Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCI ADM vulnerability audit fixes #6669

Merged
merged 3 commits into from
Nov 14, 2023
Merged

OCI ADM vulnerability audit fixes #6669

merged 3 commits into from
Nov 14, 2023

Conversation

sdedic
Copy link
Member

@sdedic sdedic commented Nov 8, 2023

During testing, I've found some subtle bugs including bad synchronization. The main changes are:

  • changed wording of the audit diagnostic: if the vulnerable dependency is indirect, the message indicates the direct dependency that brought the vulnerability into the project
  • audit request has an option to disable the local cache

There's a very light bug in Gradle dependencies implementation: the valid flag was not set up at the start;

Unrelated features, but possibly important for integration testing:

  • NBLS command that gets diagnostic for a given file. It's not much possible to hook on LSP diagnostic stream on LSP client side.
  • NBLS command that informs about directories the server uses; useful for on-disk settings inspection

@sdedic sdedic added Gradle [ci] enable "build tools" tests VSCode Extension [ci] enable VSCode Extension tests enterprise [ci] enable enterprise job labels Nov 8, 2023
@sdedic sdedic added this to the NB21 milestone Nov 8, 2023
@sdedic sdedic requested a review from dbalek November 8, 2023 09:11
@sdedic sdedic self-assigned this Nov 8, 2023
@sdedic sdedic requested a review from lkishalmi November 8, 2023 09:11
@sdedic
Copy link
Member Author

sdedic commented Nov 8, 2023

// cc: Laszlo, very minor change in Gradle.

@sdedic sdedic requested a review from MartinBalin November 8, 2023 09:18
@mbien
Copy link
Member

mbien commented Nov 8, 2023

fyi: micronaut and lsp tests are not working atm since the gradle wrapper which is used to setup test projects is downloading gradle 8.4, which breaks things.

unfortunately there is no such thing as global gradle wrapper properties, so there seems to be no quick fix i can do in CI.

I will take another look this evening, please avoid to merge to master until master is green again if possible.

@mbien
Copy link
Member

mbien commented Nov 8, 2023

please see #6673 for micronaut/lsp test issues

@apache apache locked and limited conversation to collaborators Nov 10, 2023
@apache apache unlocked this conversation Nov 10, 2023
@sdedic sdedic merged commit 251892d into apache:master Nov 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dbalek dbalek dbalek approved these changes

@MartinBalin MartinBalin MartinBalin approved these changes

@lkishalmi lkishalmi Awaiting requested review from lkishalmi

Assignees

@sdedic sdedic

Labels
enterprise [ci] enable enterprise job Gradle [ci] enable "build tools" tests VSCode Extension [ci] enable VSCode Extension tests
Projects
None yet
Milestone
NB21
Development

Successfully merging this pull request may close these issues.
4 participants
@sdedic @mbien @dbalek @MartinBalin