volunteer-database

Overview

This is the official CSM (Crowd source medical) database

Python CI Node.js CI

The What Now?

We created this in light of the COVID-19 pandemic to allow volunteers to work together in tackling the shortage of ventilator equipments.

We're just getting started so the documentation may still be lacking. Feel free to point out any issues in our Discord channel.

Communication

General

Discord: https://discord.gg/8dGbA5G

Ticketing

Frontend: https://trello.com/b/4EqWn2Pt/csm-frontend

Backend: https://trello.com/b/plYXa1AI/csm-backend

UI/UX: https://trello.com/b/ZmElMiHV/cms-ui-ux-mockups

DevOps: https://trello.com/b/ggGTsmr8/csm-devops

Onboarding and Team Assignments: https://trello.com/b/lcE3lFLO/csm-onboarding-and-team-assignment

The Tech Stack

Backend: FastAPI, PostgreSQL

Frontend: React, Material UI, Cypress (for E2E-testing)

Environment: Docker, Docker Compose

Project Setup

Installing Docker

Run the following commands

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

Find instructions to install docker-compose here: https://docs.docker.com/compose/install/

Running the Project

Run the following commands

docker-compose build
docker-compose up -d # The flag -d leaves the process in the background. Feel free to omit it.

The frontend is now be accessible at localhost:3001. The backend is now accessible at localhost:8000.

The backend might crash the first time, this is because a bug in the db image. Simply run docker-compose up (-d) again and it should work.

Populating the database

Once the database is setup we will be providing a database dump with some users etc in it. To update the database simply run

./restore-database base.pgdump

Incase you want to make a snapshot of your db to share run the following

./dump-database

How to Contribute

General

  • Branch names are encouraged to use the following format: <username>/<feature>
  • PRs are recommended to be reviewed by at least one person
  • If you find an issue without a Trello card, feel free to add it. It is encouraged to write an informative description about the issue so that basically anyone could start working on it.

Contributing to the Frontend Development

Frontend tasks can be found here: https://trello.com/b/4EqWn2Pt/csm-frontend.

  1. Pull Frontend/Staging
  2. git checkout -b <username>/<feature>
  3. Write a new Trello card or take an existing one, assign yourself into it, and move it to the "In Development" column
  4. Code like never before, pour your heart into it, communicate with people, have fun
  5. git push -u origin <username>/<feature>
  6. Open a PR against Frontend/Staging and request at least one reviewer.
    • PR description should mention relevant information about dependencies, blockers, etc...
  7. Add a link to the PR in the Trello card, and move it to the "Ready for Review" column
  8. Enjoy

If you don't have a permission to push, you can either request it from the Discord channel, or fork the project and open a PR with your changes in it.

Contributing to the Backend Development

WIP

Issues
  • Adding ESlint code formatting

    Adding ESlint code formatting

    Adding AirBnb ESlint formatting to dev dependencies

    1. Go to this branch

    2. npm i (maybe need to remove the /node_modules folder as there is lots of mess in there)

    3. eslint src/path/to/file or to auto fix problems then run eslint src/path/to/file --fix

    4. If using VSCode, then enable the ESlint extension

    Also node_modules/package_lock.json is a mess - so I reinstalled them.

    opened by IVIURRAY 6
  • Login Form Dialog

    Login Form Dialog

    • Removed /login from route in App.js
    • Moved Login form into its own component
    • Removed login.js from /pages
    • Added google/fb icons
    • Modified LoginForm component to match mockup

    Link to Trello Card: https://trello.com/c/hXKHBAXu

    Any thoughts? I had a bit of trouble trying to get the login form to span out properly within the dialog box, resorted to using widths and maxWidth properties for the elements.

    If needed I can move the dialog to be its own component in case we want to link it in other places and not just in the navbar component. Also, the constants/navigation.js is still unchanged and has /login in there.

    opened by bchehraz 4
  • Convert newproject.js to use hooks

    Convert newproject.js to use hooks

    So we're able to use hooks wherever we want.

    This PR doesn't add or remove any functionality, it just converts the class component into a functional component to use more idiomatic React.

    opened by sean-clayton 3
  • add project and skill models

    add project and skill models

    opened by Bizzaro 3
  • Added Footer and PaddingTop

    Added Footer and PaddingTop

    • Added the Footer on the site
    • Added PaddingTop to give it a "breathing" room, so it won't collapse on other pages.
    opened by KoichaDev 3
  • Adding skill endpoints.

    Adding skill endpoints.

    Resolves the card for: https://trello.com/c/bvLwxS7N/29-add-crud-routes-for-skill-model

    opened by mcteo 2
  • Move to CircleCI

    Move to CircleCI

    To facilitate this, a repo admin will need to go to https://circleci.com/vcs-authorize/, log in with GitHub, go to "Add Projects", and enable building this repo. Do not use one of the configs they supply; merge this PR to use the config I've put together.

    opened by Celeo 2
  • Update backend.yml

    Update backend.yml

    This adds an environment variable that's required for the action to pass. Puts it in alignment with how the tests are ran locally.

    opened by Celeo 2
  • Tohhongxiang123/fix nav

    Tohhongxiang123/fix nav

    Fix scrollbar extending past content

    Future pages should not need to worry about taking into account navbar height. All pages will be pushed down below navbar

    opened by tohhongxiang123 2
  • Bump url-parse from 1.4.7 to 1.5.3 in /frontend

    Bump url-parse from 1.4.7 to 1.5.3 in /frontend

    Bumps url-parse from 1.4.7 to 1.5.3.

    Commits
    • ad44493 [dist] 1.5.3
    • c798461 [fix] Fix host parsing for file URLs (#210)
    • 201034b [dist] 1.5.2
    • 2d9ac2c [fix] Sanitize only special URLs (#209)
    • fb128af [fix] Use 'null' as origin for non special URLs
    • fed6d9e [fix] Add a leading slash only if the URL is special
    • 94872e7 [fix] Do not incorrectly set the slashes property to true
    • 81ab967 [fix] Ignore slashes after the protocol for special URLs
    • ee22050 [ci] Use GitHub Actions
    • d2979b5 [fix] Special case the file: protocol (#204)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump tmpl from 1.0.4 to 1.0.5 in /frontend

    Bump tmpl from 1.0.4 to 1.0.5 in /frontend

    Bumps tmpl from 1.0.4 to 1.0.5.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump path-parse from 1.0.6 to 1.0.7 in /frontend

    Bump path-parse from 1.0.6 to 1.0.7 in /frontend

    Bumps path-parse from 1.0.6 to 1.0.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump websockets from 8.1 to 9.1 in /backend

    Bump websockets from 8.1 to 9.1 in /backend

    Bumps websockets from 8.1 to 9.1.

    Changelog

    Sourced from websockets's changelog.

    9.1 ...

    May 27, 2021

    .. note::

    **Version 9.1 fixes a security issue introduced in version 8.0.**
    

    Version 8.0 was vulnerable to timing attacks on HTTP Basic Auth passwords.

    9.0.2 .....

    May 15, 2021

    • Restored compatibility of python -m websockets with Python < 3.9.

    • Restored compatibility with mypy.

    9.0.1 .....

    May 2, 2021

    • Fixed issues with the packaging of the 9.0 release.

    9.0 ...

    May 1, 2021

    .. note::

    **Version 9.0 moves or deprecates several APIs.**
    

    Aliases provide backwards compatibility for all previously public APIs.

    • :class:~datastructures.Headers and :exc:~datastructures.MultipleValuesError were moved from websockets.http to :mod:websockets.datastructures. If you're using them, you should adjust the import path.

    • The client, server, protocol, and auth modules were moved from the websockets package to websockets.legacy sub-package, as part of an upcoming refactoring. Despite the name, they're still fully supported. The refactoring should be a transparent upgrade for most uses when it's available. The legacy implementation will be preserved according to the backwards-compatibility policy_.

... (truncated)

Commits
  • d0f3288 Bump version number.
  • 547a26b Use constant-time comparison for passwords.
  • a14226a Bump version number.
  • 8900c13 Add mypy to dictionary.
  • 0713dbf Add test coverage.
  • b99c4fe Restore real imports for compatibility with mypy.
  • e44e085 Use relative imports everywhere, for consistency.
  • 70fadbf Restore compatibility with Python < 3.9.
  • 217ac2d Fix broken link.
  • fc176f4 Bump version number.
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies python 
opened by dependabot[bot] 0
  • Bump fastapi from 0.52.0 to 0.65.2 in /backend

    Bump fastapi from 0.52.0 to 0.65.2 in /backend

    Bumps fastapi from 0.52.0 to 0.65.2.

    Release notes

    Sourced from fastapi's releases.

    0.65.2

    Security fixes

    This change fixes a CSRF security vulnerability when using cookies for authentication in path operations with JSON payloads sent by browsers.

    In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if the content-type header sent was not set to application/json or a compatible JSON media type (e.g. application/geo+json).

    So, a request with a content type of text/plain containing JSON data would be accepted and the JSON data would be extracted.

    But requests with content type text/plain are exempt from CORS preflights, for being considered Simple requests. So, the browser would execute them right away including cookies, and the text content could be a JSON string that would be parsed and accepted by the FastAPI application.

    See CVE-2021-32677 for more details.

    Thanks to Dima Boger for the security report! 🙇🔒

    Internal

    0.65.1

    Security fixes

    0.65.0

    Breaking Changes - Upgrade

    • ⬆️ Upgrade Starlette to 0.14.2, including internal UJSONResponse migrated from Starlette. This includes several bug fixes and features from Starlette. PR #2335 by @​hanneskuettner.

    Translations

    Internal

    0.64.0

    Features

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies python 
    opened by dependabot[bot] 0
  • Bump merge-deep from 3.0.2 to 3.0.3 in /frontend

    Bump merge-deep from 3.0.2 to 3.0.3 in /frontend

    Bumps merge-deep from 3.0.2 to 3.0.3.

    Commits
    • 628ff47 3.0.3
    • cfbe20c run verb to generate README documentation
    • e370968 Merge pull request #17 from jonschlinkert/key-properties
    • 393e2cb adding a test to ensure using merge-deep for inheritance still works
    • c39b161 add test to ensure constructor is not cloned
    • 11e5dd5 add isValidKey function to ensure only valid keys are merged
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump urllib3 from 1.25.8 to 1.26.5 in /backend

    Bump urllib3 from 1.25.8 to 1.26.5 in /backend

    Bumps urllib3 from 1.25.8 to 1.26.5.

    Release notes

    Sourced from urllib3's releases.

    1.26.5

    :warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

    • Fixed deprecation warnings emitted in Python 3.10.
    • Updated vendored six library to 1.16.0.
    • Improved performance of URL parser when splitting the authority component.

    If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

    1.26.4

    :warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

    • Changed behavior of the default SSLContext when connecting to HTTPS proxy during HTTPS requests. The default SSLContext now sets check_hostname=True.

    If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

    1.26.3

    :warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

    • Fixed bytes and string comparison issue with headers (Pull #2141)

    • Changed ProxySchemeUnknown error message to be more actionable if the user supplies a proxy URL without a scheme (Pull #2107)

    If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

    1.26.2

    :warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

    • Fixed an issue where wrap_socket and CERT_REQUIRED wouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052)

    1.26.1

    :warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

    • Fixed an issue where two User-Agent headers would be sent if a User-Agent header key is passed as bytes (Pull #2047)

    1.26.0

    :warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

    • Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)

    • Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning should opt-in explicitly by setting ssl_version=ssl.PROTOCOL_TLSv1_1 (Pull #2002) Starting in urllib3 v2.0: Connections that receive a DeprecationWarning will fail

    • Deprecated Retry options Retry.DEFAULT_METHOD_WHITELIST, Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST and Retry(method_whitelist=...) in favor of Retry.DEFAULT_ALLOWED_METHODS, Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT, and Retry(allowed_methods=...) (Pull #2000) Starting in urllib3 v2.0: Deprecated options will be removed

    ... (truncated)

    Changelog

    Sourced from urllib3's changelog.

    1.26.5 (2021-05-26)

    • Fixed deprecation warnings emitted in Python 3.10.
    • Updated vendored six library to 1.16.0.
    • Improved performance of URL parser when splitting the authority component.

    1.26.4 (2021-03-15)

    • Changed behavior of the default SSLContext when connecting to HTTPS proxy during HTTPS requests. The default SSLContext now sets check_hostname=True.

    1.26.3 (2021-01-26)

    • Fixed bytes and string comparison issue with headers (Pull #2141)

    • Changed ProxySchemeUnknown error message to be more actionable if the user supplies a proxy URL without a scheme. (Pull #2107)

    1.26.2 (2020-11-12)

    • Fixed an issue where wrap_socket and CERT_REQUIRED wouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052)

    1.26.1 (2020-11-11)

    • Fixed an issue where two User-Agent headers would be sent if a User-Agent header key is passed as bytes (Pull #2047)

    1.26.0 (2020-11-10)

    • NOTE: urllib3 v2.0 will drop support for Python 2. Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>_.

    • Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)

    • Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning

    ... (truncated)

    Commits
    • d161647 Release 1.26.5
    • 2d4a3fe Improve performance of sub-authority splitting in URL
    • 2698537 Update vendored six to 1.16.0
    • 07bed79 Fix deprecation warnings for Python 3.10 ssl module
    • d725a9b Add Python 3.10 to GitHub Actions
    • 339ad34 Use pytest==6.2.4 on Python 3.10+
    • f271c9c Apply latest Black formatting
    • 1884878 [1.26] Properly proxy EOF on the SSLTransport test suite
    • a891304 Release 1.26.4
    • 8d65ea1 Merge pull request from GHSA-5phf-pp7p-vc2r
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies python 
    opened by dependabot[bot] 0
  • Bump dns-packet from 1.3.1 to 1.3.4 in /frontend

    Bump dns-packet from 1.3.1 to 1.3.4 in /frontend

    Bumps dns-packet from 1.3.1 to 1.3.4.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump pydantic from 1.4 to 1.6.2 in /backend

    Bump pydantic from 1.4 to 1.6.2 in /backend

    Bumps pydantic from 1.4 to 1.6.2.

    Release notes

    Sourced from pydantic's releases.

    v1.6.2 (2021-05-11)

    Security fix: Fix date and datetime parsing so passing either 'infinity' or float('inf') (or their negative values) does not cause an infinite loop, see security advisory CVE-2021-29510.

    v1.6.1 (2020-07-15)

    See Changelog.

    Thank you to pydantic's sponsors: @​matin, @​tiangolo, @​chdsbd, @​jorgecarleitao, and 1 anonymous sponsor for their kind support.

    changes:

    v1.6 (2020-07-11)

    See Changelog.

    Thank you to pydantic's sponsors: @​matin, @​tiangolo, @​chdsbd, @​jorgecarleitao, and 1 anonymous sponsor for their kind support.

    changes:

    • Modify validators for conlist and conset to not have always=True, #1682 by @​samuelcolvin
    • add port check to AnyUrl (can't exceed 65536) ports are 16 insigned bits: 0 <= port <= 2**16-1 src: rfc793 header format, #1654 by @​flapili
    • Document default regex anchoring semantics, #1648 by @​yurikhan
    • Use chain.from_iterable in class_validators.py. This is a faster and more idiomatic way of using itertools.chain. Instead of computing all the items in the iterable and storing them in memory, they are computed one-by-one and never stored as a huge list. This can save on both runtime and memory space, #1642 by @​cool-RR
    • Add conset(), analogous to conlist(), #1623 by @​patrickkwang
    • make pydantic errors (un)pickable, #1616 by @​PrettyWood
    • Allow custom encoding for dotenv files, #1615 by @​PrettyWood
    • Ensure SchemaExtraCallable is always defined to get type hints on BaseConfig, #1614 by @​PrettyWood
    • Update datetime parser to support negative timestamps, #1600 by @​mlbiche
    • Update mypy, remove AnyType alias for Type[Any], #1598 by @​samuelcolvin
    • Adjust handling of root validators so that errors are aggregated from all failing root validators, instead of reporting on only the first root validator to fail, #1586 by @​beezee
    • Make __modify_schema__ on Enums apply to the enum schema rather than fields that use the enum, #1581 by @​therefromhere
    • Fix behavior of __all__ key when used in conjunction with index keys in advanced include/exclude of fields that are sequences, #1579 by @​xspirus
    • Subclass validators do not run when referencing a List field defined in a parent class when each_item=True. Added an example to the docs illustrating this, #1566 by @​samueldeklund
    • change schema.field_class_to_schema to support frozenset in schema, #1557 by @​wangpeibao
    • Call __modify_schema__ only for the field schema, #1552 by @​PrettyWood
    • Move the assignment of field.validate_always in fields.py so the always parameter of validators work on inheritance, #1545 by @​dcHHH
    • Added support for UUID instantiation through 16 byte strings such as b'\x12\x34\x56\x78' * 4. This was done to support BINARY(16) columns in sqlalchemy, #1541 by @​shawnwall
    • Add a test assertion that default_factory can return a singleton, #1523 by @​therefromhere
    • Add NameEmail.__eq__ so duplicate NameEmail instances are evaluated as equal, #1514 by @​stephen-bunn
    • Add datamodel-code-generator link in pydantic document site, #1500 by @​koxudaxi
    • Added a "Discussion of Pydantic" section to the documentation, with a link to "Pydantic Introduction" video by Alexander Hultnér, #1499 by @​hultner
    • Avoid some side effects of default_factory by calling it only once if possible and by not setting a default value in the schema, #1491 by @​PrettyWood
    • Added docs about dumping dataclasses to JSON, #1487 by @​mikegrima
    • Make BaseModel.__signature__ class-only, so getting __signature__ from model instance will raise AttributeError, #1466 by @​MrMrRobat
    • include 'format': 'password' in the schema for secret types, #1424 by @​atheuz
    • Modify schema constraints on ConstrainedFloat so that exclusiveMinimum and minimum are not included in the schema if they are equal to -math.inf and exclusiveMaximum and maximum are not included if they are equal to math.inf, #1417 by @​vdwees
    • Squash internal __root__ dicts in .dict() (and, by extension, in .json()), #1414 by @​patrickkwang

    ... (truncated)

    Changelog

    Sourced from pydantic's changelog.

    v1.6.2 (2021-05-11)

    • Security fix: Fix date and datetime parsing so passing either 'infinity' or float('inf') (or their negative values) does not cause an infinite loop, See security advisory CVE-2021-29510

    v1.6.1 (2020-07-15)

    v1.6 (2020-07-11)

    Thank you to pydantic's sponsors: @​matin, @​tiangolo, @​chdsbd, @​jorgecarleitao, and 1 anonymous sponsor for their kind support.

    • Modify validators for conlist and conset to not have always=True, #1682 by @​samuelcolvin
    • add port check to AnyUrl (can't exceed 65536) ports are 16 insigned bits: 0 <= port <= 2**16-1 src: rfc793 header format, #1654 by @​flapili
    • Document default regex anchoring semantics, #1648 by @​yurikhan
    • Use chain.from_iterable in class_validators.py. This is a faster and more idiomatic way of using itertools.chain. Instead of computing all the items in the iterable and storing them in memory, they are computed one-by-one and never stored as a huge list. This can save on both runtime and memory space, #1642 by @​cool-RR
    • Add conset(), analogous to conlist(), #1623 by @​patrickkwang
    • make pydantic errors (un)pickable, #1616 by @​PrettyWood
    • Allow custom encoding for dotenv files, #1615 by @​PrettyWood
    • Ensure SchemaExtraCallable is always defined to get type hints on BaseConfig, #1614 by @​PrettyWood
    • Update datetime parser to support negative timestamps, #1600 by @​mlbiche
    • Update mypy, remove AnyType alias for Type[Any], #1598 by @​samuelcolvin
    • Adjust handling of root validators so that errors are aggregated from all failing root validators, instead of reporting on only the first root validator to fail, #1586 by @​beezee
    • Make __modify_schema__ on Enums apply to the enum schema rather than fields that use the enum, #1581 by @​therefromhere
    • Fix behavior of __all__ key when used in conjunction with index keys in advanced include/exclude of fields that are sequences, #1579 by @​xspirus
    • Subclass validators do not run when referencing a List field defined in a parent class when each_item=True. Added an example to the docs illustrating this, #1566 by @​samueldeklund
    • change schema.field_class_to_schema to support frozenset in schema, #1557 by @​wangpeibao
    • Call __modify_schema__ only for the field schema, #1552 by @​PrettyWood
    • Move the assignment of field.validate_always in fields.py so the always parameter of validators work on inheritance, #1545 by @​dcHHH
    • Added support for UUID instantiation through 16 byte strings such as b'\x12\x34\x56\x78' * 4. This was done to support BINARY(16) columns in sqlalchemy, #1541 by @​shawnwall
    • Add a test assertion that default_factory can return a singleton, #1523 by @​therefromhere
    • Add NameEmail.__eq__ so duplicate NameEmail instances are evaluated as equal, #1514 by @​stephen-bunn
    • Add datamodel-code-generator link in pydantic document site, #1500 by @​koxudaxi
    • Added a "Discussion of Pydantic" section to the documentation, with a link to "Pydantic Introduction" video by Alexander Hultnér, #1499 by @​hultner
    • Avoid some side effects of default_factory by calling it only once if possible and by not setting a default value in the schema, #1491 by @​PrettyWood
    • Added docs about dumping dataclasses to JSON, #1487 by @​mikegrima
    • Make BaseModel.__signature__ class-only, so getting __signature__ from model instance will raise AttributeError, #1466 by @​MrMrRobat
    • include 'format': 'password' in the schema for secret types, #1424 by @​atheuz
    • Modify schema constraints on ConstrainedFloat so that exclusiveMinimum and minimum are not included in the schema if they are equal to -math.inf and exclusiveMaximum and maximum are not included if they are equal to math.inf, #1417 by @​vdwees
    • Squash internal __root__ dicts in .dict() (and, by extension, in .json()), #1414 by @​patrickkwang
    • Move const validator to post-validators so it validates the parsed value, #1410 by @​selimb
    • Fix model validation to handle nested literals, e.g. Literal['foo', Literal['bar']], #1364 by @​DBCerigo
    • Remove user_required = True from RedisDsn, neither user nor password are required, #1275 by @​samuelcolvin

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies python 
    opened by dependabot[bot] 0
  • Bump hosted-git-info from 2.8.8 to 2.8.9 in /frontend

    Bump hosted-git-info from 2.8.8 to 2.8.9 in /frontend

    Bumps hosted-git-info from 2.8.8 to 2.8.9.

    Changelog

    Sourced from hosted-git-info's changelog.

    2.8.9 (2021-04-07)

    Bug Fixes

    Commits
    Maintainer changes

    This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Example of using FastAPI and MongoDB database.

    FastAPI Todo Application Example of using FastAPI and MangoDB database. ?? Prerequisites Python ⚙️ Build & Run The first thing to do is to clone the r

    Bobynets Ivan 1 Oct 29, 2021
    AWS Tags As A Database is a Python library using AWS Tags as a Key-Value database.

    AWS Tags As A Database is a Python library using AWS Tags as a Key-Value database. This database is completely free* ??

    Oren Leung 37 Sep 30, 2021
    TinyDB is a lightweight document oriented database optimized for your happiness :)

    Quick Links Example Code Supported Python Versions Documentation Changelog Extensions Contributing Introduction TinyDB is a lightweight document orien

    Markus Siemens 4.7k Nov 26, 2021
    Python object-oriented database

    ZODB, a Python object-oriented database ZODB provides an object-oriented database for Python that provides a high-degree of transparency. ZODB runs on

    Zope 504 Nov 20, 2021
    MySQL database connector for Python (with Python 3 support)

    mysqlclient This project is a fork of MySQLdb1. This project adds Python 3 support and fixed many bugs. PyPI: https://pypi.org/project/mysqlclient/ Gi

    PyMySQL 2k Nov 29, 2021
    PostgreSQL database access simplified

    Queries: PostgreSQL Simplified Queries is a BSD licensed opinionated wrapper of the psycopg2 library for interacting with PostgreSQL. The popular psyc

    Gavin M. Roy 237 Nov 23, 2021
    A python framework to transform natural language questions to queries in a database query language.

    __ _ _ _ ___ _ __ _ _ / _` | | | |/ _ \ '_ \| | | | | (_| | |_| | __/ |_) | |_| | \__, |\__,_|\___| .__/ \__, | |_| |_| |___/

    Machinalis 1.2k Nov 28, 2021
    A pure Python Database Abstraction Layer

    pyDAL pyDAL is a pure Python Database Abstraction Layer. It dynamically generates the SQL/noSQL in realtime using the specified dialect for the databa

    null 401 Nov 28, 2021
    Automatically generate a RESTful API service for your legacy database. No code required!

    sandman2 sandman2 documentation [ ~ Dependencies scanned by PyUp.io ~ ] sandman2 automagically generates a RESTful API service from your existing data

    Jeff Knupp 1.8k Nov 30, 2021
    Automatic SQL injection and database takeover tool

    sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

    sqlmapproject 21.7k Nov 26, 2021
    A fast PostgreSQL Database Client Library for Python/asyncio.

    asyncpg -- A fast PostgreSQL Database Client Library for Python/asyncio asyncpg is a database interface library designed specifically for PostgreSQL a

    magicstack 5.2k Dec 1, 2021
    aiopg is a library for accessing a PostgreSQL database from the asyncio

    aiopg aiopg is a library for accessing a PostgreSQL database from the asyncio (PEP-3156/tulip) framework. It wraps asynchronous features of the Psycop

    aio-libs 1.2k Nov 21, 2021
    aiomysql is a library for accessing a MySQL database from the asyncio

    aiomysql aiomysql is a "driver" for accessing a MySQL database from the asyncio (PEP-3156/tulip) framework. It depends on and reuses most parts of PyM

    aio-libs 1.4k Dec 2, 2021
    Async database support for Python. 🗄

    Databases Databases gives you simple asyncio support for a range of databases. It allows you to make queries using the powerful SQLAlchemy Core expres

    Encode 2.6k Nov 29, 2021
    A very simple asynchronous wrapper that allows you to get access to the Oracle database in asyncio programs.

    cx_Oracle_async A very simple asynchronous wrapper that allows you to get access to the Oracle database in asyncio programs. Easy to use , buy may not

    null 31 Nov 13, 2021
    Free and open source full-stack enterprise framework for agile development of secure database-driven web-based applications, written and programmable in Python.

    Readme web2py is a free open source full-stack framework for rapid development of fast, scalable, secure and portable database-driven web-based applic

    null 2k Dec 3, 2021
    Toolkit for Pyramid, a Pylons Project, to add Authentication and Authorization using Velruse (OAuth) and/or a local database, CSRF, ReCaptcha, Sessions, Flash messages and I18N

    Apex Authentication, Form Library, I18N/L10N, Flash Message Template (not associated with Pyramid, a Pylons project) Uses alchemy Authentication Authe

    null 95 Sep 13, 2020
    Awesome Django authorization, without the database

    rules rules is a tiny but powerful app providing object-level permissions to Django, without requiring a database. At its core, it is a generic framew

    null 1.4k Nov 27, 2021
    This is a database of 180.000+ symbols containing Equities, ETFs, Funds, Indices, Futures, Options, Currencies, Cryptocurrencies and Money Markets.

    Finance Database As a private investor, the sheer amount of information that can be found on the internet is rather daunting.

    Jeroen Bouma 885 Nov 25, 2021
    This is a simple graph database in SQLite, inspired by

    This is a simple graph database in SQLite, inspired by "SQLite as a document database".

    Denis Papathanasiou 894 Nov 25, 2021
    IMDbPY is a Python package useful to retrieve and manage the data of the IMDb movie database about movies, people, characters and companies

    IMDbPY is a Python package for retrieving and managing the data of the IMDb movie database about movies, people and companies. Revamp notice Starting

    Davide Alberani 900 Nov 30, 2021
    SQLAlchemy database migrations for Flask applications using Alembic

    Flask-Migrate Flask-Migrate is an extension that handles SQLAlchemy database migrations for Flask applications using Alembic. The database operations

    Miguel Grinberg 2k Nov 30, 2021
    Management commands to help backup and restore your project database and media files

    Django Database Backup This Django application provides management commands to help backup and restore your project database and media files with vari

    null 541 Dec 2, 2021
    Use Database URLs in your Django Application.

    DJ-Database-URL This simple Django utility allows you to utilize the 12factor inspired DATABASE_URL environment variable to configure your Django appl

    Jacob Kaplan-Moss 1.2k Dec 1, 2021
    pytz Python historical timezone library and database

    pytz Brings the IANA tz database into Python. This library allows accurate and cross platform timezone calculations. pytz contains generated code, and

    Stub 189 Nov 30, 2021
    The Database Toolkit for Python

    SQLAlchemy The Python SQL Toolkit and Object Relational Mapper Introduction SQLAlchemy is the Python SQL toolkit and Object Relational Mapper that giv

    SQLAlchemy 4.5k Nov 24, 2021
    MySQL database connector for Python (with Python 3 support)

    mysqlclient This project is a fork of MySQLdb1. This project adds Python 3 support and fixed many bugs. PyPI: https://pypi.org/project/mysqlclient/ Gi

    PyMySQL 2k Dec 2, 2021
    Python interface to Oracle Database conforming to the Python DB API 2.0 specification.

    cx_Oracle version 8.2 (Development) cx_Oracle is a Python extension module that enables access to Oracle Database. It conforms to the Python database

    Oracle 782 Dec 4, 2021