Powering openhumans.org

OpenHumans, updated 🕥 2022-12-08 09:34:32

open-humans

Codeship Status for OpenHumans/open-humans codecov.io

This repository contains the code for the Open Humans Website.

The local development environment

dependencies

  • python >=3.6
  • pip3
  • virtualenv (pip3 install virtualenv)
  • nodejs 6.x
  • npm 3.x
  • libffi (apt-get install libffi-dev in Debian/Ubuntu or brew install libffi in OSX)
  • libpq (apt-get install libpq in Debian/Ubuntu or brew install libpq in OSX)
  • postgres (apt-get install libpq-dev python3-dev and apt-get install postgresql postgresql-contrib in Debian/Ubuntu)
  • memcached (apt-get install memcached libmemcached-dev or brew install memcached)
  • ChromeDriver for Selenium tests

virtualenv

For the following commands, you'll also want to set up virtualenvwrapper: - pip3 install virtualenvwrapper - Follow setup instructions here (e.g. modify your .bashrc as needed): http://virtualenvwrapper.readthedocs.io/en/latest/install.html

Create a virtualenv for Python 3.6, e.g.: - mkvirtualenv open-humans --python=/usr/bin/python3.6 - pip3 install -r requirements.txt -r dev-requirements.txt

In the future, start the virtual environment with: - workon open-humans

And update it after pulling updated code by repeating: - pip3 install -r requirements.txt -r dev-requirements.txt

node.js dependencies (primarily for gulp)

  • npm install -g gulp
  • npm install

Update after pulling updated code by repeating: - npm install

create your postgres database

Running this site requires a PostgreSQL database (even for local development).

  • In Debian/Ubuntu
  • Become the postgres user: sudo su - postgres
  • Create a database (example name 'mydb'): createdb mydb
  • Create a user (example user 'jdoe'): createuser -P jdoe
  • Enter the password at prompt (example password: 'pa55wd')
  • run PostgreSQL command line: psql
    • Give this user privileges on this database, e.g.:
      GRANT ALL PRIVILEGES ON DATABASE mydb TO jdoe;
    • Also allow this user to create new databases (needed for running tests), e.g.:
      ALTER USER jdoe CREATEDB;
    • Quit: \q
  • Exit postgres user login: exit

Set up environment settings

Use env.example as a starting point. Copy this to .env and modify with your own settings.

Initialize or update the database

Do this at the beginning, and update when pulling updated code by running:

  • ./manage.py migrate

Additional setup

For additional setup information see docs/SETUP.md.

Running the development server

  • ./manage.py runserver

Running tests

You need to process static files before you can run tests.

  1. ./manage.py collectstatic
  2. ./manage.py test

Linting & formatting

Please use black to format code prior to commits. Set up a pre-commit hook by running the following:

  1. pre-commit install

Issues

Bump certifi from 2020.4.5.1 to 2022.12.7

opened on 2022-12-08 09:34:31 by dependabot[bot]

Bumps certifi from 2020.4.5.1 to 2022.12.7.

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/OpenHumans/open-humans/network/alerts).

Bump django from 2.2.13 to 2.2.28

opened on 2022-04-22 21:08:58 by dependabot[bot]

Bumps django from 2.2.13 to 2.2.28.

Commits
  • 5c33000 [2.2.x] Bumped version for 2.2.28 release.
  • 29a6c98 [2.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against...
  • 2c09e68 [2.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), a...
  • 8352b98 [2.2.x] Added stub release notes for 2.2.28.
  • 2801f29 [2.2.x] Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+."
  • e03648f [2.2.x] Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+.
  • 9d13d8c [2.2.x] Fixed typo in release notes.
  • 047ece3 [2.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive.
  • 2427b2f [2.2.x] Post-release version bump.
  • e541f2d [2.2.x] Bumped version for 2.2.27 release.
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/OpenHumans/open-humans/network/alerts).

Bump ipython from 7.5.0 to 7.16.3

opened on 2022-01-21 19:37:25 by dependabot[bot]

Bumps ipython from 7.5.0 to 7.16.3.

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/OpenHumans/open-humans/network/alerts).

Bump pillow from 7.1.1 to 8.3.2

opened on 2021-09-08 00:09:33 by dependabot[bot]

Bumps pillow from 7.1.1 to 8.3.2.

Release notes

Sourced from pillow's releases.

8.3.2

https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html

Security

  • CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere]

  • Fix 6-byte OOB read in FliDecode [wiredfool]

Python 3.10 wheels

  • Add support for Python 3.10 #5569, #5570 [hugovk, radarhere]

Fixed regressions

  • Ensure TIFF RowsPerStrip is multiple of 8 for JPEG compression #5588 [kmilos, radarhere]

  • Updates for ImagePalette channel order #5599 [radarhere]

  • Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library #5651 [nulano]

8.3.1

https://pillow.readthedocs.io/en/stable/releasenotes/8.3.1.html

Changes

8.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html

Changes

... (truncated)

Changelog

Sourced from pillow's changelog.

8.3.2 (2021-09-02)

  • CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere]

  • Fix 6-byte OOB read in FliDecode [wiredfool]

  • Add support for Python 3.10 #5569, #5570 [hugovk, radarhere]

  • Ensure TIFF RowsPerStrip is multiple of 8 for JPEG compression #5588 [kmilos, radarhere]

  • Updates for ImagePalette channel order #5599 [radarhere]

  • Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library #5651 [nulano]

8.3.1 (2021-07-06)

  • Catch OSError when checking if fp is sys.stdout #5585 [radarhere]

  • Handle removing orientation from alternate types of EXIF data #5584 [radarhere]

  • Make Image.array take optional dtype argument #5572 [t-vi, radarhere]

8.3.0 (2021-07-01)

  • Use snprintf instead of sprintf. CVE-2021-34552 #5567 [radarhere]

  • Limit TIFF strip size when saving with LibTIFF #5514 [kmilos]

  • Allow ICNS save on all operating systems #4526 [baletu, radarhere, newpanjing, hugovk]

  • De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables #4989 [gofr, radarhere]

  • Replaced xml.etree.ElementTree #5565 [radarhere]

... (truncated)

Commits
  • 8013f13 8.3.2 version bump
  • 23c7ca8 Update CHANGES.rst
  • 8450366 Update release notes
  • a0afe89 Update test case
  • 9e08eb8 Raise ValueError if color specifier is too long
  • bd5cf7d FLI tests for Oss-fuzz crash.
  • 94a0cf1 Fix 6-byte OOB read in FliDecode
  • cece64f Add 8.3.2 (2021-09-02) [CI skip]
  • e422386 Add release notes for Pillow 8.3.2
  • 08dcbb8 Pillow 8.3.2 supports Python 3.10 [ci skip]
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/OpenHumans/open-humans/network/alerts).

Switching to avoid leading zeros in future memberID creations

opened on 2021-08-17 19:37:55 by danamlewis

Description

Previously memberIDs could be created with 0 in the front. Various programs for data processing drop the 0, and then re-using the project memberIDs back in the command line would cause various errors in pulling or processing the data. Immense headaches have ensued for project administrators and data users. This attempts to remove the leading zeros (although it doesn't solve existing memberIDs with leading zeros) from future projectmemberID creation.

Testing

Have not tested but used OpenAI Codex to validate the sanity of this potential solution.

Make dependabot less noisy

opened on 2021-08-01 05:54:19 by abitrolly

Is it possible to make @dependabot less noisy? So that it will at least edit its old PRs like this - https://github.com/OpenHumans/open-humans/pull/1145 - instead of closing and reopening new.

Open Humans Foundation
GitHub Repository Homepage

quantified-self quantifiedself citizen-science community-science