Add recommended Git versions chart #174

The “git-versions.json” file contains information about the public releases of Git. This includes all stable versions along with their release dates as well as a list of all publicly disclosed Git vulnerabilities and which versions they affect. The intent of this file is to be able to discern which Git versions are not recommended for productive use, because they are outdated or affected by known vulnerabilities. This file is up-to-date as of 2019-02-27 and including Git 2.21.0 as well as CVE-2018-17456. Git versions before 2.0.0 and vulnerabilities in versions released before 2017 were omitted for simplicity, because all Git versions earlier than that are affected by at least one vulnerability known before this was implemented anyway.

This script fetches all Git release tags and their publication dates from the official Git repository and updates the “git-versions.json” file with the new list of Git versions. This is useful to regularly update the Git release JSON database without having to manually look up the latest Git releases.

This adds manually crafted data for the detailed Git versions report, which simulates Git version upgrade trends with a large user base.

These functions add support for parsing and comparing versions according to the semantic versioning specification [1]. In addition, a function is provided to check whether a given version fulfills a compound version requirement such as “>2.9 <= 2.19.2”. All functions are covered by unit tests. This temporarily allows the functions related to semantic versioning to be unused in the ESLint configuration, because they will only be used in a subsequent commit, and ESLint would complain otherwise. [1] https://semver.org/

This introduces the GitVersionsDatabase class, which loads and stores the Git release information previously added. Additionally, the database flags which Git versions are recommended, outdated, and vulnerable. A Git version is considered vulnerable at a specific date if there existed a vulnerability that was publicly disclosed at that time. A client is counted as outdated if there was a newer patch release available at that date. All Git clients that are neither vulnerable nor outdated by these definitions are recommended for productive use. To detect outdated and vulnerable versions, Git versions are compared against the affected version ranges stated in the Git release database according to the semantic versioning specification. Unit tests ensure the correct annotation of recommended, outdated, and vulnerable versions in the database.

This adds area charts as a new chart type. Area charts visualize datasets not as single lines starting from 0 but as stacked areas. Area charts are useful to visualize data that is comprised of multiple parts that add up to a total. In this way, the sum of all datasets can easily be tracked as well as the relative distribution of the individual parts.

This adds a chart that shows how many users are using Git clients that are recommended, outdated, and vulnerable as a stacked area chart. The chart obtains its data from the previously introduced Git release database and uses an area chart for visualizing the results. The actual recommended Git versions chart is built on top of the area chart and performs only the operations necessary to prepare the data accordingly. The unit tests cover the correct computation of how many versions were recommended, outdated, and vulnerable at a given date based on recorded usage data.

With this patch, the Git release database is preferentially retrieved online from the official Hubble demo page [1] if it is accessible. This has the advantage that users will see more recent Git version information than is locally available on their local installation (which dates back to the respective release date). The idea is to regularly update the Git release database in the public repository to make recent information about vulnerabilities immediately visible to Hubble users. In the case that the remote copy of the Git release database is not accessible (for instance, because of corporate network restrictions), the local copy will be used as a fallback. [1] https://autodesk.github.io/hubble/assets/js/git-versions.json

This adds support for a new option that automatically normalizes a stacked area chart. With normalization turned on, the area chart will render the datasets with relative values and adjust the y axis to show percentages instead of absolute values. This is interesting for the recommended Git versions chart, where it makes sense to show the relative number of recommended clients in order to track upgrade trends better.

This adds an option to specify custom colors for datasets in the area chart. This is done through a mapping from dataset IDs to color specifiers chosen from a built-in list of color names. With this option, the recommended Git versions chart is colorized such that vulnerable versions are rendered red, outdated ones yellow, and recommended ones green.

In the event that some Git version was recorded that isn’t known to the Git release database, this patch introduces an “unknown” dataset that is invisible otherwise.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add recommended Git versions chart #174

Add recommended Git versions chart #174

Commits on Feb 27, 2019