| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
This includes a fix for CVE-2023-42282 in the IP package (because one of
the transitive dependencies of node-sass switched to the ip-address
module). The node-sass module is only used at build time and nothing in
munin-plot does IP address validation so should not have been
vulnerable.
|
|
|
|
|
|
| |
Includes a fix for CVE-2023-44270 in postcss. The postcss package is
only used to build the resulting CSS and as such is not run on untrusted
data.
|
|
|
|
| |
For consistency with the other buttons.
|
| |
|
|
|
|
|
|
|
| |
It seems the old option wasn't working with all versions of setuptools
anyway.
See https://setuptools.pypa.io/en/latest/userguide/declarative_config.html
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes the last dependency fix for CVE-2022-25883 (Regular Expression
Denial of Service) in semver.
Also includes the dependency fix for CVE-2023-26115 (Regular Expression
Denial of Service) in word-wrap.
Both packages were previously partially fixed in 1aa9d67 but now all
dependencies have been updated. Neither packages should have run on
untrusted data.
|
|
|
|
|
|
|
|
|
|
| |
This adds "Select all", "Toggle selection" and "Select none" buttons to
the legend to allow bulk enabling and disabling individual metrics in
graphs.
This also switches to using Plotly.newPlot() over Plotly.redraw() (or
Plotly.react()) because Plotly has some issues if all traces are removed
from a graph and later re-added.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes a partial fix CVE-2023-26115 (Regular Expression Denial of
Service) in word-wrap. While word-wrap was used in the built application
the vulnerable version is now only used in a dependency of munin-plot
build tools. It should not have been run on any untrusted data.
This does not completely fix CVE-2022-25883 (Regular Expression Denial
of Service) in semver because of dependency issues. The semver package
is only used to build the resulting Javascript and as such is not run on
untrusted data.
|
|
|
|
| |
Closes https://github.com/arthurdejong/munin-plot/issues/16
|
| |
|
|
|
|
|
|
| |
Includes a fix for CVE-2023-28154 in webpack. This vulnerability does
not seem to impact munin-plot because we don't run webpack on untrusted
input.
|
|
|
|
|
|
|
|
|
|
|
| |
Includes a fix for a vulnerability in d3-color is available yet (no CVE
for GHSA-36jr-mh4h-2g58 has been assigned). Since we only pass data to
d3 that is generated by the server-side component this should not affect
munin-plot.
Also includes a fix for CVE-2022-25881 in http-cache-semantics which
does not affect munin-plot because it only affects server-side
applications.
|
|
|
|
|
| |
If the development server is started and the index.html file is absent
it will exit immediately and print instructions for building it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This upgrades to version 7 of eslint which results in some minor other
changes.
Sadly no fix for CVE-2022-46175 in json5 (a transitive dependency of
eslint) is available yet. This vulnerability should not affect
munin-plot because we don't run eslint on untrusted input.
Sadly no fix for a vulnerability in d3-color is available yet (no CVE
for GHSA-36jr-mh4h-2g58 has been assigned) because there is not yet a
version of plotly.js available that doesn't depend on a version of
d3-interpolate that doesn't depend on the vulnerable package. This could
affect munin-plot because d3 is used in the web application but we only
pass data to d3 (via plotly.js) that is output of the munin-plot
server-side component.
|
|
|
|
|
|
|
| |
It seems that allowlist_externals and whitelist_externals are mutually
exclusive. This means that we can only use tox >= 3.18 now.
Fixes a80b0c5
|
|
|
|
|
|
|
| |
Update checkout to v3 (no relevant changes) and setup-python to v4 (no
relevant changes) and CodeQL to v2 (no relevant changes).
This also switches to using Python 3.9 for the tests.
|
|
|
|
|
|
|
| |
whitelist_externals
Tox 4.0 has dropped the old whitelist_externals which was deprecated in
Tox 3.18 when allowlist_externals was introduced.
|
|
|
|
|
|
|
|
|
| |
The new 6.0.0 contains a number of backwards incompatible changes
for which plugins need to be updated and configuration needs to be
updated.
Sadly the maintainer no longer accepts contributions or discussion
See https://github.com/PyCQA/flake8/issues/1760
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes a fixes for CVE-2022-37601 and CVE-2022-37603 in webpack
loader-utils. These vulnerabilities does not seem to impact munin-plot
because we don't run webpack on untrusted input.
Sadly no fix for a vulnerability in d3-color is available yet (no CVE
for GHSA-36jr-mh4h-2g58 has been assigned) because there is not yet a
version of plotly.js available that doesn't depend on a version of
d3-interpolate that doesn't depend on the vulnerable package. This could
affect munin-plot because d3 is unsed in the web application but we only
pass data to d3 (through plotly.js) that is output from the the
munin-plot server-side component.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes a fix for CVE-2022-25758 in scss-tokenizer. This vulnerability
does not seem to impact munin-plot because we don't run node-sass on
untrusted input.
Sadly no fix for a vulnerability in d3-color is available yet (no CVE
for GHSA-36jr-mh4h-2g58 has been assigned) because there is not yet a
version of plotly.js available that doesn't depend on a version of
d3-interpolate that doesn't depend on the vulnerable package. This could
affect munin-plot because d3 is unsed in the web application but we only
pass data to d3 (through plotly.js) that is output from the the
munin-plot server-side component.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes a fix for CVE-2022-31160 in jQuery UI. This vulnerability does
not seem to impact munin-plot because we don't use radio buttons.
Includes a fix for CVE-2022-24785 in Moment.js This vulnerability does
not seem to impact munin-plot because it should only affect server-side
Javascript.
Includes a fix for CVE-2022-25858 in terser. This is used by webpack and
should not affect impact munin-plot because it does not run webpack on
untrusted input.
Sadly no fix for CVE-2022-25758 is available at this time because there
is not yet a version of node-sass available that doesn't depend on the
scss-tokenizer package (which appears to be unmaintained). Since we
don't process untrusted SCSS it should not affect munin-plot.
|
| |
|
|
|
|
| |
Fixes bdc4d23
|
|
|
|
|
| |
Includes a fix for CVE-2021-44906 in the minimist package which is a
transitive dependency of plotly.js.
|
| |
|
| |
|
|
|
|
|
|
| |
Includes fixes for CVE-2021-3807 in the ansi-regex package and
CVE-2021-23566 in nanoid both of which should only be used to build the
resulting Javascript.
|
|
|
|
|
| |
The Compression Streams API is not yet widely supported in browsers
(i.e. is unsupported in FireFox).
|
|
|
|
|
| |
This generates a zip file with the source code of munin-plot as a
resource that can be downloaded.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Whether this actually works is heavily dependant on the browser and in
some cases the screen size. Support in Plotly is not completely there
and there are also various bugs in browsers, e.g.:
https://github.com/plotly/plotly.js/issues/1275
https://bugs.chromium.org/p/chromium/issues/detail?id=697233
|
|
|
|
|
| |
This makes the dump slightly more compact which is particularly useful
for when including the dashboard in the URL.
|
|
|
|
| |
Fixes cdd68f1
|
| |
|
| |
|
|
|
|
|
| |
If only the anchor part of the URL changes the page is normally not
reloaded.
|
| |
|
|
|
|
|
|
|
|
|
| |
This allows saving the current dashboard to a shareable link that
contains a BASE64 encoded compressed JSON blob of the dashboard.
This also fixes an issue where the state from local storage was saved
instead of the current window state (this could result in saving the
wrong browser window if multiple windows were open).
|
| |
|
|
|
|
| |
Mostly to please GitHub.
|
| |
|
|
|
|
|
|
| |
This re-calculates the relative date/time ranges when opening the date
range picker to ensure we always get current information even if the
page has been loaded for a long time.
|
|
|
|
| |
This include a CSS tweak for a change in Bootstrap.
|
|
|
|
|
| |
Some Munin plugins specify the custom color as a numbered reference to
one of the built-in colors instead of a hexadecimal code.
|
|
|
|
|
|
|
| |
A part of the colored block or line disappeared behind the legend. This
makes the block smaller and avoids overlapping blocks.
Fixes cdd68f1
|
| |
|
| |
|
|
|
|
|
|
| |
This updates the events that are handled in Javascript to no longer use
jQuery and stops the use of Bootstrap tooltips. Bootstrap introduces
slightly different font sizes and we include some changes to padding.
|