deps.rs is now available for self-hosted Gitea at
`/repo/gitea/<DOMAIN>/owner/repo`, e. g.
`/repo/gitea/git.example.org/deps-rs/deps.rs`,
`/repo/gitea/git.example.org:1234/deps-rs/deps.rs`,
`/repo/gitea/http://unsafe-gitea.org/deps-rs/deps.rs`.
This _should_ also include support for Gitea hosted in subdirectories,
e. g. `www.example.org/gitea`, though I haven't tested this yet.
If no protocol (`https://`/`http://`) is specified, `https://` is
automatically added to the beginning of the gitea server's URL.
However I could also change this to only accept https. Another
option might be the use of URL-encoding.
I am open for feedback, feel free to suggest changes.
Implementation notes:
- The Router now matches `/repo/*site/:qual/:name` instead of
`/repo/:site/:qual/:name` to allow for an arbitrary number of
`/`s before qual and name.
- `RepoSite` now has a new variant `Gitea(GiteaDomain)`.
- `RepoSite` no longer implements `Copy`. However this should not
be problematic because `Copy`ing was only used for `to_base_uri`,
`to_usercontent_base_uri` and `to_usercontent_repo_suffix` which
now accept `&self` references.
- `RepoSite` no longer implements `AsRef` and now uses `Display`
instead.
- updated test `correct_raw_url_generation`
- updated readme
Related to #84, #141
* Extend dependency status box to report more issues
- replace render_dev_dependency_box
with an extended render_dependency_box
- reports insecure dev dependencies,
outdated main dependencies,
and outdated dev dependencies
- handle pluralization in dependency count message
- change methods in AnalyzeDependenciesOutcome
- add count_outdated
- remove any_dev_issues
- remove AnalyzedDependencies::any_dev_issues
* Format status.rs
* Simplify AnalyzeDependenciesOutcome method impls
- match ergonomics lint
* Use bullet point list
* Tweak dependency box again
- only use list items if there is more than one dependency kind
* Fix outdated dependency count
- `count_outdated` already counts only main dependencies
* Tweak dependency box to no longer assume non-zero issues
- check for when all dependency component counts are zero,
render nothing
- always call `render_dependency_box` if it finds no security issues
Co-authored-by: Cecile Tonglet <cecile.tonglet@cecton.com>
* Add methods to check always insecure dependencies
Unlike checks for `_insecure`,
`always_insecure_ only accounts for
vulnerabilities not patched in the latest version in the range
* Update status renders to show "maybe insecure"
- show always insecure dependencies as insecure,
and remaining ones as "possibly insecure"
- show warning sign on all dependencies with possible vulnerability
- tweak security banner in case
all insecure dependencies are "possibly insecure"
* Update badge renderer to show "maybe insecure"
- only show the red "inscure"
if >=1 dependency is always insecure
- show "possibly insecure" if all are up to date but might be vulnerable
* Update status renderer
- more complete counts per project
* Format code
* Extend banner to explain what "maybe insecure" means
