profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/JLLeitschuh/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Jonathan Leitschuh JLLeitschuh @Gradle Boston, MA Software Engineer & Security Researcher; Graduated from WPI; BS in Robotics and CS

gradle/wrapper-validation-action 133

Gradle Wrapper Validation Action

cs3733bdt/wpi-suite 2

WPI Suite repository for Bobby Drop Tables (Team 2)

DragonShadesX/rbe_3002 2

A repo for WPI's 3002 Robotics Class

gradle/.github 2

Maintains all of the default policies for the Gradle organization

c0bra/grunt-ngdocs 0

Build angularJS documentation with a grunt task.

JLLeitschuh/3D-Modeling 0

This is repository for models fit for 3D printing. So far OpenSCAD is used as the programming language.

JLLeitschuh/9024-XP 0

Practica de XP segundo año ies 9024

JLLeitschuh/accelerated-build-now-plugin 0

accelerated-build-now-plugin

PullRequestReviewEvent

Pull request review commentJLLeitschuh/ktlint-gradle

Bump github actions

 jobs:         os: [ubuntu-latest, windows-latest]     runs-on: ${{ matrix.os }}     steps:-      - uses: actions/checkout@v1+      - uses: actions/checkout@v2       - name: set up JDK 1.8-        uses: actions/setup-java@v1+        uses: actions/setup-java@v2         with:-          java-version: 1.8+          java-version: 8

Don't feel obligated to add JDK 11 testing support in this PR. If you just want to leave it at version 8, that's fine.

Goooler

comment created time in 16 hours

PullRequestReviewEvent

Pull request review commentJLLeitschuh/ktlint-gradle

Bump github actions

 jobs:         os: [ubuntu-latest, windows-latest]     runs-on: ${{ matrix.os }}     steps:-      - uses: actions/checkout@v1+      - uses: actions/checkout@v2       - name: set up JDK 1.8-        uses: actions/setup-java@v1+        uses: actions/setup-java@v2         with:-          java-version: 1.8+          java-version: 8

I'd prefer if we continued to run with JDK 1.8 as a minimum for now and try adding JDK 11 as a matrix version. I want to make sure we don't break JDK 1.8 support, but also testing for JDK 11 support would be good.

Goooler

comment created time in 16 hours

delete branch JLLeitschuh/digitraffic-marine

delete branch : fix/JLL/use_https_to_resolve_dependencies

delete time in 16 hours

issue commenthub4j/github-api

ghProjectCard.content.repository is null

Thanks @bitwiseman. I've looked at the code a few times and I haven't yet seen a good way to fix this bug. Since requesting the issue resource is not routed through the repository object, an explicit request for the repository resource is required to get the desired object. I'm not certain where that logic should occur, nor am I certain what needs to happen to make that request correctly.

JLLeitschuh

comment created time in 16 hours

issue commentgradle/gradle

gradle depends on an insecure third-party JAR package that contains the CVE vulnerability

  1. jar file: gradle-7.2/lib/commons-compress-1.20.jar CVE:

    • CVE-2021-35517 - @ljacomet PTAL
    • CVE-2021-35516 - @ljacomet PTAL
    • CVE-2021-35515 - @ljacomet PTAL
    • CVE-2021-36090 - @ljacomet PTAL
  2. jar file: gradle-7.2/lib/ant-1.10.9.jar CVE:

    • CVE-2021-36373 - @ljacomet PTAL
    • CVE-2021-36374 - @ljacomet PTAL
  3. jar file: gradle-7.2/lib/plugins/maven-builder-support-3.6.3.jar CVE:

    • CVE-2021-26291 - I'm the one that reported this vulnerability to the Apache Maven team, the way that Gradle uses Maven, we are not vulnerable.

Per CVE-2021-35517, CVE-2021-35516, CVE-2021-35515, CVE-2021-36090, CVE-2021-36373, CVE-2021-36374; all of these vulnerabilities are only vulnerabilities if you are using these libraries to unzip untrusted 7Z or tar archives. Most of the time, we assume that Gradle is used to build projects from trusted sources. Often when Gradle is used to unzip/untar a resource, the next step in the build will be to run some bit of code from that resource. Given that threat model, an attacker would be more likely to exploit that trust to achieve code execution over DOS.

That being said, there may be cases where Gradle is being used to unzip/untar untrusted resources without the intention of executing them next. For those users who may be holding those expectations, we should be resolve these vulnerabilities by updating our dependencies.

xuewan-seven

comment created time in 21 hours

issue commentadrielcafe/AndroidAudioRecorder

Internet usage

So any one pulling these dependencies/versions between July 2017 and December 2018 has used/shipped hacked dependency with malicious code

@paulvi I believe that that is indeed an accurate read of the situation.

zsmb13

comment created time in 6 days

issue commenthub4j/github-api

ghProjectCard.content.repository is null

I can confirm, this bug still exists in 1.133. There were recent changes in the code regarding "root streamlining". Maybe this has been fixed as a part of that. Unfortunately, the 1.133 release was 7 days ago, and the "root streamlining" changes were made 6 days ago. There's no easy way for me to test this until another release is published.

JLLeitschuh

comment created time in 6 days

issue commenthub4j/github-api

ghProjectCard.content.repository is null

I haven't tried looking into this code in a while, I presume it still does though

JLLeitschuh

comment created time in 6 days

issue commentJLLeitschuh/ktlint-gradle

Intermediate output bin files contain full paths

Are there any good ways to write a unit test for this bug? Suggestions welcome.

zielezin

comment created time in 6 days

PullRequestReviewEvent

issue openedderjayjay/homebridge-keylights

"Could not register accessory" homebridge in docker

I'm wondering if this is because I'm running it in docker on my Synology NAS, but I was able to fix this issue by checking the useIP button. I'm wondering if .local addresses can't resolve correctly when requested from within docker. Regardless, it's working now.

Thank you so much for this simple solution! Much appreciated!

created time in 6 days

startedderjayjay/homebridge-keylights

started time in 6 days

pull request commentdependabot/dependabot-core

Improved support `apply from` in gradle files

The test look sane, so a 👍 for me from here.

zbynek

comment created time in 7 days

pull request commentdependabot/dependabot-core

Improved support `apply from` in gradle files

I don't think you should drop this PR, but I do want to point you towards the more idiomatic way of doing this with Gradle.

We're encouraging our users to move away from using apply from: to using either plugins, or using platforms.

https://docs.gradle.org/current/userguide/platforms.html

zbynek

comment created time in 7 days

pull request commentdependabot/dependabot-core

Improved support `apply from` in gradle files

all included files that are actually fetched must contain dependencies in the filename

That will require some kind of documentation somewhere too

zbynek

comment created time in 7 days

issue commentJLLeitschuh/ktlint-gradle

Plugin breaks aar module

Sorry to be so blunt, but I have attached repro project above, why was the build scan also necessary? Are you having troubles reproducing it from the attached sample?

I generally try to avoid running untrusted code from maintainers I'm not familiar with. Nothing personal, I'm just being security conscious.

Personally, I'm not familiar with aar files and how Gradle nor the android plugin handles them.

As far as I'm aware this plugin doesn't modify any classpaths other than the ones that it creates for itself. I don't understand how this plugin could impact the success/failure of another plugin's compilation. @Tapchicoma thoughts here?

matejdro

comment created time in 13 days

issue commentJLLeitschuh/ktlint-gradle

Ktlint creates tasks eagerly

@JLLeitschuh could you check if this test is enough?

Not at this time, sorry, ktlint-gradle is a bit on the back burner for me at this time. I'm happy to continue to review PRs, but this isn't something I can commit to at this time.

matejdro

comment created time in 13 days

fork JLLeitschuh/refined-github

:octocat: Browser extension that simplifies the GitHub interface and adds useful features

fork in 14 days

issue commentJLLeitschuh/ktlint-gradle

Plugin breaks aar module

Can you provide a build scan and and the output of the error you see?

matejdro

comment created time in 14 days

PullRequestReviewEvent

push eventgradle/gradle

Jonathan Leitschuh

commit sha a94d5fa95c6862ab49a7ed4a39dab047f11fa768

Change Netbeans Link to Netbeans site

view details

push time in 18 days

push eventJLLeitschuh/bulk-security-pr-generator

Jonathan Leitschuh

commit sha aeb3941794bd1cba998c3969362f7ba3293a60c1

Update README.md

view details

push time in 20 days

push eventgradle/wrapper-validation-action

dependabot[bot]

commit sha 19e76703da2bf288ba29d7fc3e27b1fcc532e58d

Bump path-parse from 1.0.6 to 1.0.7 Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. - [Release notes](https://github.com/jbgutierrez/path-parse/releases) - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) --- updated-dependencies: - dependency-name: path-parse dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Jonathan Leitschuh

commit sha 1a5936fd6e65dc46c40e0c15cc7dbbc84c1afe4e

Merge pull request #47 from gradle/dependabot/npm_and_yarn/path-parse-1.0.7

view details

push time in 20 days

delete branch gradle/wrapper-validation-action

delete branch : dependabot/npm_and_yarn/path-parse-1.0.7

delete time in 20 days

PR merged gradle/wrapper-validation-action

Bump path-parse from 1.0.6 to 1.0.7 dependencies

Bumps path-parse from 1.0.6 to 1.0.7. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/jbgutierrez/path-parse/commits/v1.0.7">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in 20 days

issue commentgradle/wrapper-validation-action

Request timeout error for version of Gradle that I never used

How regularly do you see this issue?

eygraber

comment created time in 20 days

issue commentWPIRoboticsProjects/GRIP

Fatal error

Can you send the logs?

richardtan10176

comment created time in 20 days

PullRequestReviewEvent