id,node_id,number,title,user,state,locked,assignee,milestone,comments,created_at,updated_at,closed_at,author_association,pull_request,body,repo,type,active_lock_reason,performed_via_github_app,reactions,draft,state_reason
1886350562,I_kwDOBm6k_c5wb2zi,2178,Don't show foreign key links to tables the user cannot access,9599,closed,0,,,5,2023-09-07T17:56:41Z,2023-09-07T23:28:27Z,2023-09-07T23:28:27Z,OWNER,,"Spotted this problem while working on this plugin:
- https://github.com/simonw/datasette-public

It's possible to make a table public to any users - but then you may end up with situations like this:

<img width=""1095"" alt=""CleanShot 2023-09-07 at 10 55 02@2x"" src=""https://github.com/simonw/datasette/assets/9599/514a00be-f399-4b08-aa5e-f07d603b5ffe"">

That table is public, but the foreign key links go to tables that are NOT public.

We're also leaking the names of the values in those private tables here, which we shouldn't do. So this is a tiny bit of an information leak.

Since this only affects people who have configured a table to be public that has foreign keys to a table that is private I don't think this is worth issuing a vulnerability report about - I very much doubt anyone is running Datasette configured in a way that could result in problems because of this.",107914493,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/2178/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
1886649402,I_kwDOBm6k_c5wc_w6,2179,Flaky test: test_hidden_sqlite_stat1_table,9599,closed,0,,,0,2023-09-07T22:48:43Z,2023-09-07T22:51:19Z,2023-09-07T22:51:19Z,OWNER,,"This test here: https://github.com/simonw/datasette/blob/fbcb103c0cb6668018ace539a01a6a1f156e8d6a/tests/test_api.py#L1011-L1020

It failed for me like this:

`E       AssertionError: assert [('normal', False), ('sqlite_stat1', True), ('sqlite_stat4', True)] in ([('normal', False), ('sqlite_stat1', True)],)`

Looks like some builds of SQLite include a `sqlite_stat4` table.",107914493,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/2179/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
1010112818,I_kwDOBm6k_c48NRky,1479,"Win32 ""used by another process"" error with datasette publish",76450761,open,0,,,7,2021-09-28T19:12:00Z,2023-09-07T02:14:16Z,,NONE,,"I unfortunately was not successful to deploy to fly.io. Please see the details above of the three scenarios that I took. I am also new to datasette.

Failed to deploy. Attaching logs:
1. Tried with an app created via `flyctl apps create frosty-fog-8565` and the ran `datasette publish fly covid.db --app frosty-fog-8565` 
``` 
Deploying frosty-fog-8565
==> Validating app configuration
--> Validating app configuration done
Services
TCP 80/443 ⇢ 8080

Error error connecting to docker: An unknown error occured.

Traceback (most recent call last):
  File ""c:\users\grott\anaconda3\lib\runpy.py"", line 193, in _run_module_as_main
    ""__main__"", mod_spec)
  File ""c:\users\grott\anaconda3\lib\runpy.py"", line 85, in _run_code
    exec(code, run_globals)
  File ""C:\Users\grott\Anaconda3\Scripts\datasette.exe\__main__.py"", line 7, in <module>
  File ""c:\users\grott\anaconda3\lib\site-packages\click\core.py"", line 829, in __call__
    return self.main(*args, **kwargs)
  File ""c:\users\grott\anaconda3\lib\site-packages\click\core.py"", line 782, in main
    rv = self.invoke(ctx)
  File ""c:\users\grott\anaconda3\lib\site-packages\click\core.py"", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File ""c:\users\grott\anaconda3\lib\site-packages\click\core.py"", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File ""c:\users\grott\anaconda3\lib\site-packages\click\core.py"", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File ""c:\users\grott\anaconda3\lib\site-packages\click\core.py"", line 610, in invoke
    return callback(*args, **kwargs)
  File ""c:\users\grott\anaconda3\lib\site-packages\datasette_publish_fly\__init__.py"", line 156, in fly
    ""--remote-only"",
  File ""c:\users\grott\anaconda3\lib\contextlib.py"", line 119, in __exit__
    next(self.gen)
  File ""c:\users\grott\anaconda3\lib\site-packages\datasette\utils\__init__.py"", line 451, in temporary_docker_directory
    tmp.cleanup()
  File ""c:\users\grott\anaconda3\lib\tempfile.py"", line 811, in cleanup
    _shutil.rmtree(self.name)
  File ""c:\users\grott\anaconda3\lib\shutil.py"", line 516, in rmtree
    return _rmtree_unsafe(path, onerror)
  File ""c:\users\grott\anaconda3\lib\shutil.py"", line 395, in _rmtree_unsafe
    _rmtree_unsafe(fullname, onerror)
  File ""c:\users\grott\anaconda3\lib\shutil.py"", line 404, in _rmtree_unsafe
    onerror(os.rmdir, path, sys.exc_info())
  File ""c:\users\grott\anaconda3\lib\shutil.py"", line 402, in _rmtree_unsafe
    os.rmdir(path)
PermissionError: [WinError 32] The process cannot access the file because it is being used by another process: 'C:\\Users\\grott\\AppData\\Local\\Temp\\tmpgcm8cz66\\frosty-fog-8565'
```

2. Tried also with an app that gets autogenerate when running `flyctl launch`. This also generates the .toml file. Ran then `datasette publish fly covid.db --app dark-feather-168` **but different error now**
```Deploying dark-feather-168
==> Validating app configuration

Error not possible to validate configuration: server returned Post ""https://api.fly.io/graphql"": unexpected EOF

Traceback (most recent call last):
  File ""c:\users\grott\anaconda3\lib\runpy.py"", line 193, in _run_module_as_main        
    ""__main__"", mod_spec)
    exec(code, run_globals)
  File ""C:\Users\grott\Anaconda3\Scripts\datasette.exe\__main__.py"", line 7, in <module>
  File ""c:\users\grott\anaconda3\lib\site-packages\click\core.py"", line 829, in __call__
    return self.main(*args, **kwargs)
  File ""c:\users\grott\anaconda3\lib\site-packages\click\core.py"", line 782, in main
    rv = self.invoke(ctx)
  File ""c:\users\grott\anaconda3\lib\site-packages\click\core.py"", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File ""c:\users\grott\anaconda3\lib\site-packages\click\core.py"", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File ""c:\users\grott\anaconda3\lib\site-packages\click\core.py"", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File ""c:\users\grott\anaconda3\lib\site-packages\click\core.py"", line 610, in invoke
    return callback(*args, **kwargs)
  File ""c:\users\grott\anaconda3\lib\site-packages\datasette_publish_fly\__init__.py"", line 156, in fly
    ""--remote-only"",
  File ""c:\users\grott\anaconda3\lib\contextlib.py"", line 119, in __exit__
    next(self.gen)
  File ""c:\users\grott\anaconda3\lib\site-packages\datasette\utils\__init__.py"", line 451, in temporary_docker_directory
    tmp.cleanup()
  File ""c:\users\grott\anaconda3\lib\tempfile.py"", line 811, in cleanup
    _shutil.rmtree(self.name)
  File ""c:\users\grott\anaconda3\lib\shutil.py"", line 516, in rmtree
    return _rmtree_unsafe(path, onerror)
  File ""c:\users\grott\anaconda3\lib\shutil.py"", line 395, in _rmtree_unsafe
    _rmtree_unsafe(fullname, onerror)
  File ""c:\users\grott\anaconda3\lib\shutil.py"", line 404, in _rmtree_unsafe
    onerror(os.rmdir, path, sys.exc_info())
  File ""c:\users\grott\anaconda3\lib\shutil.py"", line 402, in _rmtree_unsafe
    os.rmdir(path)
PermissionError: [WinError 32] The process cannot access the file because it is being used by another process: 'C:\\Users\\grott\\AppData\\Local\\Temp\\tmpnoyewcre\\dark-feather-168'
```

These are also the contents of the generated **.toml file** in 2 scenario:

```
# fly.toml file generated for dark-feather-168 on 2021-09-28T20:35:44+02:00

app = ""dark-feather-168""

kill_signal = ""SIGINT""
kill_timeout = 5
processes = []

[env]

[experimental]
  allowed_public_ports = []
  auto_rollback = true

[[services]]
  http_checks = []
  internal_port = 8080
  processes = [""app""]
  protocol = ""tcp""
  script_checks = []

  [services.concurrency]
    hard_limit = 25
    soft_limit = 20
    type = ""connections""

  [[services.ports]]
    handlers = [""http""]
    port = 80

  [[services.ports]]
    handlers = [""tls"", ""http""]
    port = 443

  [[services.tcp_checks]]
    grace_period = ""1s""
    interval = ""15s""
    restart_limit = 6
    timeout = ""2s""
```

3. But also trying `datasette package covid.db` to create a local DOCKERFILE to later try to push it via `flyctl deploy` fails as well.

```[+] Building 147.3s (11/11) FINISHED
 => [internal] load build definition from Dockerfile                                                             0.2s 
 => => transferring dockerfile: 396B                                                                             0.0s 
 => [internal] load .dockerignore                                                                                0.1s 
 => => transferring context: 2B                                                                                  0.0s 
 => [internal] load metadata for docker.io/library/python:3.8                                                    4.7s 
 => [auth] library/python:pull token for registry-1.docker.io                                                    0.0s 
 => [internal] load build context                                                                                0.1s 
 => => transferring context: 82.37kB                                                                             0.0s 
 => [1/5] FROM docker.io/library/python:3.8@sha256:530de807b46a11734e2587a784573c12c5034f2f14025f838589e6c0e3  108.3s 
 => => resolve docker.io/library/python:3.8@sha256:530de807b46a11734e2587a784573c12c5034f2f14025f838589e6c0e3b5  0.0s 
 => => sha256:56182bcdf4d4283aa1f46944b4ef7ac881e28b4d5526720a4e9ba03a4730846a 2.22kB / 2.22kB                   0.0s 
 => => sha256:955615a668ce169f8a1443fc6b6e6215f43fe0babfb4790712a2d3171f34d366 54.93MB / 54.93MB                21.6s 
 => => sha256:911ea9f2bd51e53a455297e0631e18a72a86d7e2c8e1807176e80f991bde5d64 10.87MB / 10.87MB                15.5s 
 => => sha256:530de807b46a11734e2587a784573c12c5034f2f14025f838589e6c0e3b5c5b6 1.86kB / 1.86kB                   0.0s 
 => => sha256:ff08f08727e50193dcf499afc30594c47e70cc96f6fcfd1a01240524624264d0 8.65kB / 8.65kB                   0.0s 
 => => sha256:2756ef5f69a5190f4308619e0f446d95f5515eef4a814dbad0bcebbbbc7b25a8 5.15MB / 5.15MB                   6.4s 
 => => sha256:27b0a22ee906271a6ce9ddd1754fdd7d3b59078e0b57b6cc054c7ed7ac301587 54.57MB / 54.57MB                37.7s 
 => => sha256:8584d51a9262f9a3a436dea09ba40fa50f85802018f9bd299eee1bf538481077 196.45MB / 196.45MB              82.3s 
 => => sha256:524774b7d3638702fe9ae0ea3fcfb81b027dfd75cc2fc14f0119e764b9543d58 6.29MB / 6.29MB                  26.6s 
 => => extracting sha256:955615a668ce169f8a1443fc6b6e6215f43fe0babfb4790712a2d3171f34d366                        5.4s 
 => => sha256:9460f6b75036e38367e2f27bb15e85777c5d6cd52ad168741c9566186415aa26 16.81MB / 16.81MB                40.5s 
 => => extracting sha256:2756ef5f69a5190f4308619e0f446d95f5515eef4a814dbad0bcebbbbc7b25a8                        0.6s 
 => => extracting sha256:911ea9f2bd51e53a455297e0631e18a72a86d7e2c8e1807176e80f991bde5d64                        0.6s 
 => => sha256:9bc548096c181514aa1253966a330134d939496027f92f57ab376cd236eb280b 232B / 232B                      40.1s 
 => => extracting sha256:27b0a22ee906271a6ce9ddd1754fdd7d3b59078e0b57b6cc054c7ed7ac301587                        5.8s 
 => => sha256:1d87379b86b89fd3b8bb1621128f00c8f962756e6aaaed264ec38db733273543 2.35MB / 2.35MB                  41.8s 
 => => extracting sha256:8584d51a9262f9a3a436dea09ba40fa50f85802018f9bd299eee1bf538481077                       18.8s 
 => => extracting sha256:524774b7d3638702fe9ae0ea3fcfb81b027dfd75cc2fc14f0119e764b9543d58                        1.2s 
 => => extracting sha256:9460f6b75036e38367e2f27bb15e85777c5d6cd52ad168741c9566186415aa26                        2.9s 
 => => extracting sha256:9bc548096c181514aa1253966a330134d939496027f92f57ab376cd236eb280b                        0.0s 
 => => extracting sha256:1d87379b86b89fd3b8bb1621128f00c8f962756e6aaaed264ec38db733273543                        0.8s 
 => [2/5] COPY . /app                                                                                            2.3s 
 => [3/5] WORKDIR /app                                                                                           0.2s 
 => [4/5] RUN pip install -U datasette                                                                          26.9s 
 => [5/5] RUN datasette inspect covid.db --inspect-file inspect-data.json                                        3.1s
 => exporting to image                                                                                           1.2s 
 => => exporting layers                                                                                          1.2s 
 => => writing image sha256:b5db0c205cd3454c21fbb00ecf6043f261540bcf91c2dfc36d418f1a23a75d7a                     0.0s

Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them
Traceback (most recent call last):
    ""__main__"", mod_spec)
  File ""c:\users\grott\anaconda3\lib\runpy.py"", line 85, in _run_code
    exec(code, run_globals)
  File ""C:\Users\grott\Anaconda3\Scripts\datasette.exe\__main__.py"", line 7, in <module>
  File ""c:\users\grott\anaconda3\lib\site-packages\click\core.py"", line 829, in __call__
    return self.main(*args, **kwargs)
  File ""c:\users\grott\anaconda3\lib\site-packages\click\core.py"", line 782, in main
    rv = self.invoke(ctx)
  File ""c:\users\grott\anaconda3\lib\site-packages\click\core.py"", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File ""c:\users\grott\anaconda3\lib\site-packages\click\core.py"", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File ""c:\users\grott\anaconda3\lib\site-packages\click\core.py"", line 610, in invoke
    return callback(*args, **kwargs)
  File ""c:\users\grott\anaconda3\lib\site-packages\datasette\cli.py"", line 283, in package
    call(args)
  File ""c:\users\grott\anaconda3\lib\contextlib.py"", line 119, in __exit__
    next(self.gen)
  File ""c:\users\grott\anaconda3\lib\site-packages\datasette\utils\__init__.py"", line 451, in temporary_docker_directory
    tmp.cleanup()
  File ""c:\users\grott\anaconda3\lib\tempfile.py"", line 811, in cleanup
    _shutil.rmtree(self.name)
  File ""c:\users\grott\anaconda3\lib\shutil.py"", line 516, in rmtree
    return _rmtree_unsafe(path, onerror)
  File ""c:\users\grott\anaconda3\lib\shutil.py"", line 395, in _rmtree_unsafe
    _rmtree_unsafe(fullname, onerror)
  File ""c:\users\grott\anaconda3\lib\shutil.py"", line 404, in _rmtree_unsafe
    onerror(os.rmdir, path, sys.exc_info())
  File ""c:\users\grott\anaconda3\lib\shutil.py"", line 402, in _rmtree_unsafe
    os.rmdir(path)
PermissionError: [WinError 32] The process cannot access the file because it is being used by another process: 'C:\\Users\\grott\\AppData\\Local\\Temp\\tmpkb27qid3\\datasette'```",107914493,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/1479/reactions"", ""total_count"": 1, ""+1"": 1, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,