8000 modest update bouncycastle via transitive by denis-yuen · Pull Request #5895 · dockstore/dockstore · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

modest update bouncycastle via transitive #5895

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
May 29, 2024
Merged

modest update bouncycastle via transitive #5895

merged 5 commits into from
May 29, 2024

Conversation

denis-yuen
Copy link
Member
@denis-yuen denis-yuen commented May 27, 2024
edited
Loading

Description
See issue for extended notes.

Review Instructions
Try metrics retrieval and old verified workflow logs (will communicate with AWS and thus hopefully use encryption)
Try updating a workflow with a Docker image and see whether checksums and the like are recorded correctly.

Issue
https://ucsc-cgl.atlassian.net/browse/SEAB-6461

Security and Privacy

None, upgrade is intended to address CVEs

Please make sure that you've checked the following before submitting your pull request. Thanks!

  • Check that you pass the basic style checks and unit tests by running mvn clean install
  • Ensure that the PR targets the correct branch. Check the milestone or fix version of the ticket.
  • Follow the existing JPA patterns for queries, using named parameters, to avoid SQL injection
  • If you are changing dependencies, check the Snyk status check or the dashboard to ensure you are not introducing new high/critical vulnerabilities
  • Assume that inputs to the API can be malicious, and sanitize and/or check for Denial of Service type values, e.g., massive sizes
  • Do not serve user-uploaded binary images through the Dockstore API
  • Ensure that endpoints that only allow privileged access enforce that with the @RolesAllowed annotation
  • Do not create cookies, although this may change in the future
  • If this PR is for a user-facing feature, create and link a documentation ticket for this feature (usually in the same milestone as the linked issue). Style points if you create a documentation PR directly and link that instead.

@denis-yuen denis-yuen self-assigned this May 27, 2024
@codecov Codecov
Copy link
codecov bot commented May 27, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 73.79%. Comparing base (b769e72) to head (adc1d68).

Additional details and impacted files 
@@              Coverage Diff              @@
##             develop    #5895      +/-   ##
=============================================
+ Coverage      73.73%   73.79%   +0.06%     
- Complexity      5260     5263       +3     
=============================================
  Files            371      371              
  Lines          19207    19207              
  Branches        2012     2012              
=============================================
+ Hits           14162    14174      +12     
+ Misses          4090     4078      -12     
  Partials         955      955
Flag Coverage Δ
bitbuckettests 27.18% <ø> (+0.05%) ⬆️
integrationtests 58.37% <ø> (ø)
languageparsingtests 11.07% <ø> (ø)
localstacktests 21.68% <ø> (ø)
toolintegrationtests 30.48% <ø> (ø)
unit-tests_and_non-confidential-tests 28.45% <ø> (ø)
workflowintegrationtests 38.67% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@denis-yuen denis-yuen changed the title modest update modest update bouncycastle via transitive May 27, 2024
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@denis-yuen
Copy link
Member Author

FYI, snyk still think's there's an issue with the newest version, but I think it's a false positive due to the way dependencyManagement works in Maven

@denis-yuen denis-yuen marked this pull request as ready 8000 for review May 27, 2024 19:42
@denis-yuen denis-yuen requested review from a team, david4096, hyunnaye, svonworl, kathy-t and coverbeck and removed request for a team May 27, 2024 19:42
@denis-yuen denis-yuen merged commit 2f81db3 into develop May 29, 2024
@denis-yuen denis-yuen deleted the feature/test_bouncy_update branch May 29, 2024 20:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coverbeck coverbeck coverbeck approved these changes

@kathy-t kathy-t kathy-t approved these changes

@david4096 david4096 Awaiting requested review from david4096 david4096 was automatically assigned from dockstore/dockstore

@hyunnaye hyunnaye Awaiting requested review from hyunnaye hyunnaye was automatically assigned from dockstore/dockstore

@svonworl svonworl Awaiting requested review from svonworl svonworl was automatically assigned from dockstore/dockstore

Assignees

@denis-yuen denis-yuen

Labels
None yet
Projects
None yet
441E
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@denis-yuen @coverbeck @kathy-t
0