From 75e1e55a31f8b34470ccdd4df16057bbcb5f8b3a Mon Sep 17 00:00:00 2001 From: David Sangrey Date: Thu, 2 May 2024 20:15:09 -0400 Subject: [PATCH 1/7] Merge pull request #2216 from HullSeals/enhancement/workflow-additions [Docs] Add CodeQL Workflow and Security Guide --- .github/SECURITY.md | 13 +++++ .github/pull_request_template.md | 18 ++++++ .github/workflows/codeql.yml | 96 ++++++++++++++++++++++++++++++++ 3 files changed, 127 insertions(+) create mode 100644 .github/SECURITY.md create mode 100644 .github/pull_request_template.md create mode 100644 .github/workflows/codeql.yml diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 00000000..a926715b --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,13 @@ +# Reporting Security Issues + +EDMC takes security very seriously. Our users trust us to provide a secure and safe tool to support their experience in Elite. + +In general, the best way to report a major security issue with us that should not be publically discussed is to email our maintainer teams. + +The best point of contact for this is edmc@hullseals.space. When contacting, be sure to include as much information in your report. + +As soon as your report is processed, we'll get in touch to make sure we quickly move ahead with fixing the issue and will lay out a timeline for public disclosure and fixes. + +Another method of reporting vulnerabilities is to open a new Bug Report [here](https://github.com/EDCD/EDMarketConnector/issues/new?assignees=&labels=bug%2C+unconfirmed&projects=&template=bug_report.md&title=). + +If reporting a security issue here, do not include details as to the issue or steps to reproduce, simply indicate you have found a potential security bug and would like us to contact you directly. diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 00000000..0d1c9ac1 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,18 @@ + +# Description + + +# Example Images + + +# Type of Change + + +# How Tested + + +# Notes + diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..35a792fa --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,96 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches-ignore: + - 'main' + - 'stable' + - 'releases' + - 'beta' + pull_request: + branches: [ develop ] + schedule: + - cron: '38 5 * * 4' + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners (GitHub.com only) + # Consider using larger runners or machines with greater resources for possible analysis time improvements. + runs-on: 'ubuntu-latest' + timeout-minutes: 360 + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + include: + - language: python + build-mode: none + # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' + # Use `c-cpp` to analyze code written in C, C++ or both + # Use 'java-kotlin' to analyze code written in Java, Kotlin or both + # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both + # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, + # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. + # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how + # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + # If the analyze step fails for one of the languages you are analyzing with + # "We were unable to automatically build your code", modify the matrix above + # to set the build mode to "manual" for that language. Then modify this step + # to build your code. + # ℹ️ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + - if: matrix.build-mode == 'manual' + run: | + echo 'If you are using a "manual" build mode for one or more of the' \ + 'languages you are analyzing, replace this with the commands to build' \ + 'your code, for example:' + echo ' make bootstrap' + echo ' make release' + exit 1 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" From 9baa2484c6ec93c70bee4bb8a6f6eb0ad55dd5fd Mon Sep 17 00:00:00 2001 From: David Sangrey Date: Thu, 2 May 2024 20:28:16 -0400 Subject: [PATCH 2/7] Update codeql.yml --- .github/workflows/codeql.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 35a792fa..a709c7dc 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -14,7 +14,6 @@ name: "CodeQL" on: push: branches-ignore: - - 'main' - 'stable' - 'releases' - 'beta' From 8530b38306d845c1eea687f5dedfe804e555eb76 Mon Sep 17 00:00:00 2001 From: David Sangrey Date: Tue, 7 May 2024 18:06:10 -0400 Subject: [PATCH 3/7] Update ChangeLog.md --- ChangeLog.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog.md b/ChangeLog.md index 324d1f8d..45f06aad 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -24,6 +24,11 @@ be added in a future update. * Fixed a bug where the new SCO modules would display as a normal Frame Shift Drive * Fixed a bug which could crash EDMC if the exact details of a Frame Shift Drive were unknown +**Plugin Developers** +* modules.p and ships.p are deprecated, and slated for removal in 5.11+! +* The `openurl()` function in ttkHyperlinkLabel has been deprecated, +and slated for removal in 5.11+! Please migrate to `webbrowser.open()`. + Release 5.10.4 === This release contains updated dependencies, modules files, translations, and adds two new EDDN schemas. It also From 37c6179272626ebb0557d35e922dac67bbfe8c38 Mon Sep 17 00:00:00 2001 From: David Sangrey Date: Tue, 7 May 2024 18:18:13 -0400 Subject: [PATCH 4/7] Update edmarketconnector.xml --- edmarketconnector.xml | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/edmarketconnector.xml b/edmarketconnector.xml index cc797794..40fa6c00 100644 --- a/edmarketconnector.xml +++ b/edmarketconnector.xml @@ -22,10 +22,34 @@ - Release 5.10.4 + Release 5.10.5 body { font-family:"Segoe UI","Tahoma"; font-size: 75%; } h2 { font-family:"Segoe UI","Tahoma"; font-size: 105%; }

We now test against, and package with, Python 3.11.7.

As a result, we do not support Windows 7, 8, or 8.1.
+

Release 5.10.5

+

This release contains a fix for a bug that could crash EDMC's console versions when reading outfitting information from the new SCO Frame Shift Drive modules.

+

Please note that this does not offer full support for the new SCO modules or the Python Mk II. More support will be added in a future update.

+

We now sign our code! This does mean that built EXEs are now slightly modified on our developer's machines. +For information on what this means, and opt-out options, please visit https://github.com/EDCD/EDMarketConnector/wiki/Code-Signing-and-EDMC

+

Changes and Enhancements

+
    +
  • Updated Translations
    • +
  • Added limited data regarding the Python Mk II
    • +
  • Added a few Coriolis module information entries
    • +
+

Bug Fixes

+
    +
  • Fixed a bug that could cause the new SCO modules to display improper ratings or sizes
    • +
  • Fixed a bug where the new SCO modules would display as a normal Frame Shift Drive
    • +
  • Fixed a bug which could crash EDMC if the exact details of a Frame Shift Drive were unknown
    • +
+

Plugin Developers

+
    +
  • modules.p and ships.p are deprecated, and slated for removal in 5.11+!
    • +
  • The openurl() function in ttkHyperlinkLabel has been deprecated, +and slated for removal in 5.11+! Please migrate to webbrowser.open().
    • +
+

Release 5.10.4

This release contains updated dependencies, modules files, translations, and adds two new EDDN schemas. It also adds Turkish translations to EDMC!

@@ -2231,7 +2255,7 @@ about this: PTS CAPI saying Commander is Docked after jumping to new system.

]]> - + From 163fd197e7faedc4b17787331d610bc6edf87b7a Mon Sep 17 00:00:00 2001 From: David Sangrey Date: Sat, 11 May 2024 17:20:10 -0400 Subject: [PATCH 5/7] Merge pull request #2231 from HullSeals/fix/2228/add-sco [2228] Add SCO Modules and Preliminary Python Mk II Support --- edshipyard.py | 4 +- modules.json | 225 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 227 insertions(+), 2 deletions(-) diff --git a/edshipyard.py b/edshipyard.py index 15936dfc..2c29959f 100644 --- a/edshipyard.py +++ b/edshipyard.py @@ -178,8 +178,8 @@ def export(data, filename=None) -> None: # noqa: C901, CCR001 # a locale that uses comma for decimal separator. except ZeroDivisionError: range_unladen = range_laden = 0.0 - string += (f'Range : {range_unladen:.2f} LY current without cargo\n' - f' {range_laden:.2f} LY current with cargo\n') + string += (f'Range : {range_unladen:.2f} LY unladen\n' + f' {range_laden:.2f} LY laden\n') except Exception: if __debug__: diff --git a/modules.json b/modules.json index 16e72f7f..e9e444d6 100644 --- a/modules.json +++ b/modules.json @@ -1765,6 +1765,216 @@ "int_hullreinforcement_size5_class2": { "mass": 16 }, + "int_hyperdrive_overcharge_size2_class1": { + "mass": 2.5, + "optmass": 60, + "maxfuel": 0.6, + "fuelmul": 0.008, + "fuelpower": 2 + }, + "int_hyperdrive_overcharge_size2_class2": { + "mass": 2.5, + "optmass": 90, + "maxfuel": 0.9, + "fuelmul": 0.012, + "fuelpower": 2 + }, + "int_hyperdrive_overcharge_size2_class3": { + "mass": 2.5, + "optmass": 90, + "maxfuel": 0.9, + "fuelmul": 0.012, + "fuelpower": 2 + }, + "int_hyperdrive_overcharge_size2_class4": { + "mass": 2.5, + "optmass": 90, + "maxfuel": 0.9, + "fuelmul": 0.012, + "fuelpower": 2 + }, + "int_hyperdrive_overcharge_size2_class5": { + "mass": 2.5, + "optmass": 100, + "maxfuel": 1, + "fuelmul": 0.013, + "fuelpower": 2 + }, + "int_hyperdrive_overcharge_size3_class1": { + "mass": 5, + "optmass": 100, + "maxfuel": 1.2, + "fuelmul": 0.008, + "fuelpower": 2.15 + }, + "int_hyperdrive_overcharge_size3_class2": { + "mass": 2, + "optmass": 150, + "maxfuel": 1.8, + "fuelmul": 0.012, + "fuelpower": 2.15 + }, + "int_hyperdrive_overcharge_size3_class3": { + "mass": 5, + "optmass": 150, + "maxfuel": 1.8, + "fuelmul": 0.012, + "fuelpower": 2.15 + }, + "int_hyperdrive_overcharge_size3_class4": { + "mass": 5, + "optmass": 150, + "maxfuel": 1.8, + "fuelmul": 0.012, + "fuelpower": 2.15 + }, + "int_hyperdrive_overcharge_size3_class5": { + "mass": 5, + "optmass": 167, + "maxfuel": 1.9, + "fuelmul": 0.013, + "fuelpower": 2.15 + }, + "int_hyperdrive_overcharge_size4_class1": { + "mass": 10, + "optmass": 350, + "maxfuel": 2, + "fuelmul": 0.008, + "fuelpower": 2.3 + }, + "int_hyperdrive_overcharge_size4_class2": { + "mass": 4, + "optmass": 525, + "maxfuel": 3, + "fuelmul": 0.012, + "fuelpower": 2.3 + }, + "int_hyperdrive_overcharge_size4_class3": { + "mass": 10, + "optmass": 525, + "maxfuel": 3, + "fuelmul": 0.012, + "fuelpower": 2.3 + }, + "int_hyperdrive_overcharge_size4_class4": { + "mass": 10, + "optmass": 525, + "maxfuel": 3, + "fuelmul": 0.012, + "fuelpower": 2.3 + }, + "int_hyperdrive_overcharge_size4_class5": { + "mass": 10, + "optmass": 585, + "maxfuel": 3.2, + "fuelmul": 0.013, + "fuelpower": 2.3 + }, + "int_hyperdrive_overcharge_size5_class1": { + "mass": 20, + "optmass": 700, + "maxfuel": 3.3, + "fuelmul": 0.008, + "fuelpower": 2.45 + }, + "int_hyperdrive_overcharge_size5_class2": { + "mass": 8, + "optmass": 1050, + "maxfuel": 5, + "fuelmul": 0.012, + "fuelpower": 2.45 + }, + "int_hyperdrive_overcharge_size5_class3": { + "mass": 20, + "optmass": 1050, + "maxfuel": 5, + "fuelmul": 0.012, + "fuelpower": 2.45 + }, + "int_hyperdrive_overcharge_size5_class4": { + "mass": 20, + "optmass": 1050, + "maxfuel": 5, + "fuelmul": 0.012, + "fuelpower": 2.45 + }, + "int_hyperdrive_overcharge_size5_class5": { + "mass": 20, + "optmass": 1175, + "maxfuel": 5.2, + "fuelmul": 0.013, + "fuelpower": 2.45 + }, + "int_hyperdrive_overcharge_size6_class1": { + "mass": 40, + "optmass": 1200, + "maxfuel": 5.3, + "fuelmul": 0.008, + "fuelpower": 2.6 + }, + "int_hyperdrive_overcharge_size6_class2": { + "mass": 16, + "optmass": 1800, + "maxfuel": 8, + "fuelmul": 0.012, + "fuelpower": 2.6 + }, + "int_hyperdrive_overcharge_size6_class3": { + "mass": 40, + "optmass": 1800, + "maxfuel": 8, + "fuelmul": 0.012, + "fuelpower": 2.6 + }, + "int_hyperdrive_overcharge_size6_class4": { + "mass": 40, + "optmass": 1800, + "maxfuel": 8, + "fuelmul": 0.012, + "fuelpower": 2.6 + }, + "int_hyperdrive_overcharge_size6_class5": { + "mass": 40, + "optmass": 2000, + "maxfuel": 8.3, + "fuelmul": 0.013, + "fuelpower": 2.6 + }, + "int_hyperdrive_overcharge_size7_class1": { + "mass": 80, + "optmass": 1800, + "maxfuel": 8.5, + "fuelmul": 0.008, + "fuelpower": 2.75 + }, + "int_hyperdrive_overcharge_size7_class2": { + "mass": 32, + "optmass": 2700, + "maxfuel": 12.8, + "fuelmul": 0.012, + "fuelpower": 2.75 + }, + "int_hyperdrive_overcharge_size7_class3": { + "mass": 80, + "optmass": 2700, + "maxfuel": 12.8, + "fuelmul": 0.012, + "fuelpower": 2.75 + }, + "int_hyperdrive_overcharge_size7_class4": { + "mass": 80, + "optmass": 2700, + "maxfuel": 12.8, + "fuelmul": 0.012, + "fuelpower": 2.75 + }, + "int_hyperdrive_overcharge_size7_class5": { + "mass": 80, + "optmass": 3000, + "maxfuel": 13.1, + "fuelmul": 0.013, + "fuelpower": 2.75 + }, "int_hyperdrive_size2_class1": { "mass": 2.5, "optmass": 48, @@ -3153,6 +3363,21 @@ "python_armour_reactive": { "mass": 53 }, + "python_nx_armour_grade1": { + "mass": 0 + }, + "python_nx_armour_grade2": { + "mass": 26 + }, + "python_nx_armour_grade3": { + "mass": 53 + }, + "python_nx_armour_mirrored": { + "mass": 53 + }, + "python_nx_armour_reactive": { + "mass": 53 + }, "sidewinder_armour_grade1": { "mass": 0 }, From 8b7923e186321d4fad7c397b484cdbed9e7dd82f Mon Sep 17 00:00:00 2001 From: David Sangrey Date: Sat, 11 May 2024 17:58:39 -0400 Subject: [PATCH 6/7] [RELEASE] 5.10.6 --- ChangeLog.md | 29 +++++++++++++++++++++++++++++ config/__init__.py | 2 +- 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/ChangeLog.md b/ChangeLog.md index 324d1f8d..1dc357f1 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -6,6 +6,27 @@ This is the master changelog for Elite Dangerous Market Connector. Entries are in the source (not distributed with the Windows installer) for the currently used version. --- +Release 5.10.6 +=== +This release contains the data information for the new SCO modules added in Elite update 18.04. +This should represent full support for the new Python Mk II. + +We now sign our code! This does mean that built EXEs are now slightly modified on our developer's machines. +For information on what this means, and opt-out options, please visit https://github.com/EDCD/EDMarketConnector/wiki/Code-Signing-and-EDMC + +**Changes and Enhancements** +* Added new SCO Module Details +* Reverted a change from the prior release due to breaking some consumers. +**Plugin Developers** +* modules.p and ships.p are deprecated, and slated for removal in 5.11+! +* The `openurl()` function in ttkHyperlinkLabel has been deprecated, +and slated for removal in 5.11+! Please migrate to `webbrowser.open()`. + +**Plugin Developers** +* modules.p and ships.p are deprecated, and slated for removal in 5.11+! +* The `openurl()` function in ttkHyperlinkLabel has been deprecated, +and slated for removal in 5.11+! Please migrate to `webbrowser.open()`. + Release 5.10.5 === This release contains a fix for a bug that could crash EDMC's console versions when reading outfitting information @@ -14,6 +35,9 @@ from the new SCO Frame Shift Drive modules. Please note that this does not offer full support for the new SCO modules or the Python Mk II. More support will be added in a future update. +We now sign our code! This does mean that built EXEs are now slightly modified on our developer's machines. +For information on what this means, and opt-out options, please visit https://github.com/EDCD/EDMarketConnector/wiki/Code-Signing-and-EDMC + **Changes and Enhancements** * Updated Translations * Added limited data regarding the Python Mk II @@ -24,6 +48,11 @@ be added in a future update. * Fixed a bug where the new SCO modules would display as a normal Frame Shift Drive * Fixed a bug which could crash EDMC if the exact details of a Frame Shift Drive were unknown +**Plugin Developers** +* modules.p and ships.p are deprecated, and slated for removal in 5.11+! +* The `openurl()` function in ttkHyperlinkLabel has been deprecated, +and slated for removal in 5.11+! Please migrate to `webbrowser.open()`. + Release 5.10.4 === This release contains updated dependencies, modules files, translations, and adds two new EDDN schemas. It also diff --git a/config/__init__.py b/config/__init__.py index 92347c0b..0a12e2ec 100644 --- a/config/__init__.py +++ b/config/__init__.py @@ -54,7 +54,7 @@ appcmdname = 'EDMC' # # Major.Minor.Patch(-prerelease)(+buildmetadata) # NB: Do *not* import this, use the functions appversion() and appversion_nobuild() -_static_appversion = '5.10.5' +_static_appversion = '5.10.6' _cached_version: semantic_version.Version | None = None copyright = '© 2015-2019 Jonathan Harris, 2020-2024 EDCD' From 37b13fd81d1f9c0bea32f2fd474baf74b9fbb1d6 Mon Sep 17 00:00:00 2001 From: David Sangrey Date: Sat, 11 May 2024 18:10:32 -0400 Subject: [PATCH 7/7] [5.10.6] Update XML --- ChangeLog.md | 3 ++- edmarketconnector.xml | 21 +++++++++++++++++++-- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/ChangeLog.md b/ChangeLog.md index 7d14ca9c..e0d98bf4 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -15,8 +15,9 @@ We now sign our code! This does mean that built EXEs are now slightly modified o For information on what this means, and opt-out options, please visit https://github.com/EDCD/EDMarketConnector/wiki/Code-Signing-and-EDMC **Changes and Enhancements** -* Added new SCO Module Details +* Added new SCO and Python Armor Module Details * Reverted a change from the prior release due to breaking some consumers. + **Plugin Developers** * modules.p and ships.p are deprecated, and slated for removal in 5.11+! * The `openurl()` function in ttkHyperlinkLabel has been deprecated, diff --git a/edmarketconnector.xml b/edmarketconnector.xml index 40fa6c00..88ff05ce 100644 --- a/edmarketconnector.xml +++ b/edmarketconnector.xml @@ -22,10 +22,27 @@ - Release 5.10.5 + Release 5.10.6 body { font-family:"Segoe UI","Tahoma"; font-size: 75%; } h2 { font-family:"Segoe UI","Tahoma"; font-size: 105%; }

We now test against, and package with, Python 3.11.7.

As a result, we do not support Windows 7, 8, or 8.1.
+

Release 5.10.6

+

This release contains the data information for the new SCO modules added in Elite update 18.04. +This should represent full support for the new Python Mk II.

+

We now sign our code! This does mean that built EXEs are now slightly modified on our developer's machines. +For information on what this means, and opt-out options, please visit https://github.com/EDCD/EDMarketConnector/wiki/Code-Signing-and-EDMC

+

Changes and Enhancements

+
    +
  • Added new SCO and Python Armor Module Details
    • +
  • Reverted a change from the prior release due to breaking some consumers.
    • +
+

Plugin Developers

+
    +
  • modules.p and ships.p are deprecated, and slated for removal in 5.11+!
    • +
  • The openurl() function in ttkHyperlinkLabel has been deprecated, +and slated for removal in 5.11+! Please migrate to webbrowser.open().
    • +
+

Release 5.10.5

This release contains a fix for a bug that could crash EDMC's console versions when reading outfitting information from the new SCO Frame Shift Drive modules.

Please note that this does not offer full support for the new SCO modules or the Python Mk II. More support will be added in a future update.

@@ -2255,7 +2272,7 @@ about this: PTS CAPI saying Commander is Docked after jumping to new system.

]]> - +