Commit graph

226 commits

Author SHA1 Message Date
Rob Ede
bce1f86308
Update deps + clippy (#187) 2023-01-31 19:37:42 +00:00
Rob Ede
2b45ed16cc
Address Clippy 2023-01-31 08:40:34 -05:00
Simon Lamon
c840d04789
Fix form submission (#189) 2023-01-31 13:37:10 +00:00
dependabot[bot]
6e25ce930d
Bump libgit2-sys from 0.14.1+1.5.0 to 0.14.2+1.5.1 (#186)
Bumps [libgit2-sys](https://github.com/rust-lang/git2-rs) from 0.14.1+1.5.0 to 0.14.2+1.5.1.
- [Release notes](https://github.com/rust-lang/git2-rs/releases)
- [Commits](https://github.com/rust-lang/git2-rs/compare/0.14.1...libgit2-sys-0.14.2)

---
updated-dependencies:
- dependency-name: libgit2-sys
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-22 20:42:49 +00:00
95f9e116a3
Bump dependencies to patch tokio (#184) 2023-01-17 09:22:13 +00:00
Paolo Barbolini
361207c40c
Tweak cache durations (#183) 2022-12-21 10:29:15 +01:00
f9d545f9ff
Allow analyzing crates in sub-directories of repo root (#170)
* Allow analyzing crates in sub-directories (#95)

* Add field to the main page form for selecting an inner path

* chore: make clippy happy

* Display sub-directory tree in status overview

* Append the query parameter to the SVG links

* Clippy fixes

* Update assets/links.js

Co-authored-by: Eduardo Pinho <enet4mikeenet@gmail.com>

Co-authored-by: Eduardo Pinho <enet4mikeenet@gmail.com>
2022-11-09 16:21:48 +00:00
Paolo Barbolini
477d83a4e0
Bump dependencies (#180) 2022-11-08 08:30:55 +00:00
Paolo Barbolini
014ce6bbaf
Fix latest nightly clippy warning (#181) 2022-11-08 08:26:28 +00:00
Paolo Barbolini
2aa03ff391
Point the livenessProbe at /repo/github/deps-rs/deps.rs (#172) 2022-10-31 10:27:45 +01:00
Arnaud Rebts
a7e89ed183
fix: kustomize does not seems to prefix the service name in ingress (#179) 2022-10-30 09:55:09 +01:00
Arnaud Rebts
1f1e131d25
fix/deploy (#178)
* fix: also update kustomization patches

* fix: last reference to old ingress api
2022-10-30 09:12:49 +01:00
Arnaud Rebts
4d884dcf35
fix: also update kustomization patches (#177) 2022-10-30 09:07:39 +01:00
Arnaud Rebts
cdf065ce49
fix: update ingress version (#176) 2022-10-30 09:02:12 +01:00
Paolo Barbolini
7f21afaba8
cargo: update dependencies (#175) 2022-10-28 20:45:31 +02:00
Paolo Barbolini
35523bb875
cargo: bump dependencies (#173) 2022-10-10 15:14:32 +01:00
Paolo Barbolini
1f518743dd
cargo: bump dependencies (#171) 2022-09-13 11:25:59 +02:00
Rob Ede
5b022c44b8
Support latest crate badge (#137)
Co-authored-by: Paolo Barbolini <paolo@paolo565.org>
2022-09-06 08:55:04 +01:00
edfdb969c7
Add link generators to the front page (#167)
Co-authored-by: Rob Ede <robjtede@icloud.com>
Co-authored-by: Paolo Barbolini <paolo.barbolini@m4ss.net>
2022-08-29 12:13:12 +01:00
c2f0b88b02
Quirks Mode no more! (#169)
* Serve standard mode documents

* One of these days I'll remember to run rustfmt and clippy, I promise
2022-08-27 20:20:11 +02:00
d89fc4929a
Bump vendored Bulma version (#168) 2022-08-27 18:43:27 +02:00
0788aaaedb
Set new icons for Codeberg and Gitea (#165) 2022-08-21 23:34:24 +01:00
valentinleistner
ba7647dcff
Support for self-hosted Gitea (#164)
deps.rs is now available for self-hosted Gitea at
`/repo/gitea/<DOMAIN>/owner/repo`, e. g.
`/repo/gitea/git.example.org/deps-rs/deps.rs`,
`/repo/gitea/git.example.org:1234/deps-rs/deps.rs`,
`/repo/gitea/http://unsafe-gitea.org/deps-rs/deps.rs`.

This _should_ also include support for Gitea hosted in subdirectories,
e. g. `www.example.org/gitea`, though I haven't tested this yet.

If no protocol (`https://`/`http://`) is specified, `https://` is
automatically added to the beginning of the gitea server's URL.
However I could also change this to only accept https. Another
option might be the use of URL-encoding.
I am open for feedback, feel free to suggest changes.

Implementation notes:

- The Router now matches `/repo/*site/:qual/:name` instead of
  `/repo/:site/:qual/:name` to allow for an arbitrary number of
  `/`s before qual and name.
- `RepoSite` now has a new variant `Gitea(GiteaDomain)`.
- `RepoSite` no longer implements `Copy`. However this should not
  be problematic because `Copy`ing was only used for `to_base_uri`,
  `to_usercontent_base_uri` and `to_usercontent_repo_suffix` which
  now accept `&self` references.
- `RepoSite` no longer implements `AsRef` and now uses `Display`
  instead.

- updated test `correct_raw_url_generation`
- updated readme

Related to #84, #141
2022-08-21 11:16:52 +02:00
Paolo Barbolini
a991fa8eb1
cargo: bump dependencies (#163) 2022-08-15 21:04:48 +01:00
Paolo Barbolini
bacc736364
Use MissedTickBehavior::Delay for updating crates.io-index (#161) 2022-08-14 21:48:09 +01:00
Paolo Barbolini
cf7513873b
cargo: bump dependencies (#157) 2022-07-15 14:36:07 +02:00
Paolo Barbolini
30fe686d47
Update to latest rustsec (#152) 2022-05-23 02:00:40 +01:00
Paolo Barbolini
e3e920248b
Bump dependencies (#155) 2022-05-19 19:17:10 +02:00
Paolo Barbolini
041640692d
Use crate_scope in advisory query (#153) 2022-04-26 23:46:44 +02:00
Paolo Barbolini
aa2e01f96b
Bump dependencies (#150) 2022-04-22 21:06:03 +01:00
Paolo Barbolini
aee38f5c2b
Fix clippy warnings (#151) 2022-04-22 21:05:38 +01:00
Paolo Barbolini
2b395df4a2
Bump dependencies (#147) 2022-03-18 14:21:51 +01:00
Paolo Barbolini
c981136d9e
Bump dependencies (#146) 2022-03-07 19:51:57 +01:00
Rob Ede
41218695e6
Add for-the-badge style and docs (#139) 2022-01-29 14:12:01 +00:00
Rob Ede
262d27dd74
Add compact and flat badge styles (#136) 2022-01-24 15:18:19 +00:00
Atk
8bdee6b770
Codeberg support (#134) 2022-01-19 00:51:33 +00:00
Rob Ede
e8fbb00ada
Reduce futures dep to futures-util (#135) 2022-01-16 16:48:08 +00:00
Rob Ede
b2c2506615
Sort deps alphabetically 2022-01-16 16:27:14 +00:00
Paolo Barbolini
5705c7c785
Fix dead code warnings (#130) 2021-12-29 08:54:50 +01:00
Paolo Barbolini
9b7d2786d6
Update dependencies (#129) 2021-12-29 08:30:53 +01:00
Paolo Barbolini
7ac25b31ff
Fix displaying patched versions (#127) 2021-11-25 09:46:51 +00:00
Paolo Barbolini
f2899ceb81
Bump all dependencies except crates-index (#126) 2021-11-25 09:35:28 +00:00
Cecile Tonglet
5c82d0f05e
Fix docker images in Dockerfile (#124) 2021-10-28 12:04:52 +01:00
02a9a4a35d
Bump project to Rust 2021 (#123) 2021-10-22 19:36:39 +01:00
Eduardo Pinho
309f13ec84
Extend dependency status box to report more issues (#121)
* Extend dependency status box to report more issues

- replace render_dev_dependency_box
  with an extended render_dependency_box
   - reports insecure dev dependencies,
     outdated main dependencies,
     and outdated dev dependencies
   - handle pluralization in dependency count message
- change methods in AnalyzeDependenciesOutcome
   - add count_outdated
   - remove any_dev_issues
- remove AnalyzedDependencies::any_dev_issues

* Format status.rs

* Simplify AnalyzeDependenciesOutcome method impls

- match ergonomics lint

* Use bullet point list

* Tweak dependency box again

- only use list items if there is more than one dependency kind

* Fix outdated dependency count

- `count_outdated` already counts only main dependencies

* Tweak dependency box to no longer assume non-zero issues

- check for when all dependency component counts are zero,
  render nothing
- always call `render_dependency_box` if it finds no security issues

Co-authored-by: Cecile Tonglet <cecile.tonglet@cecton.com>
2021-10-18 15:55:53 +01:00
Eduardo Pinho
6cd7256ee8
Only query advisory database on latest matching version (#98)
* Add methods to check always insecure dependencies

Unlike checks for `_insecure`,
   `always_insecure_ only accounts for
   vulnerabilities not patched in the latest version in the range

* Update status renders to show "maybe insecure"

- show always insecure dependencies as insecure,
  and remaining ones as "possibly insecure"
- show warning sign on all dependencies with possible vulnerability
- tweak security banner in case
  all insecure dependencies are "possibly insecure"

* Update badge renderer to show "maybe insecure"

- only show the red "inscure"
  if >=1 dependency is always insecure
- show "possibly insecure" if all are up to date but might be vulnerable

* Update status renderer

- more complete counts per project

* Format code

* Extend banner to explain what "maybe insecure" means
2021-09-05 09:51:10 +02:00
Tassilo Horn
50d81a7a79
Mention SourceHut support in README.md (#120)
This is an addendum to the now-merged PR #117 which actually implemented the
support.
2021-09-02 10:35:56 +01:00
Tassilo Horn
c99b0df891
Add support for projects hosted on sourcehut (sr.ht) (#117) 2021-08-31 20:38:38 +01:00
Eduardo Pinho
5b3fa9b0b2
Update dependencies crates-index and rustsec (#118) 2021-08-22 22:13:01 +01:00
Eduardo Pinho
b9445f4764
Clippy fix (#119) 2021-08-22 09:50:38 +02:00