuptools anyway. See https://setuptools.pypa.io/en/latest/userguide/declarative_config.html
* Have double click on legend only show that traceArthur de Jong2023-07-301-0/+19
|
* Update NPM packagesArthur de Jong2023-07-292-118/+256
| | | | | | | | | | | | Includes the last dependency fix for CVE-2022-25883 (Regular Expression Denial of Service) in semver. Also includes the dependency fix for CVE-2023-26115 (Regular Expression Denial of Service) in word-wrap. Both packages were previously partially fixed in 1aa9d67 but now all dependencies have been updated. Neither packages should have run on untrusted data.
* Add buttons to toggle selection of values in graphArthur de Jong2023-07-292-4/+67
| | | | | | | | | | This adds "Select all", "Toggle selection" and "Select none" buttons to the legend to allow bulk enabling and disabling individual metrics in graphs. This also switches to using Plotly.newPlot() over Plotly.redraw() (or Plotly.react()) because Plotly has some issues if all traces are removed from a graph and later re-added.
* Update NPM packagesArthur de Jong2023-07-092-709/+375
| | | | | | | | | | | | Includes a partial fix CVE-2023-26115 (Regular Expression Denial of Service) in word-wrap. While word-wrap was used in the built application the vulnerable version is now only used in a dependency of munin-plot build tools. It should not have been run on any untrusted data. This does not completely fix CVE-2022-25883 (Regular Expression Denial of Service) in semver because of dependency issues. The semver package is only used to build the resulting Javascript and as such is not run on untrusted data.
* Show correct order of plots in legendArthur de Jong2023-07-091-1/+1
| | | | Closes https://github.com/arthurdejong/munin-plot/issues/16
* Get files ready for 1.6 release1.6Arthur de Jong2023-04-293-2/+12
|
* Update NPM packagesArthur de Jong2023-04-292-436/+518
| | | | | | Includes a fix for CVE-2023-28154 in webpack. This vulnerability does not seem to impact munin-plot because we don't run webpack on untrusted input.
* Update NPM packagesArthur de Jong2023-02-052-156/+301
| | | | | | | | | | | Includes a fix for a vulnerability in d3-color is available yet (no CVE for GHSA-36jr-mh4h-2g58 has been assigned). Since we only pass data to d3 that is generated by the server-side component this should not affect munin-plot. Also includes a fix for CVE-2022-25881 in http-cache-semantics which does not affect munin-plot because it only affects server-side applications.
* Provide instructions on how to build missing staticsArthur de Jong2023-01-031-1/+7
| | | | | If the development server is started and the index.html file is absent it will exit immediately and print instructions for building it.
* Update NPM packagesArthur de Jong2023-01-034-7457/+718
| | | | | | | | | | | | | | | | | This upgrades to version 7 of eslint which results in some minor other changes. Sadly no fix for CVE-2022-46175 in json5 (a transitive dependency of eslint) is available yet. This vulnerability should not affect munin-plot because we don't run eslint on untrusted input. Sadly no fix for a vulnerability in d3-color is available yet (no CVE for GHSA-36jr-mh4h-2g58 has been assigned) because there is not yet a version of plotly.js available that doesn't depend on a version of d3-interpolate that doesn't depend on the vulnerable package. This could affect munin-plot because d3 is used in the web application but we only pass data to d3 (via plotly.js) that is output of the munin-plot server-side component.
* Only specify allowlist_externals in tox.iniArthur de Jong2023-01-031-1/+0
| | | | | | | It seems that allowlist_externals and whitelist_externals are mutually exclusive. This means that we can only use tox >= 3.18 now. Fixes a80b0c5
* Upgrade GitHub ActionsArthur de Jong2022-12-121-16/+16
| | | | | | | Update checkout to v3 (no relevant changes) and setup-python to v4 (no relevant changes) and CodeQL to v2 (no relevant changes). This also switches to using Python 3.9 for the tests.
* Support Tox's allowlist_externals alongside ↵Arthur de Jong2022-12-121-0/+1
| | | | | | | whitelist_externals Tox 4.0 has dropped the old whitelist_externals which was deprecated in Tox 3.18 when allowlist_externals was introduced.
* Avoid newer flake8Arthur de Jong2022-12-031-1/+1
| | | | | | | | | The new 6.0.0 contains a number of backwards incompatible changes for which plugins need to be updated and configuration needs to be updated. Sadly the maintainer no longer accepts contributions or discussion See https://github.com/PyCQA/flake8/issues/1760
* Update NPM packagesArthur de Jong2022-11-202-1247/+974
| | | | | | | | | | | | | | Includes a fixes for CVE-2022-37601 and CVE-2022-37603 in webpack loader-utils. These vulnerabilities does not seem to impact munin-plot because we don't run webpack on untrusted input. Sadly no fix for a vulnerability in d3-color is available yet (no CVE for GHSA-36jr-mh4h-2g58 has been assigned) because there is not yet a version of plotly.js available that doesn't depend on a version of d3-interpolate that doesn't depend on the vulnerable package. This could affect munin-plot because d3 is unsed in the web application but we only pass data to d3 (through plotly.js) that is output from the the munin-plot server-side component.
* Update NPM packagesArthur de Jong2022-10-082-659/+529
| | | | | | | | | | | | | | Includes a fix for CVE-2022-25758 in scss-tokenizer. This vulnerability does not seem to impact munin-plot because we don't run node-sass on untrusted input. Sadly no fix for a vulnerability in d3-color is available yet (no CVE for GHSA-36jr-mh4h-2g58 has been assigned) because there is not yet a version of plotly.js available that doesn't depend on a version of d3-interpolate that doesn't depend on the vulnerable package. This could affect munin-plot because d3 is unsed in the web application but we only pass data to d3 (through plotly.js) that is output from the the munin-plot server-side component.
* Update NPM packagesArthur de Jong2022-07-232-1336/+1488
| | | | | | | | | | | | | | | | | | Includes a fix for CVE-2022-31160 in jQuery UI. This vulnerability does not seem to impact munin-plot because we don't use radio buttons. Includes a fix for CVE-2022-24785 in Moment.js This vulnerability does not seem to impact munin-plot because it should only affect server-side Javascript. Includes a fix for CVE-2022-25858 in terser. This is used by webpack and should not affect impact munin-plot because it does not run webpack on untrusted input. Sadly no fix for CVE-2022-25758 is available at this time because there is not yet a version of node-sass available that doesn't depend on the scss-tokenizer package (which appears to be unmaintained). Since we don't process untrusted SCSS it should not affect munin-plot.
* Get files ready for 1.5 release1.5Arthur de Jong2022-03-272-1/+10
|
* Ensure webpack plugins are shippedArthur de Jong2022-03-271-0/+1
| | | | Fixes bdc4d23
* Update NPM packagesArthur de Jong2022-03-272-533/+500
| | | | | Includes a fix for CVE-2021-44906 in the minimist package which is a transitive dependency of plotly.js.
* Replace deprecated cgi.parse_qs with urllib.parse.parse_qsArthur de Jong2022-02-111-2/+2
|
* Improve installation documentationArthur de Jong2022-02-111-16/+37
|
* Update NPM packagesArthur de Jong2022-01-292-1490/+1502
| | | | | | Includes fixes for CVE-2021-3807 in the ansi-regex package and CVE-2021-23566 in nanoid both of which should only be used to build the resulting Javascript.
* Use pako for compressionArthur de Jong2022-01-033-30/+28
| | | | | The Compression Streams API is not yet widely supported in browsers (i.e. is unsupported in FireFox).
* Provide munin-plot source code as downloadArthur de Jong2021-12-305-2/+696
| | | | | This generates a zip file with the source code of munin-plot as a resource that can be downloaded.
* Account for changed flake8 ignore codeArthur de Jong2021-12-281-0/+1
|
* Update NPM packagesArthur de Jong2021-12-122-823/+1475
|
* First attempt at providing a print styleArthur de Jong2021-12-123-11/+75
| | | | | | | | | Whether this actually works is heavily dependant on the browser and in some cases the screen size. Support in Plotly is not completely there and there are also various bugs in browsers, e.g.: https://github.com/plotly/plotly.js/issues/1275 https://bugs.chromium.org/p/chromium/issues/detail?id=697233
* Exclude empty hidden list from dashboard definitionArthur de Jong2021-12-121-1/+5
| | | | | This makes the dump slightly more compact which is particularly useful for when including the dashboard in the URL.
* Update close buttons to Bootstrap 5Arthur de Jong2021-12-121-6/+2
| | | | Fixes cdd68f1
* Get files ready for 1.4 release1.4Arthur de Jong2021-11-072-1/+8
|
* Update NPM packagesArthur de Jong2021-11-062-2898/+406
|
* Load dashboard from URL if it changesArthur de Jong2021-10-201-6/+18
| | | | | If only the anchor part of the URL changes the page is normally not reloaded.
* Re-organise code a little bitArthur de Jong2021-10-201-44/+52
|
* Allow creating a sharable linkArthur de Jong2021-10-202-34/+93
| | | | | | | | | This allows saving the current dashboard to a shareable link that contains a BASE64 encoded compressed JSON blob of the dashboard. This also fixes an issue where the state from local storage was saved instead of the current window state (this could result in saving the wrong browser window if multiple windows were open).
* Get files ready for 1.3 release1.3Arthur de Jong2021-10-172-1/+10
|
* Rename README to README.mdArthur de Jong2021-10-173-16/+17
| | | | Mostly to please GitHub.
* Start week on Monday and show week numbersArthur de Jong2021-10-161-1/+3
|
* Update calculated ranges when opening pickerArthur de Jong2021-10-161-0/+10
| | | | | | This re-calculates the relative date/time ranges when opening the date range picker to ensure we always get current information even if the page has been loaded for a long time.
* Update NPM packagesArthur de Jong2021-10-153-848/+881
| | | | This include a CSS tweak for a change in Bootstrap.
* Support COLORnn values for field.colourArthur de Jong2021-10-151-1/+8
| | | | | Some Munin plugins specify the custom color as a numbered reference to one of the built-in colors instead of a hexadecimal code.
* Fix the padding around the legendArthur de Jong2021-10-152-3/+2
| | | | | | | A part of the colored block or line disappeared behind the legend. This makes the block smaller and avoids overlapping blocks. Fixes cdd68f1
* Update NPM packagesArthur de Jong2021-09-192-443/+358
|
* Get files ready for 1.2 release1.2Arthur de Jong2021-09-042-1/+11
|
* Upgrade to Bootstrap 5Arthur de Jong2021-09-037-70/+53
| | | | | | This updates the events that are handled in Javascript to no longer use jQuery and stops the use of Bootstrap tooltips. Bootstrap introduces slightly different font sizes and we include some changes to padding.