openfootprint, updated 🕥 2022-12-06 20:53:28

OpenFootprint

Open source software for managing ecological footprint, including carbon emissions.

Install

You must have Docker installed (https://docs.docker.com/install/). This is the only local dependency!

Then:

make local_setup make devserver

Once the server is running, you can access your brand new install from your browser: - http://localhost:8700/ to start creating your first project - http://localhost:8700/admin/ to log into the Django admin panel (username: admin, password: admin) - http://localhost:8700/api/ for the REST API reference

How to contribute

Understand the architecture

OpenFootprint has a few main components: - A Django app for the backend - A Vue.js frontend - Some default plugins. You can easily add your own!

Get in touch

Join us on Gitter!

Issues

Bump qs from 6.7.0 to 6.11.0 in /frontend

opened on 2022-12-06 20:53:28 by dependabot[bot]

Bumps qs from 6.7.0 to 6.11.0.

Changelog

Sourced from qs's changelog.

6.11.0

[New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#442)

[readme] fix version badge

6.10.5

[Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

6.10.4

[Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#441)

[meta] use npmignore to autogenerate an npmignore file

[Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

6.10.3

[Fix] parse: ignore __proto__ keys (#428)

[Robustness] stringify: avoid relying on a global undefined (#427)

[actions] reuse common workflows

[Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

6.10.2

[Fix] stringify: actually fix cyclic references (#426)

[Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)

[readme] remove travis badge; add github actions/codecov badges; update URLs

[Docs] add note and links for coercing primitive values (#408)

[actions] update codecov uploader

[actions] update workflows

[Tests] clean up stringify tests slightly

[Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

6.10.1

[Fix] stringify: avoid exception on repeated object values (#402)

6.10.0

[New] stringify: throw on cycles, instead of an infinite loop (#395, #394, #393)

[New] parse: add allowSparse option for collapsing arrays with missing indices (#312)

[meta] fix README.md (#399)

[meta] only run npm run dist in publish, not install

[Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape

[Tests] fix tests on node v0.6

[Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run

[Tests] Revert "[meta] ignore eclint transitive audit warning"

6.9.7

[Fix] parse: ignore __proto__ keys (#428)

[Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)

[Robustness] stringify: avoid relying on a global undefined (#427)

[readme] remove travis badge; add github actions/codecov badges; update URLs

[Docs] add note and links for coercing primitive values (#408)

[Tests] clean up stringify tests slightly

[meta] fix README.md (#399)

Revert "[meta] ignore eclint transitive audit warning"

... (truncated)

Commits

56763c1 v6.11.0
ddd3e29 [readme] fix version badge
c313472 [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option
95bc018 v6.10.5
0e903c0 [Fix] stringify: with arrayFormat: comma, properly include an explicit `[...
ba9703c v6.10.4
4e44019 [Fix] stringify: with arrayFormat: comma, include an explicit [] on a s...
113b990 [Dev Deps] update object-inspect
c77f38f [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, tape
2cf45b2 [meta] use npmignore to autogenerate an npmignore file
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfootprint/openfootprint/network/alerts).

Bump prismjs from 1.17.1 to 1.27.0 in /frontend

opened on 2022-02-26 01:40:32 by dependabot[bot]

Bumps prismjs from 1.17.1 to 1.27.0.

Release notes

Sourced from prismjs's releases.

v1.27.0

Release 1.27.0

v1.26.0

Release 1.26.0

v1.25.0

Release 1.25.0

v1.24.1

Release 1.24.1

v1.24.0

Release 1.24.0

v1.23.0

Release 1.23.0

v1.22.0

Release 1.22.0

v1.21.0

Release 1.21.0

v1.20.0

Release 1.20.0

v1.19.0

Release 1.19.0

v1.18.0

Release 1.18.0

Changelog

Sourced from prismjs's changelog.

1.27.0 (2022-02-17)

New components

UO Razor Script (#3309) 3f8cc5a0

Updated components

AutoIt

Allow hyphen in directive (#3308) bcb2e2c8

EditorConfig

Change alias of section from keyword to selector (#3305) e46501b9

Ini

Swap out header for section (#3304) deb3a97f

MongoDB

Added v5 support (#3297) 8458c41f

PureBasic

Added missing keyword and fixed constants ending with $ (#3320) d6c53726

Scala

Added support for interpolated strings (#3293) 441a1422

Systemd configuration file

Swap out operator for punctuation (#3306) 2eb89e15

Updated plugins

Command Line

Escape markup in command line output (#3341) e002e78c

Add support for line continuation and improved colors (#3326) 1784b175

Added span around command and output (#3312) 82d0ca15

Other

Core

Added better error message for missing grammars (#3311) 2cc4660b

1.26.0 (2022-01-06)

New components

Atmel AVR Assembly (#2078) b5a70e4c

Go module (#3209) 8476a9ab

Keepalived Configure (#2417) d908e457

Tremor & Trickle & Troy (#3087) ec25ba65

Web IDL (#3107) ef53f021

Updated components

Use \d for [0-9] (#3097) 9fe2f93e

6502 Assembly

Use standard tokens and minor improvements (#3184) 929c33e0

... (truncated)

Commits

703881e 1.27.0
7ac1373 Updated changelog for v1.27.0 (#3342)
e002e78 Command Line: Escape markup in command line output (#3341)
13b56a9 Bump follow-redirects from 1.14.7 to 1.14.8 (#3338)
f094c4a Bump yargs-parser from 5.0.0 to 5.0.1 (#3334)
9fd4c74 Bump ajv from 6.10.0 to 6.12.6 (#3333)
3fcca6b Bump pathval from 1.1.0 to 1.1.1 (#3331)
1784b17 Command Line: Add support for line continuation and improved colors (#3326)
f545843 ESLint: Allow Map and Set in ES5 code (#3328)
d6c5372 PureBasic: Added missing keyword and fixed constants ending with $ (#3320)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by rundevelopment, a new releaser for prismjs since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

Bump ajv from 6.10.1 to 6.12.3 in /frontend

opened on 2022-02-12 09:34:48 by dependabot[bot]

Bumps ajv from 6.10.1 to 6.12.3.

Release notes

Sourced from ajv's releases.

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@sambauers, #1143) Option keywords to add custom keywords (@franciscomorais, #1137) Types fixes (@boenrobot, @MattiAstedrone) Docs:

error logging example (@RadiationSickness)

TypeScript usage notes (@thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

v6.10.2

Fix: the unknown keywords were ignored with the option strictKeywords: true (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.

Commits

521c3a5 6.12.3
bd7107b Merge pull request #1229 from ajv-validator/dependabot/npm_and_yarn/mocha-8.0.1
9c26bb2 Merge pull request #1234 from ajv-validator/dependabot/npm_and_yarn/eslint-7.3.1
c6a6daa Merge branch 'master' into dependabot/npm_and_yarn/mocha-8.0.1
15eda23 Merge branch 'master' into dependabot/npm_and_yarn/eslint-7.3.1
d6aabb8 test: remove node 8 from travis test
c4801ca Merge pull request #1242 from ajv-validator/refactor
988982d ignore proto properties
f2b1e3d whitespace
65e3678 Merge pull request #1239 from GrahamLea/patch-1
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

Bump node-fetch from 2.6.0 to 2.6.7 in /frontend

opened on 2022-01-22 05:07:36 by dependabot[bot]

Bumps node-fetch from 2.6.0 to 2.6.7.

Release notes

Sourced from node-fetch's releases.

v2.6.7

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

fix: don't forward secure headers to 3th party by @jimmywarting in node-fetch/node-fetch#1453

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7

v2.6.6

What's Changed

fix(URL): prefer built in URL version when available and fallback to whatwg by @jimmywarting in node-fetch/node-fetch#1352

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6

v2.6.2

fixed main path in package.json

v2.6.1

This is an important security release. It is strongly recommended to update as soon as possible.

See CHANGELOG for details.

Changelog

Sourced from node-fetch's changelog.

Changelog

All notable changes will be recorded here.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

What's Changed

core: update fetch-blob by @jimmywarting in node-fetch/node-fetch#1371

docs: Fix typo around sending a file by @jimmywarting in node-fetch/node-fetch#1381

core: (http.request): Cast URL to string before sending it to NodeJS core by @jimmywarting in node-fetch/node-fetch#1378

core: handle errors from the request body stream by @mdmitry01 in node-fetch/node-fetch#1392

core: Better handle wrong redirect header in a response by @tasinet in node-fetch/node-fetch#1387

core: Don't use buffer to make a blob by @jimmywarting in node-fetch/node-fetch#1402

docs: update readme for TS @types/node-fetch by @adamellsworth in node-fetch/node-fetch#1405

core: Fix logical operator priority to disallow GET/HEAD with non-empty body by @maxshirshin in node-fetch/node-fetch#1369

core: Don't use global buffer by @jimmywarting in node-fetch/node-fetch#1422

ci: fix main branch by @dnalborczyk in node-fetch/node-fetch#1429

core: use more node: protocol imports by @dnalborczyk in node-fetch/node-fetch#1428

core: Warn when using data by @jimmywarting in node-fetch/node-fetch#1421

docs: Create SECURITY.md by @JamieSlome in node-fetch/node-fetch#1445

core: don't forward secure headers to 3th party by @jimmywarting in node-fetch/node-fetch#1449

New Contributors

@mdmitry01 made their first contribution in node-fetch/node-fetch#1392

@tasinet made their first contribution in node-fetch/node-fetch#1387

@adamellsworth made their first contribution in node-fetch/node-fetch#1405

@maxshirshin made their first contribution in node-fetch/node-fetch#1369

@JamieSlome made their first contribution in node-fetch/node-fetch#1445

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.2

3.1.0

What's Changed

fix(Body): Discourage form-data and buffer() by @jimmywarting in node-fetch/node-fetch#1212

fix: Pass url string to http.request by @serverwentdown in node-fetch/node-fetch#1268

Fix octocat image link by @lakuapik in node-fetch/node-fetch#1281

fix(Body.body): Normalize Body.body into a node:stream by @jimmywarting in node-fetch/node-fetch#924

docs(Headers): Add default Host request header to README.md file by @robertoaceves in node-fetch/node-fetch#1316

Update CHANGELOG.md by @jimmywarting in node-fetch/node-fetch#1292

Add highWaterMark to cloned properties by @davesidious in node-fetch/node-fetch#1162

Update README.md to fix HTTPResponseError by @thedanfernandez in node-fetch/node-fetch#1135

docs: switch url to URL by @dhritzkiv in node-fetch/node-fetch#1318

fix(types): declare buffer() deprecated by @dnalborczyk in node-fetch/node-fetch#1345

chore: fix lint by @dnalborczyk in node-fetch/node-fetch#1348

refactor: use node: prefix for imports by @dnalborczyk in node-fetch/node-fetch#1346

Bump data-uri-to-buffer from 3.0.1 to 4.0.0 by @dependabot in node-fetch/node-fetch#1319

Bump mocha from 8.4.0 to 9.1.3 by @dependabot in node-fetch/node-fetch#1339

Referrer and Referrer Policy by @tekwiz in node-fetch/node-fetch#1057

Add typing for Response.redirect(url, status) by @c-w in node-fetch/node-fetch#1169

... (truncated)

Commits

1ef4b56 backport of #1449 (#1453)
8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (...
b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
18193c5 fix v2.6.3 that did not sending query params (#1301)
ace7536 fix: properly encode url with unicode characters (#1291)
152214c Fix(package.json): Corrected main file path in package.json (#1274)
b5e2e41 update version number
2358a6c Honor the size option after following a redirect and revert data uri support
8c197f8 docs: Fix typos and grammatical errors in README.md (#686)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by endless, a new releaser for node-fetch since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

Bump xlsx from 0.14.3 to 0.17.0 in /frontend

opened on 2021-07-22 20:18:29 by dependabot[bot]

Bumps xlsx from 0.14.3 to 0.17.0.

Changelog

Sourced from xlsx's changelog.

CHANGELOG

This log is intended to keep track of backwards-incompatible changes, including but not limited to API changes and file location changes. Minor behavioral changes may not be included if they are not expected to break existing code.

v0.16.2

Disabled PRN parsing by default (better support for CSV without delimeters)

v0.16.1

skip empty custom property tags if data is absent (fixes DocSecurity issue)

HTML output add raw value, type, number format

DOM parse look for v / t / z attributes when determining value

double quotes in properties escaped using _x0022_

changed AMD structure for NetSuite and other RequireJS implementations

encode_cell and decode_cell do not rely on encode_col / decode_col

v0.16.0

Date handling changed

XLML certain tag tests are now case insensitive

Fixed potentially vulnerable regular expressions

v0.15.6

CFB prevent infinite loop

ODS empty cells marked as stub (type "z")

cellStyles option implies sheetStubs

v0.15.5

sheets parse option to specify which sheets to parse

v0.15.4

AOA utilities properly preserve number formats

Number formats captured in stub cells

v0.15.3

Properties and Custom Properties properly XML-encoded

v0.15.2

sheet_get_cell utility function

sheet_to_json explicitly support null as alias for default behavior

encode_col throw on negative column index

HTML properly handle whitespace around tags in a run

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

Bump lodash from 4.17.15 to 4.17.21 in /frontend

opened on 2021-05-10 06:05:43 by dependabot[bot]

Bumps lodash from 4.17.15 to 4.17.21.

Commits

f299b52 Bump to v4.17.21
c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
3469357 Prevent command injection through _.template's variable option
ded9bc6 Bump to v4.17.20.
63150ef Documentation fixes.
00f0f62 test.js: Remove trailing comma.
846e434 Temporarily use a custom fork of lodash-cli.
5d046f3 Re-enable Travis tests on 4.17 branch.
aa816b3 Remove /npm-package.
d7fbc52 Bump to v4.17.19
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

openfootprint

GitHub Repository