Socorro is the Mozilla crash ingestion pipeline. It accepts and processes Breakpad-style crash reports. It provides analysis tools.

Mozilla Services

Last update: Dec 19, 2022

Related tags

Miscellaneous socorro

Overview

Socorro

Socorro is a Mozilla-centric ingestion pipeline and analysis tools for crash reports using the Breakpad libraries.

Support

This is a Mozilla-specific product. We do not currently have the capacity to support external users.

If you are looking to use Socorro for your product, maybe you want to consider this non-exhaustive list of alternatives:

run your own: electron/mini-breakpad-server
run your own: wk8/sentry_breakpad
hosted/on-premise: Backtrace, BugSplat

Code of Conduct

This project and repository is governed by Mozilla's code of conduct and etiquette guidelines. For more details please see the CODE_OF_CONDUCT.md file.

Installation

Documentation about installing Socorro is available on ReadTheDocs: https://socorro.readthedocs.io/

Releases

We use continuous development and we release often. See our list of releases:

https://github.com/mozilla-services/socorro/releases

Communication

We have a mailing list for Socorro users that you can join here: https://lists.mozilla.org/listinfo/tools-socorro

Please help each other.

Crash Stats engineers hang out in #breakpad:mozilla.org

Comments

fixes bug 1106992, 1145487, 1146984 - Centos7 major packaging / infra update
r? @phrawzty - I need to get figure out how to get this associated with bugs properly (it fixes several), so don't merge yet :) I think we should land them all together to minimize breaking external users - I think the docs aren't quite good enough yet in particular, but the following all WFM:

removes all config files except alembic and django local.py

local.py can go away when PR #2684 lands

adds systemd service files for all socorro services

provides working nginx sample configs

updates docs

splits socorro initial setup out to a /usr/bin/setup-socorro.sh

I've been testing this out on our AMI and it seems to work! Now that some of the "socorro lite" work has landed, you can run collection+processing without any additional services running, except for consul which is now required for all Socorro services:

sudo yum install consul envconsul consul agent -bootstrap-expect 1 -server -data-dir=./consul-data/

First you must onfigure collector to use WSGI rather than default built-in web.py server:

curl -X PUT -d 'socorro.webapi.servers.ApacheModWSGI' http://localhost:8500/v1/kv/socorro/collector/web_server__wsgi_server_class

(@twobraids we should really change the name of that config key to remove the ApacheMod part and just call it socorro.webapi.servers.WSGI)

Then just start the services:

sudo yum install socorro sudo systemctl start socorro-collector sudo systemctl start socorro-processor

This will store both raw and processed crashes to ~socorro/crashes, and will scan the filesystem rather than using a queue. Storing crashes to ES/S3/PG and enabling RabbitMQ are just a matter of setting the right keys/values in consul.

You should be able to submit crashes, and they should be processed successfully (both raw .json and .dump and processed .jsonz files are stored in ~socorro/crashes):

# from a Socorro checkout w/ activated virtualenv socorro submitter -u http://crash-reports/submit -s testcrash/raw

For a distributed setup we don't want to share a filesystem, so you'll need to turn RabbitMQ and S3 on via consul.

The webapp has more dependencies before it'll work:

sudo /usr/pgsql-9.3/bin/postgresql93-setup initdb # set local connections to "trust" vi /var/lib/pgsql/9.3/data/pg_hba.conf sudo systemctl start postgresql-9.3 sudo systemctl start elasticsearch sudo yum install memcached sudo systemctl start memcached

PG and ES need to be set up (NOTE this script assumes they are on localhost, it should fail gracefully if that's not the case. Also it's safe to re-run the script, it won't destroy anything already set up):

sudo setup-socorro.sh

# configure middleware to use WSGI rather than default built-in web.py server curl -X PUT -d 'socorro.webapi.servers.ApacheModWSGI' http://localhost:8500/v1/kv/socorro/middleware/web_server__wsgi_server_class

sudo systemctl start socorro-middleware sudo systemctl start socorro-webapp

The RPM drops nginx sample configs into /etc/nginx/conf.d that listen on the vhosts crash-reports (collector), crash-stats (webapp), and socorro-middleware (this one only listens on localhost since it's not safe, don't want anyone to accidentally expose it)

The webapp will give you 404s for the default WaterWolf unless you either use socorro setupdb's --fakedata option, or set up a new product via the admin UI per http://socorro.readthedocs.org/en/latest/configuring-socorro.html (maybe we should have the setup-socorro script do some/all of this?)
opened by rhelmer 26
fix bug 981079 and 1127924 - support stackwalker HTTP symbol fetch and caching
feedback? @peterbe @luser - this is what we have so far to handle cleanup in the processor.

I have the following qualms about it:

pyinotify module is only available for Linux, other platforms won't be able to pip/peep install -r requirements.txt anymore if we do this as-is

pyinotify has no tests of its own (it's basically just a thin wrapper around Linux inotify, maybe doesn't matter?)

lars and I aren't sure how to adequately test it (maybe doesn't matter per point 2)

Since the class itself can be optional, if we can figure out a workaround for point 1 then I think we can take this as-is. Any thoughts?
opened by rhelmer 20
Fix bug 1430860: Move destination config to python-based source.
This is a WIP I wanna put up for feedback before starting to polish it up. It does two things.

Changes the destination.storage_classes config value to destination.storage_namespaces. The old value was a list of classpaths that corresponded to numerically-based config namespaces (i.e. the first class in the list was passed config values from destination.storage1, the second got destination.storage2, etc.).

The new config now takes a list of namespace names, e.g. postgres,s3,telemetry. Each name is a crash storage location, and the name itself is used to lookup the config, e.g. destination.postgres, destination.s3, etc. This helps make editing, renaming, and reordering storages way less error-prone.

Adds a new method for providing default config values. Any SocorroApp subclass can now define a class property config_module. It should be set to a string containing a python module (or class) path.

The module at the path specified will be imported and it's members will be used as configuration defaults. You can use DotDicts (and maybe any mapping? I haven't tested it yet.) to define nested config values. The end result is that any of the Socorro apps can define their own config defaults to replace get_application_defaults and docker/*.env files.

This PR focuses on the destination crash storage config mostly because it had nice properties for testing if this method worked. After landing this, we can gradually move config over to python modules, and eventually deprecate the other config methods.
opened by Osmose 19
Bug 1543097: Convert crash reporting from raven to sentry_sdk
Switch our crash reporting library from raven to sentry_sdk 0.7.14. This is a follow-on for PR #4912, which didn't avoid huge test diffs like I planned 😢.

Switching from Raven to Sentry SDK

The new SDK works best when initialized with sentry_sdk.init() near the start of execution.

In the webapp, this is done in webapp-django/crashstats/settings/base.py, and is very close to the documentation for Django integration.

For configman-based apps, setup_crash_reporting() is now called in the top-level App in socorro/app/socorro_app.py, in the run method. This allows dropping sentry.sdk handling from various derived apps.

The helper socorro/lib/sentry_client.py has a few changes:

The SDK uses a Hub to keep track of state, data scopes, and the client, and init sets up a global Hub that is used by default. The function get_client, which initialized a raven client with a DSN, is replaced by get_hub, which expected sentry_sdk.init() has been called, and does much less, but is still a good point for test mocking.

A new function is_enabled checks if sentry_sdk.init() has been run with a valid DSN. Tests mock this to return True rather than initialize with a fake DSN.

The function capture_error drops sentry_dsnn as the first argument. It uses is_enabled to decide whether to send the exception to Sentry or log it.

The SDK methods have also changed from raven to sentry_sdk. captureException is capture_exception and takes a named parameter error, captureMessage is capture_message, etc.

Filtering sensitive data from events

The previous Raven filters, added in PR #4357, sanitized the Sentry events. Similar filtering is a requirement for switching to the new code. However, it is hard to verify the filtering implementation because there are no tests for the existing filtering (it is assumed Raven has those tests), the event format has changed significantly with the new SDK (apparently to standardize events across languages), and some collected data varies from development to deployment environments. This PR makes an effort to replicate the Raven filters, and I expect that there will be some additional filtering needed once we see events in the stage deployment environment.

In sentry_sdk, a lot of sensitive data collection is covered by the init parameter send_default_pii. It is disabled by default, and when enabled it selectively adds data:

In the Django integration, it sends user data like an ID, email and username.

The wsgi integration, included in the Django integration, includes the user's IP address, headers with IP address info, and headers for cookies or auth. It will collect cookies for easier display.

None of the default integrations, which are used by processor and other configman-based tools, vary on send_default_pii.

This PR explicitly sets send_default_pii=False, so future devs will know we decided to omit this data rather than unknowingly accepted the default. Skipping cookies does the same work as the Raven filters for keywords sessionid, csrftoken, anoncsrf, and sc.

The SanitizePasswordProcessor added some other keys that look like authorization data, such as password and api_key. Additional code is needed to filter similar data with sentry_sdk, which take a init param before_send to filter events and breadcrumbs.

When analyzing events in the development environment, only the web app appeared to have PII associated with the visitor, so the processing code lives in the web app. This PR adds a SentryProcessor class that runs a sequence of filters against an event, and includes some optional debug logging for development. The code could be trivially expanded to sanitize events from the processor app, or to sanitize breadcrumbs (data gathered during execution that may be useful if an exception occurs).

The current filters are:

Filter SQL query breadcrumbs that include a sensitive column, such as email, username, session_key or tokens_token.key, to avoid exposing PII or security data.

Mask Auth-Token in HTTP headers

Mask csrfmiddlewaretoken in POST data

Mask code and state, used in the OAuth flow, from query strings

Future work

I was unable to get enough data in the development environment to write some planned filters. I hope to return to these with data from stage or production:

Masking sensitive variables in call stacks (none found in dev)

Masking sensitive environment from gunicorn breadcrumbs (not recorded in dev, may be Raven-specific)

This code should be merged at a time when we'll have a couple of working days to gather data in stage and create new filters as needed.

Testing this PR

For my local testing, I added these to my.env:

SENTRY_DSN=https://[email protected]/0 SENTRY_DEBUG=True resource.sentry.debug=True

The SENTRY_DSN could be set to send development events to our Sentry collector for stage, which was done in testing for PR #4357, but I found the Sentry debug logging to be sufficient for development of the code.
No rush Do not merge
opened by jwhitlock 18
Fixes bug 1266827: Add keybuilder class to s3 crash storage [DO NOT MERGE]

This breaks out key building into a separate class allowing us to specify which keybuilder class to use.

It also creates a new DatePrefixKeyBuilder which will pull the date portion off the end of a raw_crash ooid and add that to the s3 pseudo-filename before the ooid. This new pseudo-filename form lets us list all the crashes that came in on a specific date.

Further, it does this in a backwards compatible way by changing build_key() to build_keys() which returns a list of keys to try in order of "goodness". That way .fetch() can try the keys in order until it finds the object in question.

r?

opened by willkg 17
Add Mozilla Code of Conduct
As of January 1 2019, Mozilla requires that all GitHub projects include this CODE_OF_CONDUCT.md file in the project root. The file has two parts:

Required Text - All text under the headings Community Participation Guidelines and How to Report, are required, and should not be altered.

Optional Text - The Project Specific Etiquette heading provides a space to speak more specifically about ways people can work effectively and inclusively together. Some examples of those can be found on the Firefox Debugger project, and Common Voice. (The optional part is commented out in the raw template file, and will not be visible until you modify and uncomment that part.)

If you have any questions about this file, or Code of Conduct policies and procedures, please reach out to [email protected].

(Message COC002)
opened by Mozilla-GitHub-Standards 15
Move e2e tests into Socorro's project repo
Initial move of the end-to-end functional tests out of QA's repo and into the project repo.

-- Oct 10 -- Adding a few more requirements - thanks @peterbe for the meeting today -

Let's merge this once the tests pass or skip

[x] the tests that depend on personatestuser.org (needs a skip)

[x] the tests that facet on "date" and now times out (needs a fix)

[x] the SeaMonkey "lack of data" test (needs a fix)

[x] insure tests pass on our adhoc staging instace - http://webqa-ci-staging1.qa.scl3.mozilla.com:8080/job/socorro.adhoc/

Major
opened by m8ttyB 15
fixes bug 1085530 - store uploaded symbols to S3

@rhelmer r? cc @twobraids

So basically, we stop storing the uploaded file. Instead, we immediately unpack it and send it straight into S3. All within one big request.

opened by peterbe 15
Bug 1457104 [e2e-tests] Use generated Pipfile to install webapp-Selenium WebDriver test dependencies

Passing ad-hoc build against production, here: https://qa-preprod-master.fxtest.jenkins.stage.mozaws.net/job/socorro.adhoc/208/console

@davehunt @willkg @chartjes r?

opened by stephendonner 14
Fixes bug 1293694 - Merged simple and advanced Super Search forms.

Oww man, I'm sorry @peterbe, I have done a lot of refactoring in the search.js file. Pretty much all of the file has changed or moved around. Maybe you want to review it as if it were a brand new file?

opened by adngdb 14
fixes bug 785430 - Add a service to add new products

@rhelmer r?

This basically just does what the documentation says to do except it makes it possible to kick this off from the middleware.

Once this has been done and you think it's good, I'll add it to the webapp and its admin UI.

opened by peterbe 14
Bump python from 3.9.12-slim to 3.11.1-slim in /docker
Bumps python from 3.9.12-slim to 3.11.1-slim.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Do not merge dependencies docker
opened by dependabot[bot] 0
Bump qs from 6.9.4 to 6.9.7 in /webapp-django
Bumps qs from 6.9.4 to 6.9.7.

Changelog

Sourced from qs's changelog.

6.9.7

[Fix] parse: ignore __proto__ keys (#428)

[Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)

[Robustness] stringify: avoid relying on a global undefined (#427)

[readme] remove travis badge; add github actions/codecov badges; update URLs

[Docs] add note and links for coercing primitive values (#408)

[Tests] clean up stringify tests slightly

[meta] fix README.md (#399)

Revert "[meta] ignore eclint transitive audit warning"

[actions] backport actions from main

[Dev Deps] backport updates from main

6.9.6

[Fix] restore dist dir; mistakenly removed in d4f6c32

6.9.5

[Fix] stringify: do not encode parens for RFC1738

[Fix] stringify: fix arrayFormat comma with empty array/objects (#350)

[Refactor] format: remove util.assign call

[meta] add "Allow Edits" workflow; update rebase workflow

[actions] switch Automatic Rebase workflow to pull_request_target event

[Tests] stringify: add tests for #378

[Tests] migrate tests to Github Actions

[Tests] run nyc on all tests; use tape runner

[Dev Deps] update eslint, @ljharb/eslint-config, browserify, mkdirp, object-inspect, tape; add aud

Commits

4cd0032 v6.9.7

e799ba5 [Fix] parse: ignore __proto__ keys (#428)

02ca358 [Robustness] stringify: avoid relying on a global undefined (#427)

4a17709 [Fix] stringify: avoid encoding arrayformat comma when `encodeValuesOnly = ...

c0e13e9 [readme] remove travis badge; add github actions/codecov badges; update URLs

4113a5f [Tests] clean up stringify tests slightly

749a584 [Docs] add note and links for coercing primitive values (#408)

cce2082 [meta] fix README.md (#399)

c44f0c5 Revert "[meta] ignore eclint transitive audit warning"

e6cfd8b [actions] backport actions from main

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Do not merge dependencies javascript
opened by dependabot[bot] 0
Bump minimatch from 3.0.4 to 3.1.2 in /webapp-django
Bumps minimatch from 3.0.4 to 3.1.2.

Commits

699c459 3.1.2

2f2b5ff fix: trim pattern

25d7c0d 3.1.1

55dda29 fix: treat nocase:true as always having magic

5e1fb8d 3.1.0

f8145c5 Add 'allowWindowsEscape' option

570e8b1 add publishConfig for v3 publishes

5b7cd33 3.0.6

20b4b56 [fix] revert all breaking syntax changes

2ff0388 document, expose, and test 'partial:true' option

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Do not merge dependencies javascript
opened by dependabot[bot] 0
Bump sphinx from 4.4.0 to 5.3.0
Bumps sphinx from 4.4.0 to 5.3.0.

Release notes

Sourced from sphinx's releases.

v5.3.0

Changelog: https://www.sphinx-doc.org/en/master/changes.html

v5.2.3

Changelog: https://www.sphinx-doc.org/en/master/changes.html

v5.2.2

Changelog: https://www.sphinx-doc.org/en/master/changes.html

v5.2.1

Changelog: https://www.sphinx-doc.org/en/master/changes.html

v5.2.0

Changelog: https://www.sphinx-doc.org/en/master/changes.html

v5.1.1

Changelog: https://www.sphinx-doc.org/en/master/changes.html

v5.1.0

Changelog: https://www.sphinx-doc.org/en/master/changes.html

v5.0.2

Changelog: https://www.sphinx-doc.org/en/master/changes.html

v5.0.1

Changelog: https://www.sphinx-doc.org/en/master/changes.html

v5.0.0

No release notes provided.

v5.0.0b1

Changelog: https://www.sphinx-doc.org/en/master/changes.html

v4.5.0

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Changelog

Sourced from sphinx's changelog.

Release 5.3.0 (released Oct 16, 2022)

#10759: LaTeX: add :confval:latex_table_style and support the 'booktabs', 'borderless', and 'colorrows' styles. (thanks to Stefan Wiehler for initial pull requests #6666, #6671)

#10840: One can cross-reference including an option value like :option:`--module=foobar```, :option:--module[=foobar]``` or ``:option:--module foobar```. Patch by Martin Liska.

#10881: autosectionlabel: Record the generated section label to the debug log.

#10268: Correctly URI-escape image filenames.

#10887: domains: Allow sections in all the content of all object description directives (e.g. :rst:dir:py:function). Patch by Adam Turner

Release 5.2.3 (released Sep 30, 2022)

#10878: Fix base64 image embedding in sphinx.ext.imgmath

#10886: Add :nocontentsentry: flag and global domain table of contents entry control option. Patch by Adam Turner

Release 5.2.2 (released Sep 27, 2022)

#10872: Restore link targets for autodoc modules to the top of content. Patch by Dominic Davis-Foster.

Release 5.2.1 (released Sep 25, 2022)

Bugs fixed

#10861: Always normalise the pycon3 lexer to pycon.

Fix using sphinx.ext.autosummary with modules containing titles in the module-level docstring.

Release 5.2.0.post0 (released Sep 24, 2022)

Recreated source tarballs for Debian maintainers.

Release 5.2.0 (released Sep 24, 2022)

Dependencies

#10356: Sphinx now uses declarative metadata with pyproject.toml to create packages, using PyPA's flit project as a build backend. Patch by

... (truncated)

Commits

c1f2a52 Bump to 5.3.0 final

10db540 Allow sections in object description directives (#10919)

0fd4539 Simplify bug report template

b58eb61 Update all GitHub actions workflows to Ubuntu latest

3e04952 Add sphinx-build --bug-report

fa6d425 URI-escape image filenames (#10268)

e008e16 Revert "Fix detection for out of date files (#9360)" (#10908)

cef1a03 Update image for LaTeX job (#10916)

b5ba1ed s/5.2.0/5.3.0 in various code comments as #10759 got merged in 5.3.0

3deb527 Update CHANGES for PR #10759

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Do not merge dependencies python
opened by dependabot[bot] 0
Bump d3-color, d3 and metrics-graphics in /webapp-django
Bumps d3-color to 3.1.0 and updates ancestor dependencies d3-color, d3 and metrics-graphics. These dependencies need to be updated together.

Updates d3-color from 1.0.3 to 3.1.0

Release notes

Sourced from d3-color's releases.

v3.1.0

Add rgb.clamp and hsl.clamp. #102

Add color.formatHex8. #103

Fix color.formatHsl to clamp values to the expected range. #83

Fix catastrophic backtracking when parsing colors. #89 #97 #99 #100 SNYK-JS-D3COLOR-1076592

v3.0.1

Make build reproducible.

v3.0.0

Adopt type: module.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

v2.0.0

This release adopts ES2015 language features such as for-of and drops support for older browsers, including IE. If you need to support pre-ES2015 environments, you should stick with d3-color 1.x or use a transpiler.

v1.4.1

Fix parsing of 4- and 8-digit hexadecimal transparent colors. #52

v1.4.0

Add support for parsing 4- and 8-digit hexadecimal colors. #60 Thanks, @zerovox!

Add sideEffects: false to the package.json.

v1.3.0

Add color.copy.

Add color.formatHex.

Add color.formatHsl.

Add color.formatRgb.

Deprecate color.hex; use color.formatHex instead.

v1.2.8

Revert chroma clamping in hcl.toString. (#33)

v1.2.7

Account for rounding when determining whether a color is displayable.

v1.2.6

Implement chroma clamping in hcl.toString. (#33)

Fix achromatic representation of white in HCL colorspace (again).

v1.2.5

Fix achromatic representation of white in HCL colorspace.

v1.2.4

Fix achromatic representation of black and white in HCL colorspace.

v1.2.3

Housekeeping.

... (truncated)

Commits

7a1573e 3.1.0

75c19c4 update LICENSE

ef94e01 update dependencies

5e9f757 method shorthand

e4bc34e formatHex8 (#103)

ac660c6 {rgb,hsl}.clamp() (#102)

70e3a04 clamp HSL format (#101)

994d8fd avoid backtracking (#100)

7d61bbe 3.0.1

93bc4ff related d3/d33; extract copyrights from LICENSE

Additional commits viewable in compare view

Updates d3 from 5.1.0 to 7.6.1

Release notes

Sourced from d3's releases.

v7.6.1

density.bandwidth now supports fractional (non-integer) values.

v7.6.0

Add d3.blur.

Add d3.blur2.

Add d3.blurImage.

Add d3.medianIndex.

Add d3.quantileIndex.

v7.5.0

Add density.contours.

v7.4.5

Fix the interpretation of an array of numbers passed to density.thresholds.

v7.4.4

Fix incorrect behavior of d3.bisector when given an asymmetric comparator.

v7.4.3

Fix crash in d3.bin. Thanks, @weiglemc!

v7.4.2

Fix off-by-one bin assignment due to rounding error in d3.bin.

v7.4.1

Significantly improve the performance of d3.bin.

Fix the implementation of d3.thresholdScott.

d3.pack and d3.packEnclose are now fully deterministic.

d3.pack and d3.packEnclose now handle certain floating point errors better.

v7.4.0

Add rgb.clamp and hsl.clamp.

Add color.formatHex8.

Fix color.formatHsl to clamp values to the expected range.

Fix catastrophic backtracking when parsing colors. SNYK-JS-D3COLOR-1076592

v7.3.0

Add d3.symbolsStroke. Thanks, @hemanrobinson!

Add d3.symbolsFill, replacing (deprecating) d3.symbols.

Add d3.symbolAsterisk.

Add d3.symbolDiamond2.

Add d3.symbolPlus.

Add d3.symbolSquare2.

Add d3.symbolTriangle2.

Add d3.symbolX.

Add d3.link.

v7.2.1

Fix stratify.path when the top-level directory is only a single character.

... (truncated)

Commits

19302a5 7.6.1

c1c2c0b d3-contour 4.0.0

795f203 7.6.0

22f1dc7 d3-array 3.2.0

d618835 7.5.0

d9f58e1 d3-contour 3.1.0

6d70571 7.4.5

7e9eba3 d3-contour 3.0.2

2f256d9 7.4.4

8ff8c81 d3-array 3.1.6

Additional commits viewable in compare view

Updates metrics-graphics from 2.15.6 to 3.0.0-beta1

Release notes

Sourced from metrics-graphics's releases.

v3 Beta 1

This is the first beta release of the new v3.

Docs are on https://metricsgraphics.github.io/metrics-graphics/, but no real API docs exist as of now. Stay tuned.

Commits

d8a3b2e note to self - dont set defaults in constructors

6c3a071 add source map analysis

cdee6cb remove dead stuff

beead4c remove obsolete rollup config

ff5d5a3 switch to HashRouter

a1c0ece custom build command because of custom baseURL in GitHub Pages

654172b hotfix: beta1

c7f6434 prepare v3 beta release

17da93e dont run linting on gh-pages branch

b82272f set up github pages deploy

Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jens-ox, a new releaser for metrics-graphics since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Do not merge dependencies javascript
opened by dependabot[bot] 0
Bump jquery-ui from 1.13.0 to 1.13.2 in /webapp-django
Bumps jquery-ui from 1.13.0 to 1.13.2.

Release notes

Sourced from jquery-ui's releases.

jQuery UI 1.13.2 Released!

https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/

jQuery UI 1.13.1 Released!

https://blog.jqueryui.com/2022/01/jquery-ui-1-13-1-released/

Commits

d6c028c 1.13.2

8cc5bae Checkboxradio: Don't re-evaluate text labels as HTML

b53e7be All: Remove deprecated .click() usage in demos/tests

bb00536 Build: Update AUTHORS.txt

9d1fc97 Datepicker: Capitalize some Indonesian words

1f467ba Selectmenu: Remove a call to the deprecated .focus() method

ac1866f Build: Update AUTHORS.txt

395aa7d Datepicker: Add missing localization for prevText and nextText

218c6af Datepicker: Remove symbols in localization

3126e12 Datepicker: Remove symbols in localization

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Do not merge dependencies javascript
opened by dependabot[bot] 0