varfish-server
varfish-server copied to clipboard
varfish-org
feat: display seqvars query execution results in UI (#1952)
deps-report đ
Commit scanned: c0dad7d âšī¸ Python version 3.10 is used by your project but the latest version is 3.13.
Vulnerable dependencies
4 dependencies have vulnerabilities đą
| Dependency | Advisory | Versions impacted |
|---|---|---|
| djangorestframework (transitive) | Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with tags. |
<3.15.2 |
| jinja2 (transitive) | In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. | >=0 |
| setuptools (transitive) | Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. | <70.0.0 |
| sqlalchemy | Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 | <2.0.0b1 |
Outdated dependencies
47 outdated dependencies found (including 19 outdated major versions)đĸ
| Dependency | Installed version | Latest version |
|---|---|---|
| alabaster (transitive) | 0.7.16 | 1.0.0 |
| argon2-cffi (transitive) | 21.3.0 | 23.1.0 |
| billiard (transitive) | 3.6.4.0 | 4.2.1 |
| crispy-bootstrap4 (transitive) | 2022.1 | 2024.10 |
| django | 3.2.25 | 5.1.2 |
| django-model-utils (transitive) | 4.3.1 | 5.0.0 |
| django-rest-knox (transitive) | 4.2.0 | 5.0.2 |
| django-sodar-core | 0.13.4 | 1.0.2 |
| jsonschema-specifications (transitive) | 2023.12.1 | 2024.10.1 |
| markupsafe (transitive) | 2.1.5 | 3.0.1 |
| mistune (transitive) | 2.0.5 | 3.0.2 |
| packaging (transitive) | 23.2 | 24.1 |
| protobuf | 3.20.3 | 5.28.2 |
| setuptools (transitive) | 67.6.1 | 75.1.0 |
| sphinx (transitive) | 6.2.1 | 8.0.2 |
| sphinx-rtd-theme (transitive) | 1.2.2 | 3.0.1 |
| sqlalchemy | 1.4.54 | 2.0.35 |
| unidecode (transitive) | 0.4.21 | 1.3.8 |
| xmlschema (transitive) | 2.5.1 | 3.4.2 |
| Dependency | Installed version | Latest version |
|---|---|---|
| aiobotocore (transitive) | 2.15.1 | 2.15.2 |
| black | 24.8.0 | 24.10.0 |
| botocore (transitive) | 1.35.23 | 1.35.37 |
| celery (transitive) | 5.2.7 | 5.4.0 |
| charset-normalizer (transitive) | 3.3.2 | 3.4.0 |
| coverage (dev,transitive) | 7.6.1 | 7.6.2 |
| django-autocomplete-light (transitive) | 3.9.4 | 3.11.0 |
| django-crispy-forms (transitive) | 2.0 | 2.3 |
| django-db-file-storage (transitive) | 0.5.5 | 0.5.6.1 |
| django-debug-toolbar | 4.3.0 | 4.4.6 |
| django-environ (transitive) | 0.10.0 | 0.11.2 |
| django-iconify (transitive) | 0.1.1 | 0.4 |
| django-plugins-bihealth | 0.4.0 | 0.5.2 |
| django-postgres-copy | 2.3.7 | 2.7.6 |
| djangorestframework (transitive) | 3.14.0 | 3.15.2 |
| docutils (transitive) | 0.18.1 | 0.21.2 |
| drf-keyed-list-bihealth | 0.1.1 | 0.2.1 |
| faker | 30.1.0 | 30.3.0 |
| markdown (transitive) | 3.4.1 | 3.7 |
| mypy-protobuf (dev) | 3.3.0 | 3.6.0 |
| pydantic-core (transitive) | 2.23.4 | 2.24.0 |
| requests-http-signature | 0.2.0 | 0.7.1 |
| rules (transitive) | 3.3 | 3.5 |
| sentry-sdk | 2.15.0 | 2.16.0 |
| versioneer (transitive) | 0.28 | 0.29 |
| wheel (transitive) | 0.40.0 | 0.44.0 |
| xmltodict (transitive) | 0.13.0 | 0.14.1 |
| yarl (transitive) | 1.13.1 | 1.14.0 |
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
Attention: Patch coverage is 50.52632% with 47 lines in your changes missing coverage. Please review.
Project coverage is 91%. Comparing base (
0f405f6) to head (c0dad7d). Report is 1 commits behind head on main.
| Files with missing lines | Patch % | Lines |
|---|---|---|
| backend/seqvars/protos/output_pb2.py | 0% | 46 Missing :warning: |
| backend/seqvars/models/protobufs.py | 66% | 1 Missing :warning: |
Additional details and impacted files
@@ Coverage Diff @@
## main #1957 +/- ##
======================================
- Coverage 91% 91% -1%
======================================
Files 667 674 +7
Lines 37986 38407 +421
======================================
+ Hits 34869 35066 +197
- Misses 3117 3341 +224
| Files with missing lines | Coverage Î | |
|---|---|---|
| ...mport/tests/snapshots/snap_test_models_executor.py | 100% <100%> (+62%) |
:arrow_up: |
| ...staltmatcher/migrations/0003_auto_20241009_0639.py | 100% <100%> (ø) |
|
| ...kend/seqvars/migrations/0010_auto_20240905_1017.py | 100% <100%> (ø) |
|
| backend/seqvars/models/base.py | 96% <100%> (+<1%) |
:arrow_up: |
| backend/seqvars/tasks.py | 100% <100%> (ø) |
|
| ...end/seqvars/tests/snapshots/snap_test_views_api.py | 100% <ø> (ø) |
|
| backend/seqvars/tests/test_permissions_api.py | 99% <ø> (ø) |
|
| backend/seqvars/tests/test_views_api.py | 99% <ø> (ø) |
|
| backend/seqvars/urls.py | 100% <ø> (ø) |
|
| backend/seqvars/views_api.py | 83% <100%> (+<1%) |
:arrow_up: |
| ... and 2 more |
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
:white_check_mark: Actions performed
Review triggered.
Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.
![coderabbitai[bot] avatar](https://avatars.githubusercontent.com/in/347564?v=4 "Published by a pub.dev verified publisher"){kind=small}
[!CAUTION]
Review failed
The pull request is closed.
Walkthrough
The changes in this pull request encompass the addition of new files and updates to existing files related to genetic data handling, API modifications, and user interface components. New VCF files and a pedigree file have been introduced, along with updates to Django models and API endpoints to accommodate changes in data retrieval and pagination methods. Additionally, several Vue components have been created or modified to enhance the user experience and data presentation in the frontend.
Changes
| File Path | Change Summary |
|---|---|
| backend/Case_1_exons.ped | New entries added representing family genetic information. |
| backend/external-copy-0.vcf | New VCF file created following VCF version 4.2 specification. |
| backend/ingested.vcf | New VCF file created following VCF version 4.4 specification. |
| backend/seqvars/migrations/0009_auto_20240905_1017.py | Model ordering options updated for three models and genome_release field changed to CharField. |
| backend/seqvars/models/base.py | Added ordering specifications for SeqvarsResultSet and SeqvarsResultRow models. |
| backend/seqvars/models/executors.py | Added print statement in run_worker method for logging command execution. |
| backend/seqvars/urls.py | Updated URL pattern for api/resultset endpoint to capture queryexecution identifier. |
| backend/seqvars/views_api.py | Modified pagination mechanism, project retrieval, and API schema parameters. |
| backend/varfish/tests/drf_openapi_schema/varfish_api_schema.yaml | Significant updates to OpenAPI schema, replacing cursor-based pagination with page-based pagination. |
| backend/varfish/users/management/commands/data/Case_1_exons.grch37.gatk_hc.vcf.gz.tbi | New compressed index file for VCF added. |
| backend/varfish/users/management/commands/data/Case_1_exons.grch37.yaml.tpl | New YAML template file for genomic data representation. |
| backend/varfish/users/management/commands/data/Case_1_exons.ped | New pedigree file created containing family information. |
| backend/varfish/users/management/commands/initdev.py | Updated --data-case argument choices to include "Case_1_exons". |
| frontend/ext/varfish-api/src/lib/@tanstack/vue-query.gen.ts | Adjusted infinite query options and pagination parameters. |
| frontend/ext/varfish-api/src/lib/schemas.gen.ts | Added new properties to existing schema definitions. |
| frontend/ext/varfish-api/src/lib/services.gen.ts | Updated API view function URLs to reflect new parameter names. |
| frontend/ext/varfish-api/src/lib/types.gen.ts | Added count?: number; property to multiple paginated response types. |
| frontend/src/cases/components/CaseListTable/CaseListTable.vue | Enhanced rendering of data table with a new template slot for item indices. |
| frontend/src/cases/queries/cases.ts | New query function useCaseRetrieveQuery added for retrieving case details. |
| frontend/src/seqvars/components/QueryEditor/QueryEditor.vue | Modified selectedQueryUuid to use defineModel for enhanced state management. |
| frontend/src/seqvars/components/QueryResults/CellGeneFlags.vue | New component introduced for displaying genetic variant information. |
| frontend/src/seqvars/components/QueryResults/QueryResults.vue | New component for displaying query results related to a specific case. |
| frontend/src/seqvars/components/QueryResults/QueryResultsTable.vue | New component for displaying a results table for query results. |
| frontend/src/seqvars/components/QueryResults/types.ts | New interface PageInfo added for pagination aspects. |
| frontend/src/seqvars/queries/seqvarQueryExecution.ts | Added import for useQuery and updated method signatures. |
| frontend/src/seqvars/queries/seqvarResultRow.ts | New file introduced for handling seqvar result sets with query functionalities. |
| frontend/src/seqvars/queries/seqvarResultSet.ts | New file for querying seqvar result sets. |
| frontend/src/seqvars/views/SeqvarsQuery/SeqvarsQuery.vue | Enhanced functionality with new imports and computed properties for query results management. |
Possibly related PRs
- #1957: This PR is related as it involves the
backend/Case_1_exons.pedfile, which is also modified in the main PR to include new data entries for family genetic information. Both PRs deal with the same file and context of genetic data representation.
Poem
đ In the garden of genes, we play,
New files sprout, bright as the day.
With queries and tables, we hop with delight,
Each change a new path, a wondrous sight.
Let's celebrate data, both old and new,
For in every byte, there's magic too! đŧ
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
đĒ§ Tips
Chat
There are 3 ways to chat with CodeRabbit:
- Review comments: Directly reply to a review comment made by CodeRabbit. Example:
I pushed a fix in commit <commit_id>, please review it.Generate unit testing code for this file.Open a follow-up GitHub issue for this discussion.
- Files and specific lines of code (under the "Files changed" tab): Tag
@coderabbitaiin a new review comment at the desired location with your query. Examples:@coderabbitai generate unit testing code for this file.@coderabbitai modularize this function.
- PR comments: Tag
@coderabbitaiin a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.@coderabbitai read src/utils.ts and generate unit testing code.@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.@coderabbitai help me debug CodeRabbit configuration file.
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.
CodeRabbit Commands (Invoked using PR comments)
@coderabbitai pauseto pause the reviews on a PR.@coderabbitai resumeto resume the paused reviews.@coderabbitai reviewto trigger an incremental review. This is useful when automatic reviews are disabled for the repository.@coderabbitai full reviewto do a full review from scratch and review all the files again.@coderabbitai summaryto regenerate the summary of the PR.@coderabbitai resolveresolve all the CodeRabbit review comments.@coderabbitai configurationto show the current CodeRabbit configuration for the repository.@coderabbitai helpto get help.
Other keywords and placeholders
- Add
@coderabbitai ignoreanywhere in the PR description to prevent this PR from being reviewed. - Add
@coderabbitai summaryto generate the high-level summary at a specific location in the PR description. - Add
@coderabbitaianywhere in the PR title to generate the title automatically.
CodeRabbit Configuration File (.coderabbit.yaml)
- You can programmatically configure CodeRabbit by adding a
.coderabbit.yamlfile to the root of your repository. - Please see the configuration documentation for more information.
- If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation:
# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
Documentation and Community
- Visit our Documentation for detailed information on how to use CodeRabbit.
- Join our Discord Community to get help, request features, and share feedback.
- Follow us on X/Twitter for updates and announcements.