varfish-org
WIP
deps-report 🔍
Commit scanned: 10586c6 ℹ️ Python version 3.10 is used by your project but the latest version is 3.12.
Vulnerable dependencies
5 dependencies have vulnerabilities 😱
| Dependency | Advisory | Versions impacted |
|---|---|---|
| djangorestframework (transitive) | Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with tags. |
<3.15.2 |
| jinja2 (transitive) | In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. | >=0 |
| pyopenssl (transitive) | CVE-2023-6129 affects PyOpenSSL versions starting from 22.0.0 due to a vulnerability in the POLY1305 MAC algorithm on PowerPC CPUs. This issue could lead to state corruption in applications, causing inaccurate outcomes or service disruptions. Attackers need specific conditions to exploit this flaw, including the ability to manipulate the algorithm's use and reliance on certain system registers by the application. | >=22.0.0 |
| setuptools (transitive) | Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. | <70.0.0 |
| sqlalchemy | Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 | <2.0.0b1 |
Outdated dependencies
49 outdated dependencies found (including 16 outdated major versions)😢
| Dependency | Installed version | Latest version |
|---|---|---|
| alabaster (transitive) | 0.7.16 | 1.0.0 |
| argon2-cffi (transitive) | 21.3.0 | 23.1.0 |
| billiard (transitive) | 3.6.4.0 | 4.2.0 |
| crispy-bootstrap4 (transitive) | 2022.1 | 2024.1 |
| django | 3.2.25 | 5.1 |
| django-rest-knox (transitive) | 4.2.0 | 5.0.1 |
| django-sodar-core | 0.13.4 | 1.0.1 |
| mistune (transitive) | 2.0.5 | 3.0.2 |
| packaging (transitive) | 23.2 | 24.1 |
| protobuf | 3.20.3 | 5.27.3 |
| setuptools (transitive) | 67.6.1 | 73.0.1 |
| sphinx (transitive) | 6.2.1 | 8.0.2 |
| sphinx-rtd-theme (transitive) | 1.2.2 | 2.0.0 |
| sqlalchemy | 1.4.53 | 2.0.32 |
| unidecode (transitive) | 0.4.21 | 1.3.8 |
| xmlschema (transitive) | 2.5.1 | 3.3.2 |
| Dependency | Installed version | Latest version |
|---|---|---|
| aiobotocore (transitive) | 2.13.1 | 2.13.2 |
| aiohappyeyeballs (transitive) | 2.3.5 | 2.4.0 |
| aiohttp (transitive) | 3.10.2 | 3.10.5 |
| babel (transitive) | 2.15.0 | 2.16.0 |
| botocore (transitive) | 1.34.131 | 1.35.3 |
| celery (transitive) | 5.2.7 | 5.4.0 |
| django-autocomplete-light (transitive) | 3.9.4 | 3.11.0 |
| django-crispy-forms (transitive) | 2.0 | 2.3 |
| django-db-file-storage (transitive) | 0.5.5 | 0.5.6.1 |
| django-debug-toolbar | 4.3.0 | 4.4.6 |
| django-environ (transitive) | 0.10.0 | 0.11.2 |
| django-iconify (transitive) | 0.1.1 | 0.4 |
| django-model-utils (transitive) | 4.3.1 | 4.5.1 |
| django-plugins-bihealth | 0.4.0 | 0.5.2 |
| django-postgres-copy | 2.3.7 | 2.7.4 |
| djangorestframework (transitive) | 3.14.0 | 3.15.2 |
| docutils (transitive) | 0.18.1 | 0.21.2 |
| drf-keyed-list-bihealth | 0.1.1 | 0.2.1 |
| faker | 27.0.0 | 27.4.0 |
| markdown (transitive) | 3.4.1 | 3.7 |
| mypy-protobuf (dev) | 3.3.0 | 3.6.0 |
| numpy | 2.0.1 | 2.1.0 |
| prettytable | 3.10.2 | 3.11.0 |
| pydantic-core (transitive) | 2.20.1 | 2.23.0 |
| requests-http-signature | 0.2.0 | 0.7.1 |
| rules (transitive) | 3.3 | 3.4 |
| sentry-sdk | 2.12.0 | 2.13.0 |
| simplejson | 3.19.2 | 3.19.3 |
| soupsieve (transitive) | 2.5 | 2.6 |
| trio (dev,transitive) | 0.26.1 | 0.26.2 |
| versioneer (transitive) | 0.28 | 0.29 |
| werkzeug (dev) | 3.0.3 | 3.0.4 |
| wheel (transitive) | 0.40.0 | 0.44.0 |
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
According to short discussion in MS Teams, resizing does not work in this state. I could confirm this. The problem appears to be that with the following, the handle overlaps with the left-side menu which somehow prevents the drawer to react to drag-and-resize. The solution is to wrap the contents into a <div class="ml-3"> so there is sufficient space for the handle.
I added a commit to this PR which splits the SeqvarDetails component so we can include the <v-row> data without a wrapping <v-main><v-container> which might also be useful but not strictly necessary. This could be undone.
However, the layout of the contained SeqvarDetails does not work with being embedded within a too narrow window. We probably need to integrate more of the UI changes from Jurijs.
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Please upload report for BASE (
main@d87b225). Learn more about missing BASE report.
Additional details and impacted files
@@ Coverage Diff @@
## main #1907 +/- ##
======================================
Coverage ? 91%
======================================
Files ? 658
Lines ? 37532
Branches ? 0
======================================
Hits ? 34404
Misses ? 3128
Partials ? 0
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}