From ea4b85089be3412c8d493ae5964c8bae04f14d78 Mon Sep 17 00:00:00 2001 From: Gregory Power <31050507+gregorywaynepower@users.noreply.github.com> Date: Wed, 31 Jan 2024 00:29:14 -0500 Subject: [PATCH 1/9] whitespace changes --- README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index ddf000e5f9df..9bc6709a31ba 100644 --- a/README.md +++ b/README.md @@ -28,16 +28,16 @@ QGIS is a full-featured, user-friendly, free-and-open-source (FOSS) geographical - [Translations](#translations) - [Other ways to contribute](#other-ways-to-contribute) -## Features +## Features ### 1. Flexible and powerful spatial data management - Support for raster, vector, mesh, and point cloud data in a range of industry-standard formats - *Raster formats include*: GeoPackage, GeoTIFF, GRASS, ArcInfo binary and ASCII grids, ERDAS Imagine SDTS, WMS, WCS, PostgreSQL/PostGIS, and [other GDAL supported formats](https://gdal.org/drivers/raster/index.html). - - *Vector formats include*: GeoPackage, ESRI shapefiles, GRASS, SpatiaLite, PostgreSQL/PostGIS, MSSQL, Oracle, WFS, Vector Tiles and [other OGR supported formats](https://www.gdal.org/ogr_formats.html). + - *Vector formats include*: GeoPackage, ESRI shapefiles, GRASS, SpatiaLite, PostgreSQL/PostGIS, MSSQL, Oracle, WFS, Vector Tiles and [other OGR supported formats](https://www.gdal.org/ogr_formats.html). - *Mesh formats include*: NetCDF, GRIB, 2DM, and [other MDAL supported formats](https://github.com/lutraconsulting/MDAL#supported-formats). - *Point-cloud format*: LAS/LAZ and EPT datasets. -- Data abstraction framework, with local files, spatial databases (PostGIS, SpatiaLite, SQL Server, Oracle, SAP HANA), and web services (WMS, WCS, WFS, ArcGIS REST) all accessed through a unified data model and browser interface, and as flexible layers in user-created projects +- Data abstraction framework, with local files, spatial databases (PostGIS, SpatiaLite, SQL Server, Oracle, SAP HANA), and web services (WMS, WCS, WFS, ArcGIS REST) all accessed through a unified data model and browser interface, and as flexible layers in user-created projects - Spatial data creation via visual and numerical digitizing and editing, as well as georeferencing of raster and vector data - On-the-fly reprojection between coordinate reference systems (CRS) - Nominatim (OpenStreetMap) geocoder access @@ -57,11 +57,11 @@ QGIS is a full-featured, user-friendly, free-and-open-source (FOSS) geographical - Respect for embedded styling in many spatial data sources (e.g. KML and TAB files, Mapbox-GL styled vector tiles) - In particular, near-complete replication (and significant extension) of symbology options that are available in proprietary software by ESRI - Advanced styling using data-defined overrides, blending modes, and draw effects -- 500+ built-in color ramps (cpt-city, ColorBrewer, etc.) +- 500+ built-in color ramps (cpt-city, ColorBrewer, etc.) - Create and update maps with specified scale, extent, style, and decorations via saved layouts - Generate multiple maps (and reports) automatically using QGIS Atlas and QGIS Reports - Display and export elevation profile plots with flexible symbology -- Flexible output direct to printer, or as image (raster), PDF, or SVG for further customization +- Flexible output direct to printer, or as image (raster), PDF, or SVG for further customization - On-the-fly rendering enhancements using geometry generators (e.g. create and style new geometries from existing features) - Preview modes for inclusive map making (e.g. monochrome, color blindness) @@ -76,7 +76,7 @@ For more maps created with QGIS, visit the [QGIS Map Showcase Flickr Group](http ### 3. Advanced and robust geospatial analysis - Powerful processing framework with 200+ native processing algorithms - Access to 1000+ processing algorithms via providers such as GDAL, SAGA, GRASS, OrfeoToolbox, as well as custom models and processing scripts -- Geospatial database engine (filters, joins, relations, forms, etc.), as close to datasource- and format-independent as possible +- Geospatial database engine (filters, joins, relations, forms, etc.), as close to datasource- and format-independent as possible - Immediate visualization of geospatial query and geoprocessing results - Model designer and batch processing @@ -92,7 +92,7 @@ For more maps created with QGIS, visit the [QGIS Map Showcase Flickr Group](http - Fully customizable user experience, including user interface and application settings that cater to power-users and beginners alike - Rich [expression engine](https://docs.qgis.org/testing/en/docs/user_manual/working_with_vector/expression.html) for maximum flexibility in visualization and processing -- Broad and varied [plugin ecosystem](https://plugins.qgis.org/) that includes data connectors, digitizing aids, advanced analysis and charting tools, +- Broad and varied [plugin ecosystem](https://plugins.qgis.org/) that includes data connectors, digitizing aids, advanced analysis and charting tools, in-the-field data capture, conversion of ESRI style files, etc. - Style manager for creating, storing, and managing styles - [QGIS style hub](https://plugins.qgis.org/styles/) for easy sharing of styles @@ -132,12 +132,12 @@ Headless map server -- running on Linux, macOS, Windows, or in a docker containe ## Under the hood QGIS is developed using the [Qt toolkit](https://qt.io) and C++, since 2002, and has a pleasing, easy to use graphical -user interface with multilingual support. It is maintained by an active developer team and supported by vibrant -community of GIS professionals and enthusiasts as well as geospatial data publishers and end-users. +user interface with multilingual support. It is maintained by an active developer team and supported by vibrant +community of GIS professionals and enthusiasts as well as geospatial data publishers and end-users. ### Versions and release cycle -QGIS development and releases follow a [time based schedule/roadmap](https://www.qgis.org/en/site/getinvolved/development/roadmap.html). There are three main branches of QGIS that users can install. These are the **Long Term Release (LTR)** branch, the **Latest Release (LR)** branch, and the **Development (Nightly)** branch. +QGIS development and releases follow a [time based schedule/roadmap](https://www.qgis.org/en/site/getinvolved/development/roadmap.html). There are three main branches of QGIS that users can install. These are the **Long Term Release (LTR)** branch, the **Latest Release (LR)** branch, and the **Development (Nightly)** branch. Every month, there is a **Point Release** that provides bug-fixes to the LTR and LR. @@ -206,7 +206,7 @@ If you wish to contribute patches you can: If you commit a new feature, add `[FEATURE]` to your commit message AND give a clear description of the new feature. The label `Needs documentation` will be added by maintainers and will automatically create an issue on the QGIS-Documentation repo, where you or others should write documentation about it. -For large-scale changes, you can open a [QEP (QGIS Enhancement Proposal)](https://github.com/qgis/QGIS-Enhancement-Proposals). QEPs are used in the process of creating and discussing new enhancements or policy for QGIS. +For large-scale changes, you can open a [QEP (QGIS Enhancement Proposal)](https://github.com/qgis/QGIS-Enhancement-Proposals). QEPs are used in the process of creating and discussing new enhancements or policy for QGIS. ### Translations From 9981c43a0aa07efa0a824a0e8d88aef36e35526b Mon Sep 17 00:00:00 2001 From: Gregory Power <31050507+gregorywaynepower@users.noreply.github.com> Date: Wed, 31 Jan 2024 00:31:38 -0500 Subject: [PATCH 2/9] add OpenSSF Scorecard and OpenSSF Best Practices Badges --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 9bc6709a31ba..b26978511cfd 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,8 @@ [![🧪 QGIS tests](https://github.com/qgis/QGIS/actions/workflows/run-tests.yml/badge.svg)](https://github.com/qgis/QGIS/actions/workflows/run-tests.yml?query=branch%3Amaster+event%3Apush) [![Docker Status](https://img.shields.io/docker/automated/qgis/qgis.svg)](https://hub.docker.com/r/qgis/qgis/tags) [![Build Status](https://dev.azure.com/qgis/QGIS/_apis/build/status/qgis.QGIS?branchName=master)](https://dev.azure.com/qgis/QGIS/_build/latest?definitionId=1&branchName=master) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/qgis/QGIS/badge)](https://securityscorecards.dev/viewer/?uri=github.com/qgis/QGIS) +[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/1581/badge)](https://www.bestpractices.dev/projects/1581) [![🪟 MingW64 Windows 64bit Build](https://github.com/qgis/QGIS/actions/workflows/mingw64.yml/badge.svg)](https://github.com/qgis/QGIS/actions/workflows/mingw64.yml?query=branch%3Amaster+event%3Apush) [![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.5869837.svg)](https://doi.org/10.5281/zenodo.5869837) From d9cbc0e0e1a690e6f211985800a6e13447db5867 Mon Sep 17 00:00:00 2001 From: Gregory Power <31050507+gregorywaynepower@users.noreply.github.com> Date: Wed, 31 Jan 2024 00:33:24 -0500 Subject: [PATCH 3/9] create osv-scanner.toml - This file is used to ignore particular vulnerabilities reported Open Source Vulnerability database (https://osv.dev/) - The specification for this particular file can be found at (https://google.github.io/osv-scanner/configuration/) as of 2024-01-04 --- resources/server/src/landingpage/osv-scanner.toml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 resources/server/src/landingpage/osv-scanner.toml diff --git a/resources/server/src/landingpage/osv-scanner.toml b/resources/server/src/landingpage/osv-scanner.toml new file mode 100644 index 000000000000..e69de29bb2d1 From 882bf9843a1b9ec78e571e4afbef8176cf844f83 Mon Sep 17 00:00:00 2001 From: Gregory Power <31050507+gregorywaynepower@users.noreply.github.com> Date: Wed, 31 Jan 2024 00:34:44 -0500 Subject: [PATCH 4/9] update osv-scanner.toml to ignore GHSA-pfrx-2q88-qq97 --- resources/server/src/landingpage/osv-scanner.toml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/resources/server/src/landingpage/osv-scanner.toml b/resources/server/src/landingpage/osv-scanner.toml index e69de29bb2d1..cf0d417b4055 100644 --- a/resources/server/src/landingpage/osv-scanner.toml +++ b/resources/server/src/landingpage/osv-scanner.toml @@ -0,0 +1,3 @@ +[[IgnoredVulns]] +id = "GHSA-pfrx-2q88-qq97" +reason = "...the built application is meant to be run on the client and not on the server... Look to https://github.com/qgis/QGIS/pull/55748#discussion_r1440141394" From 13e64acb158f2f5e0fdeab677efc810bd6d5a15e Mon Sep 17 00:00:00 2001 From: Gregory Power <31050507+gregorywaynepower@users.noreply.github.com> Date: Wed, 31 Jan 2024 00:35:17 -0500 Subject: [PATCH 5/9] update osv-scanner.toml to ignore GHSA-rc47-6667-2j5j --- resources/server/src/landingpage/osv-scanner.toml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/resources/server/src/landingpage/osv-scanner.toml b/resources/server/src/landingpage/osv-scanner.toml index cf0d417b4055..88b0c0026bb8 100644 --- a/resources/server/src/landingpage/osv-scanner.toml +++ b/resources/server/src/landingpage/osv-scanner.toml @@ -1,3 +1,7 @@ [[IgnoredVulns]] id = "GHSA-pfrx-2q88-qq97" reason = "...the built application is meant to be run on the client and not on the server... Look to https://github.com/qgis/QGIS/pull/55748#discussion_r1440141394" + +[[IgnoredVulns]] +id = "GHSA-rc47-6667-2j5j" +reason = "...the built application is meant to be run on the client and not on the server... Look to https://github.com/qgis/QGIS/pull/55748#discussion_r1440141394" From fbed2485522ca9946e2396084ea8657222099768 Mon Sep 17 00:00:00 2001 From: Gregory Power <31050507+gregorywaynepower@users.noreply.github.com> Date: Wed, 31 Jan 2024 00:35:47 -0500 Subject: [PATCH 6/9] update osv-scanner.toml to ignore GHSA-9c47-m6qq-7p4h --- resources/server/src/landingpage/osv-scanner.toml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/resources/server/src/landingpage/osv-scanner.toml b/resources/server/src/landingpage/osv-scanner.toml index 88b0c0026bb8..ab7fe7d6976b 100644 --- a/resources/server/src/landingpage/osv-scanner.toml +++ b/resources/server/src/landingpage/osv-scanner.toml @@ -5,3 +5,7 @@ reason = "...the built application is meant to be run on the client and not on t [[IgnoredVulns]] id = "GHSA-rc47-6667-2j5j" reason = "...the built application is meant to be run on the client and not on the server... Look to https://github.com/qgis/QGIS/pull/55748#discussion_r1440141394" + +[[IgnoredVulns]] +id = "GHSA-9c47-m6qq-7p4h" +reason = "...the built application is meant to be run on the client and not on the server... Look to https://github.com/qgis/QGIS/pull/55748#discussion_r1440141394" From ac4e60d3a8226853f6a062cd0e2bda0b4a7eabfb Mon Sep 17 00:00:00 2001 From: Gregory Power <31050507+gregorywaynepower@users.noreply.github.com> Date: Wed, 31 Jan 2024 00:36:19 -0500 Subject: [PATCH 7/9] update osv-scanner.toml to ignore GHSA-7fh5-64p2-3v2j --- resources/server/src/landingpage/osv-scanner.toml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/resources/server/src/landingpage/osv-scanner.toml b/resources/server/src/landingpage/osv-scanner.toml index ab7fe7d6976b..46065ff68233 100644 --- a/resources/server/src/landingpage/osv-scanner.toml +++ b/resources/server/src/landingpage/osv-scanner.toml @@ -9,3 +9,7 @@ reason = "...the built application is meant to be run on the client and not on t [[IgnoredVulns]] id = "GHSA-9c47-m6qq-7p4h" reason = "...the built application is meant to be run on the client and not on the server... Look to https://github.com/qgis/QGIS/pull/55748#discussion_r1440141394" + +[[IgnoredVulns]] +id = "GHSA-7fh5-64p2-3v2j" +reason = "...the built application is meant to be run on the client and not on the server... Look to https://github.com/qgis/QGIS/pull/55748#discussion_r1440141394" From f23463979fedecd27d8a2360a5d292a104cf1d5d Mon Sep 17 00:00:00 2001 From: Gregory Power <31050507+gregorywaynepower@users.noreply.github.com> Date: Wed, 31 Jan 2024 00:36:55 -0500 Subject: [PATCH 8/9] update osv-scanner.toml to ignore GHSA-776f-qx25-q3cc --- resources/server/src/landingpage/osv-scanner.toml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/resources/server/src/landingpage/osv-scanner.toml b/resources/server/src/landingpage/osv-scanner.toml index 46065ff68233..1f82fc338350 100644 --- a/resources/server/src/landingpage/osv-scanner.toml +++ b/resources/server/src/landingpage/osv-scanner.toml @@ -13,3 +13,7 @@ reason = "...the built application is meant to be run on the client and not on t [[IgnoredVulns]] id = "GHSA-7fh5-64p2-3v2j" reason = "...the built application is meant to be run on the client and not on the server... Look to https://github.com/qgis/QGIS/pull/55748#discussion_r1440141394" + +[[IgnoredVulns]] +id = "GHSA-776f-qx25-q3cc" +reason = "...the built application is meant to be run on the client and not on the server... Look to https://github.com/qgis/QGIS/pull/55748#discussion_r1440141394" From 148fb2ae24ed3571de1a451069820706c9d3acf0 Mon Sep 17 00:00:00 2001 From: Gregory Power <31050507+gregorywaynepower@users.noreply.github.com> Date: Wed, 31 Jan 2024 00:37:26 -0500 Subject: [PATCH 9/9] update osv-scanner.toml to ignore GHSA-8jmw-wjr8-2x66 --- resources/server/src/landingpage/osv-scanner.toml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/resources/server/src/landingpage/osv-scanner.toml b/resources/server/src/landingpage/osv-scanner.toml index 1f82fc338350..f20d0deb4e53 100644 --- a/resources/server/src/landingpage/osv-scanner.toml +++ b/resources/server/src/landingpage/osv-scanner.toml @@ -17,3 +17,7 @@ reason = "...the built application is meant to be run on the client and not on t [[IgnoredVulns]] id = "GHSA-776f-qx25-q3cc" reason = "...the built application is meant to be run on the client and not on the server... Look to https://github.com/qgis/QGIS/pull/55748#discussion_r1440141394" + +[[IgnoredVulns]] +id = "GHSA-8jmw-wjr8-2x66" +reason = "The implementation of git-clone is part of the vue/cli@^5.0.8 is ran by the client and is not ran on the server and the input for this function is static. Look to https://github.com/jaz303/git-clone/commit/fd330459593aef7c7a8c54d786e3c4d5722749f9?diff=unified&w=0"