lowlighter/metrics v3.26

Version 3.26

on GitHub

ℹ️ This release is mostly focused on Web instances.
If you only use metrics through GitHub Actions, you can ignore this version.

🎉 Thanks to all my sponsors, metrics.lecoq.io has been migrated on a more powerful server and should be able to handle more requests!

📦 New features

• 🌐 Web instances
  • Home page has been redesigned to better guide users through the different features of metrics
    • 📊 Metrics embed is now accessible through /embed/
      • Action and markdown tabs can now be displayed without entering an username
    • ✨ Metrics insights is now accessible through /insights/
    • Backwards compatibility with previous endpoints has been kept
      • /:login and /:login/:repository will still generate embed metrics
      • /about/ will redirect towards /insights/
    • 
  • Add support for new options in settings.json
    • outputs can be used to restrict which output formats can be used with config.output
    • modes can be used to separately enable or disable embed and insights modes
    • control.token can be used to configure a token which can be used by external services to perform action on instance
      • /.control/stop can be used to stop instance (useful to redeploy or restart it)
    • Add more granularity to extras.features to enable advanced plugin features
      • The following permissions are currently supported:
        • metrics.setup.community.templates: Allow community templates download
        • metrics.setup.community.presets: Allow community presets usage
        • metrics.api.github.overuse: Allow GitHub API intensive requests
        • metrics.cpu.overuse: Allow CPU intensive requests
        • metrics.run.tempdir: Allow access to temporary directory (including I/O)
        • metrics.run.git: Allow to run git
        • metrics.run.licensed: Allow to run licensed
        • metrics.run.user.cmd: Allow to run ANY command by user (USE WITH CAUTION! May result in token leaks by malicious users)
        • metrics.run.puppeteer.scrapping: Allow to run puppeteer to scrape data
        • metrics.run.puppeteer.user.css: Allow to run CSS by user during puppeteer render
        • metrics.run.puppeteer.user.js: Allow to run JavaScript by user during puppeteer render
        • metrics.npm.optional.chartist: Allow use of chartist
        • metrics.npm.optional.gifencoder: Allow use of gifencoder
        • metrics.npm.optional.libxmljs2: Allow use of libxmljs2

      • ⚠️ If you deployed a web server with a previous version, you may need to reconfigure extras.features with some of the permissions listed above to keep some plugins working

      • The following settings has been deprecated:
        • extras.presets should now use extras.features with metrics.setup.community.presets
        • extras.js should now use extras.features with metrics.run.puppeteer.user.js
        • extras.css should now use extras.features with metrics.run.puppeteer.user.css
    • Settings display on startup has been improved
      • 

🧰 Fixes and documentation

• fix(app/web): force faker to be uncached for users who used a previous version of web instance
• fix(deps): libxmljs2 is now an optional dependency
• docs(plugins,templates): clarification, fix typos and style
• fix(plugins): improved error handling and messages

🔐 Security fixes

The following editions fix security issues that were reported by dependabot from unmaintained or outdated dependencies:

• fix(deps): migrated from jimp to sharp
• fix(deps): node-chartist is now an optional dependency
  • ⚠️ This dependency is still subject to CVE-2021-20066, but there are currently no replacement for this one which is why it now requires metrics.npm.optional.chartist permissions and is optional

💕 Sponsors