Baserow is an open source no-code database tool and Airtable alternative

Overview

Baserow

Open source no-code database tool and Airtable alternative. Join our forum on https://community.baserow.io/ or on Gitter via https://gitter.im/bramw-baserow/community.

Warning: From version 0.8.0 to 1.4.1 of Baserow the docker-compose.yml included in the root of this repository has exposed an unsecured redis instance by default on the ip:port 0.0.0.0:6379. If you have been running a server which is accessible via the internet using this docker-compose.yml then it is possible this redis server has been exposed to the internet depending on your operating system, networking setup and firewall settings. Please update to the latest version of Baserow, 1.4.2 which no longer exposes the redis, db and mjml containers. Additionally, 1.4.2 only exposes the backend, web-frontend and media containers on localhost and not on 0.0.0.0. If you were previously relying on docker-compose.yml publicly exposing Baserow then please follow the Make Baserow publicly accessible section in the docker how to guide.

Deploy to Heroku Beta

We're hiring remote developers! More information at https://baserow.io/jobs/experienced-full-stack-developer.

Baserow screenshot

Introduction

Create own database without technical experience. Our user friendly no-code tool gives you the powers of a developer without leaving your browser.

  • Uses popular frameworks like Django and Nuxt.js.
  • Uses PostgreSQL.
  • Open source.
  • MIT license.
  • Self hosted.
  • Headless and API first.
  • Modular architecture.
  • Supports plugins.
  • Includes a plugin boilerplate.
  • Unlimited rows.
  • Runs in your browser.
  • Alternative to Airtable.

Self host

Try out Baserow on your machine

If you just want to try out Baserow, you can create an account on the SaaS version at https://baserow.io. Just click on the create account or register button at the homepage.

If you want to try out Baserow on your own computer, you can easily start a local environment via docker-compose. Just clone the repository, run the following commands and visit http://localhost:3000 in your browser.

$ git clone --branch master https://gitlab.com/bramw/baserow.git
$ cd baserow
$ docker-compose up 

More detailed instructions and more information about running baserow locally check here or at https://baserow.io/docs/guides/running-baserow-locally.

Development environment

If you want to contribute to Baserow you need to setup the development environment. Execute the following commands to start a development version of the baserow environment which has debug and hot re-loading features enabled.

$ git clone --branch master https://gitlab.com/bramw/baserow.git
$ cd baserow
$ docker-compose -f docker-compose.yml -f docker-compose.dev.yml up
$ # OR use our ./dev.sh script which also ensures your dev containers run as your user
$ ./dev.sh --build

The Baserow development environment is now running. Visit http://localhost:3000 in your browser and you should see a working version in development mode.

More detailed instructions and more information about the development environment can be found here or at https://baserow.io/docs/development/development-environment.

Plugin development

Because of the modular architecture of Baserow it is possible to create plugins. Make your own fields, views, applications, pages or endpoints. We also have a plugin boilerplate to get you started right away. More information can be found in the plugin introduction and in the plugin boilerplate docs.

Official documentation

The official documentation can be found on the website at https://baserow.io/docs/index or here inside the repository. The API docs can be found here at https://api.baserow.io/api/redoc/ or if you are looking for the OpenAPI schema here https://api.baserow.io/api/schema.json.

Become a sponsor

If you would like to get new features faster, then you might want to consider becoming a sponsor. By becoming a sponsor we can spend more time on Baserow which means faster development.

Become a GitHub Sponsor

Meta

Created by Baserow B.V. - [email protected].

Distributes under the MIT license. See LICENSE for more information.

Version: 1.7.1

The official repository can be found at https://gitlab.com/bramw/baserow.

The changelog can be found here.

Become a GitHub Sponsor here.

Community chat via https://gitter.im/bramw-baserow/community.

Comments
  • Network error  Could not connect to the API server.

    Network error Could not connect to the API server.

    This is what I get when I run the demo environment and try either to login or register, no errors in the docker window (did docker-compose -f docker-compose.demo.yml up so I can see eventual error messages).

    Tried both localhost:3000 and localip:3000 with same results.

    Any suggestions appreciated.

    Running on Ubuntu 20.04, Docker version 19.03.8.

    opened by airdogvan 4
  • Can't change demo docker ports without breaking API

    Can't change demo docker ports without breaking API

    Can't change ports without having the stack fail to communicate with one another. Suggest making it more user friendly. Most users have existing docker containers running on machine ... picking common ports like 3000 and 8000 is just a bad call.

    opened by doughnet 4
  • [Feature] integration with Appsmith

    [Feature] integration with Appsmith

    appsmith.com (source code) is to AppSheet what Baserow is to Airtable. (other no-code platforms are more used than AppSheet though)

    The team seems well organized and structured.

    Integrating Appsmith and Baserow may require some work on the API.

    opened by jibe-b 2
  • Bump loader-utils from 1.4.0 to 1.4.1 in /web-frontend

    Bump loader-utils from 1.4.0 to 1.4.1 in /web-frontend

    Bumps loader-utils from 1.4.0 to 1.4.1.

    Release notes

    Sourced from loader-utils's releases.

    v1.4.1

    1.4.1 (2022-11-07)

    Bug Fixes

    Changelog

    Sourced from loader-utils's changelog.

    1.4.1 (2022-11-07)

    Bug Fixes

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 1
  • Hidden form field

    Hidden form field

    I was wondering if there was a hidden or read-only form field option? I want to pass prefilled ids that shouldn't be changed.

    Btw, this is a great project! Thanks for creating it.

    opened by TriStarGod 1
  • Permission denied on backup

    Permission denied on backup

    Hi,

    I get a "permission denied" error while trying to backup my baserow instance through Docker.

    Commands :

    mkdir baserow_backups
    chown 9999:9999 baserow_backups
    docker-compose run -v ./baserow_backups:/baserow/backups backend manage backup_baserow -f /baserow/backups/backup.tar.gz
    

    Error :

    PermissionError: [Errno 13] Permission denied: '/baserow/backups/backup.tar.gz'
    

    Even with a chmod 777 it doesn't work.

    Do you have any idea ?

    Thanks,

    opened by flavienbwk 1
  • Bump parse-url from 6.0.0 to 6.0.2 in /web-frontend

    Bump parse-url from 6.0.0 to 6.0.2 in /web-frontend

    Bumps parse-url from 6.0.0 to 6.0.2.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 1
  • Bump twisted from 22.1 to 22.4.0 in /backend/requirements

    Bump twisted from 22.1 to 22.4.0 in /backend/requirements

    Bumps twisted from 22.1 to 22.4.0.

    Release notes

    Sourced from twisted's releases.

    Twisted 22.4.0 (2022-04-11)

    Features

    • twisted.python.failure.Failure tracebacks now capture module information, improving compatibility with the Raven Sentry client. (#7796)
    • twisted.python.failure.Failure objects are now compatible with dis.distb, improving compatibility with post-mortem debuggers. (#9599)

    Bugfixes

    • twisted.internet.interfaces.IReactorSSL.listenSSL now has correct type annotations. (#10274)
    • twisted.internet.test.test_glibbase.GlibReactorBaseTests now passes. (#10317)

    Conch

    Features

    
    - twisted.conch.ssh now supports using RSA keys with SHA-2 signatures (RFC 8332) when acting as a server.  The rsa-sha2-512 and rsa-sha2-256 public key signature algorithms are automatically preferred over ssh-rsa if the client advertises support for them; the actual public keys do not need to change. ([#9765](https://github.com/twisted/twisted/issues/9765))
    - twisted.conch.ssh now has an alternative Ed25519 implementation using PyNaCl, in order to support platforms that lack OpenSSL >= 1.1.1b.  The new "conch_nacl" extra has the necessary dependency. ([#10208](https://github.com/twisted/twisted/issues/10208))
    

    Misc

    
    -  ([#10313](https://github.com/twisted/twisted/issues/10313))
    

    Web

    Features </code></pre> <ul> <li>Twisted is now compatible with h2 4.x.x. (<a href="https://github-redirect.dependabot.com/twisted/twisted/issues/10182">#10182</a>)</li> </ul> <p>Bugfixes</p> <pre><code>

    • twisted.web.http had several several defects in HTTP request parsing that could permit HTTP request smuggling. It now disallows signed Content-Length headers, forbids illegal characters in chunked extensions, forbids a 0x prefix to chunk lengths, and only strips spaces and horizontal tab characters from header values. These changes address CVE-2022-24801 and GHSA-c2jg-hw38-jrqq. (#10323)

    Mail

    &lt;/tr&gt;&lt;/table&gt; </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary>

    <p><em>Sourced from <a href="https://github.com/twisted/twisted/blob/trunk/NEWS.rst">twisted's changelog</a>.</em></p> <blockquote> <h1>Twisted 22.4.0 (2022-04-11)</h1> <h2>Features</h2> <ul> <li>twisted.python.failure.Failure tracebacks now capture module information, improving compatibility with the Raven Sentry client. (<a href="https://github-redirect.dependabot.com/twisted/twisted/issues/7796">#7796</a>)</li> <li>twisted.python.failure.Failure objects are now compatible with dis.distb, improving compatibility with post-mortem debuggers. (<a href="https://github-redirect.dependabot.com/twisted/twisted/issues/9599">#9599</a>)</li> </ul> <h2>Bugfixes</h2> <ul> <li>twisted.internet.interfaces.IReactorSSL.listenSSL now has correct type annotations. (<a href="https://github-redirect.dependabot.com/twisted/twisted/issues/10274">#10274</a>)</li> <li>twisted.internet.test.test_glibbase.GlibReactorBaseTests now passes. (<a href="https://github-redirect.dependabot.com/twisted/twisted/issues/10317">#10317</a>)</li> </ul> <h2>Conch</h2> <p>Features</p> <pre><code>

    • twisted.conch.ssh now supports using RSA keys with SHA-2 signatures (RFC 8332) when acting as a server. The rsa-sha2-512 and rsa-sha2-256 public key signature algorithms are automatically preferred over ssh-rsa if the client advertises support for them; the actual public keys do not need to change. (#9765)
    • twisted.conch.ssh now has an alternative Ed25519 implementation using PyNaCl, in order to support platforms that lack OpenSSL &gt;= 1.1.1b. The new &quot;conch_nacl&quot; extra has the necessary dependency. (#10208)

    Misc

    Web

    Features

    • Twisted is now compatible with h2 4.x.x. (#10182)

    Bugfixes

    
    - twisted.web.http had several several defects in HTTP request parsing that could permit HTTP request smuggling. It now disallows signed Content-Length headers, forbids illegal characters in chunked extensions, forbids a ``0x`` prefix to chunk lengths, and only strips spaces and horizontal tab characters from header values. These changes address CVE-2022-24801 and GHSA-c2jg-hw38-jrqq. ([#10323](https://github.com/twisted/twisted/issues/10323))
    

    Mail

    </tr></table>

    ... (truncated)

    Commits
    • ed86633 Mark as misc.
    • c894617 Update format for release notes item.
    • 5c5c046 Revert coverage reporting changes.
    • 682f2c3 Manual fix the news.
    • dd98e9c python -m incremental.update Twisted --newversion 22.4.0
    • 3eabae5 Fix coverage reporting as codecov v1 was removed.
    • a265267 Update after review.
    • efac92c tox -e towncrier
    • 5ece2d4 python -m incremental.update Twisted --rc
    • 592217e Merge pull request from GHSA-c2jg-hw38-jrqq
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies python 
    opened by dependabot[bot] 1
  • Bump django from 3.2.12 to 3.2.13 in /backend/requirements

    Bump django from 3.2.12 to 3.2.13 in /backend/requirements

    Bumps django from 3.2.12 to 3.2.13.

    Commits
    • 08e6073 [3.2.x] Bumped version for 3.2.13 release.
    • 9e19acc [3.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against...
    • 2044dac [3.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), a...
    • bdb92db [3.2.x] Fixed #33628 -- Ignored directories with empty names in autoreloader ...
    • 70035fb [3.2.x] Added stub release notes for 3.2.13 and 2.2.28.
    • 7e7ea71 [3.2.x] Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+."
    • 610ecc9 [3.2.x] Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+.
    • 754af45 [3.2.x] Fixed typo in release notes.
    • 6f30916 [3.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive.
    • 1e6b555 [3.2.x] Post-release version bump.
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies python 
    opened by dependabot[bot] 1
  • Bump moment from 2.29.1 to 2.29.2 in /web-frontend

    Bump moment from 2.29.1 to 2.29.2 in /web-frontend

    Bumps moment from 2.29.1 to 2.29.2.

    Changelog

    Sourced from moment's changelog.

    2.29.2 See full changelog

    • Release Apr 3 2022

    Address https://github.com/advisories/GHSA-8hfj-j24r-96c4

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 1
  • Bump pillow from 9.0.0 to 9.0.1 in /backend/requirements

    Bump pillow from 9.0.0 to 9.0.1 in /backend/requirements

    Bumps pillow from 9.0.0 to 9.0.1.

    Release notes

    Sourced from pillow's releases.

    9.0.1

    https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html

    Changes

    • In show_file, use os.remove to remove temporary images. CVE-2022-24303 #6010 [@​radarhere, @​hugovk]
    • Restrict builtins within lambdas for ImageMath.eval. CVE-2022-22817 #6009 [radarhere]
    Changelog

    Sourced from pillow's changelog.

    9.0.1 (2022-02-03)

    • In show_file, use os.remove to remove temporary images. CVE-2022-24303 #6010 [radarhere, hugovk]

    • Restrict builtins within lambdas for ImageMath.eval. CVE-2022-22817 #6009 [radarhere]

    Commits
    • 6deac9e 9.0.1 version bump
    • c04d812 Update CHANGES.rst [ci skip]
    • 4fabec3 Added release notes for 9.0.1
    • 02affaa Added delay after opening image with xdg-open
    • ca0b585 Updated formatting
    • 427221e In show_file, use os.remove to remove temporary images
    • c930be0 Restrict builtins within lambdas for ImageMath.eval
    • 75b69dd Dont need to pin for GHA
    • cd938a7 Autolink CWE numbers with sphinx-issues
    • 2e9c461 Add CVE IDs
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies python 
    opened by dependabot[bot] 1
  • Webhook Self signed certificate

    Webhook Self signed certificate

    Hi guys,

    First of all, thank you for this awesome work !

    I'm running a self hosted Baserow using Docker (Image baserow/baserow). I have set BASEROW_WEBHOOKS_IP_WHITELIST to my IP whitelist to allow baserow to call webhook on private IP.

    The fact is the webhook is successfully called using http on my webhook handler. But when I use https, baserow tell me Server unreachable while testing the webhook from baserow front end.

    If I use my https webhook address on a browser it works by accepting self signed cert. If I use curl I get curl: (60) SSL certificate problem: self signed certificate

    So I think, the request library you use reject some self signed cert. I have tried to set PYTHONHTTPSVERIFY to 0 but I still have the trouble.

    Do you have any solution to allow baserow to test and call https webhook that is self signed please ?

    opened by djiworks 0
  • CVE-2007-4559 Patch

    CVE-2007-4559 Patch

    Patching CVE-2007-4559

    Hi, we are security researchers from the Advanced Research Center at Trellix. We have began a campaign to patch a widespread bug named CVE-2007-4559. CVE-2007-4559 is a 15 year old bug in the Python tarfile package. By using extract() or extractall() on a tarfile object without sanitizing input, a maliciously crafted .tar file could perform a directory path traversal attack. We found at least one unsantized extractall() in your codebase and are providing a patch for you via pull request. The patch essentially checks to see if all tarfile members will be extracted safely and throws an exception otherwise. We encourage you to use this patch or your own solution to secure against CVE-2007-4559. Further technical information about the vulnerability can be found in this blog.

    If you have further questions you may contact us through this projects lead researcher Kasimir Schulz.

    opened by TrellixVulnTeam 0
  • no celery password

    no celery password

    Tried following the instructions at: https://github.com/bram2w/baserow/blob/master/docs/installation/install-with-docker-compose.md, namely: cd ~/baserow git clone --depth=1 --branch master https://gitlab.com/bramw/baserow.git cd baserow cp .env.example .env Edit .env and set your own secure passwords for the 3 required variables at the top. gedit .env docker-compose up

    And this is the result:

    celery_1 | [2022-12-16 17:41:37,137: ERROR/MainProcess] consumer: Cannot connect to redis://:@redis:6379/0: WRONGPASS invalid username-password pair or user is disabled.. celery_1 | Trying again in 2.00 seconds... (1/100) celery_1 | celery-export-worker_1 | [2022-12-16 17:41:37,155: ERROR/MainProcess] consumer: Cannot connect to redis://:@redis:6379/0: WRONGPASS invalid username-password pair or user is disabled.. celery-export-worker_1 | Trying again in 2.00 seconds... (1/100)

    Tried to modify your docker-compose.no.caddy (I don't need caddy) with exactly the same results.

    Obviously I'm missing something. Any help appreciated.

    BTW I did read the instructions quite attentively (before and afterr) and still didn't find my answer.

    Again sorry if I missed something very obvious but it not for lack of trying to find it.

    opened by airdogvan 0
  • Bump decode-uri-component from 0.2.0 to 0.2.2 in /integrations/zapier

    Bump decode-uri-component from 0.2.0 to 0.2.2 in /integrations/zapier

    Bumps decode-uri-component from 0.2.0 to 0.2.2.

    Release notes

    Sourced from decode-uri-component's releases.

    v0.2.2

    • Prevent overwriting previously decoded tokens 980e0bf

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

    v0.2.1

    • Switch to GitHub workflows 76abc93
    • Fix issue where decode throws - fixes #6 746ca5d
    • Update license (#1) 486d7e2
    • Tidelift tasks a650457
    • Meta tweaks 66e1c28

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump decode-uri-component from 0.2.0 to 0.2.2 in /web-frontend

    Bump decode-uri-component from 0.2.0 to 0.2.2 in /web-frontend

    Bumps decode-uri-component from 0.2.0 to 0.2.2.

    Release notes

    Sourced from decode-uri-component's releases.

    v0.2.2

    • Prevent overwriting previously decoded tokens 980e0bf

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

    v0.2.1

    • Switch to GitHub workflows 76abc93
    • Fix issue where decode throws - fixes #6 746ca5d
    • Update license (#1) 486d7e2
    • Tidelift tasks a650457
    • Meta tweaks 66e1c28

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Calendar showing wrong date/day-of-week in Phillipines

    Calendar showing wrong date/day-of-week in Phillipines

    Hi, the Baserow calendar is showing Friday as Dec 1, 2022, when it should be Dec. 2. This is happening with our user in the Phillipines. In the US, it is correct.

    image

    opened by rsandler00 0
Owner
null
The JavaScript Database, for Node.js, nw.js, electron and the browser

The JavaScript Database Embedded persistent or in memory database for Node.js, nw.js, Electron and browsers, 100% JavaScript, no binary dependency. AP

Louis Chatriot 13.2k Jan 2, 2023
Create a database, insert data and easily select it with Sqlite

sqliteBasics create a database, insert data and easily select it with Sqlite Watch on YouTube a step by step tutorial explaining this code: https://yo

Mariya 27 Dec 27, 2022
MySQL database connector for Python (with Python 3 support)

mysqlclient This project is a fork of MySQLdb1. This project adds Python 3 support and fixed many bugs. PyPI: https://pypi.org/project/mysqlclient/ Gi

PyMySQL 2.2k Dec 25, 2022
PostgreSQL database access simplified

Queries: PostgreSQL Simplified Queries is a BSD licensed opinionated wrapper of the psycopg2 library for interacting with PostgreSQL. The popular psyc

Gavin M. Roy 251 Oct 25, 2022
A fast PostgreSQL Database Client Library for Python/asyncio.

asyncpg -- A fast PostgreSQL Database Client Library for Python/asyncio asyncpg is a database interface library designed specifically for PostgreSQL a

magicstack 5.8k Dec 31, 2022
aiopg is a library for accessing a PostgreSQL database from the asyncio

aiopg aiopg is a library for accessing a PostgreSQL database from the asyncio (PEP-3156/tulip) framework. It wraps asynchronous features of the Psycop

aio-libs 1.3k Jan 3, 2023
aiomysql is a library for accessing a MySQL database from the asyncio

aiomysql aiomysql is a "driver" for accessing a MySQL database from the asyncio (PEP-3156/tulip) framework. It depends on and reuses most parts of PyM

aio-libs 1.5k Jan 3, 2023
Async database support for Python. 🗄

Databases Databases gives you simple asyncio support for a range of databases. It allows you to make queries using the powerful SQLAlchemy Core expres

Encode 3.2k Dec 30, 2022
The Database Toolkit for Python

SQLAlchemy The Python SQL Toolkit and Object Relational Mapper Introduction SQLAlchemy is the Python SQL toolkit and Object Relational Mapper that giv

SQLAlchemy 6.5k Jan 1, 2023
MySQL database connector for Python (with Python 3 support)

mysqlclient This project is a fork of MySQLdb1. This project adds Python 3 support and fixed many bugs. PyPI: https://pypi.org/project/mysqlclient/ Gi

PyMySQL 2.2k Dec 25, 2022
Python interface to Oracle Database conforming to the Python DB API 2.0 specification.

cx_Oracle version 8.2 (Development) cx_Oracle is a Python extension module that enables access to Oracle Database. It conforms to the Python database

Oracle 841 Dec 21, 2022
A HugSQL-inspired database library for Python

PugSQL PugSQL is a simple Python interface for using parameterized SQL, in files. See pugsql.org for the documentation. To install: pip install pugsql

Dan McKinley 558 Dec 24, 2022
PostgreSQL database adapter for the Python programming language

psycopg2 - Python-PostgreSQL Database Adapter Psycopg is the most popular PostgreSQL database adapter for the Python programming language. Its main fe

The Psycopg Team 2.8k Jan 5, 2023
Query multiple mongoDB database collections easily

leakscoop Perform queries across multiple MongoDB databases and collections, where the field names and the field content structure in each database ma

bagel 5 Jun 24, 2021
A tiny python web application based on Flask to set, get, expire, delete keys of Redis database easily with direct link at the browser.

First Redis Python (CRUD) A tiny python web application based on Flask to set, get, expire, delete keys of Redis database easily with direct link at t

Max Base 9 Dec 24, 2022
Class to connect to XAMPP MySQL Database

MySQL-DB-Connection-Class Class to connect to XAMPP MySQL Database Basta fazer o download o mysql_connect.py e modificar os parâmetros que quiser. E d

Alexandre Pimentel 4 Jul 12, 2021
A Relational Database Management System for a miniature version of Twitter written in MySQL with CLI in python.

Mini-Twitter-Database This was done as a database design course project at Amirkabir university of technology. This is a relational database managemen

Ali 12 Nov 23, 2022
Database connection pooler for Python

Nimue Strange women lying in ponds distributing swords is no basis for a system of government! --Dennis, Peasant Nimue is a database connection pool f

null 1 Nov 9, 2021
Sample scripts to show extracting details directly from the AIQUM database

Sample scripts to show extracting details directly from the AIQUM database

null 1 Nov 19, 2021